diff options
522 files changed, 5930 insertions, 4217 deletions
diff --git a/kubernetes/aaf/components/aaf-cert-service/.helmignore b/kubernetes/a1policymanagement/.helmignore index 50af031725..50af031725 100644 --- a/kubernetes/aaf/components/aaf-cert-service/.helmignore +++ b/kubernetes/a1policymanagement/.helmignore diff --git a/kubernetes/a1policymanagement/Chart.yaml b/kubernetes/a1policymanagement/Chart.yaml new file mode 100644 index 0000000000..ba51af4c6c --- /dev/null +++ b/kubernetes/a1policymanagement/Chart.yaml @@ -0,0 +1,21 @@ +################################################################################ +# Copyright (c) 2020 Nordix Foundation. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +appVersion: "1.0.0" +description: A Helm chart for A1 Policy Management Service +name: a1policymanagement +version: 6.0.0 diff --git a/kubernetes/a1policymanagement/requirements.yaml b/kubernetes/a1policymanagement/requirements.yaml new file mode 100644 index 0000000000..f517fbbcc1 --- /dev/null +++ b/kubernetes/a1policymanagement/requirements.yaml @@ -0,0 +1,20 @@ +################################################################################ +# Copyright (c) 2020 Nordix Foundation. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/a1policymanagement/resources/config/application_configuration.json b/kubernetes/a1policymanagement/resources/config/application_configuration.json new file mode 100644 index 0000000000..64c42e6cd1 --- /dev/null +++ b/kubernetes/a1policymanagement/resources/config/application_configuration.json @@ -0,0 +1,39 @@ +{ + "config": { + "controller": [ + { + "name": "controller1", + "baseUrl": "{{ .Values.sdncLink }}", + "userName": "${A1CONTROLLER_USER}", + "password": "${A1CONTROLLER_PASSWORD}" + } + ], + "ric": [ + { + "name": "ric1", + "baseUrl": "{{ .Values.ricLink }}", + "controller": "controller1", + "managedElementIds": [ + "kista_1", + "kista_2" + ] + } + ], + "streams_publishes": { + "dmaap_publisher": { + "type": "message_router", + "dmaap_info": { + "topic_url": "{{ .Values.streamPublish }}" + } + } + }, + "streams_subscribes": { + "dmaap_subscriber": { + "type": "message_router", + "dmaap_info": { + "topic_url": "{{ .Values.streamSubscribe }}" + } + } + } + } +} diff --git a/kubernetes/a1policymanagement/templates/configmap.yaml b/kubernetes/a1policymanagement/templates/configmap.yaml new file mode 100644 index 0000000000..e84beac2ab --- /dev/null +++ b/kubernetes/a1policymanagement/templates/configmap.yaml @@ -0,0 +1,24 @@ +{{/* +################################################################################ +# Copyright (c) 2020 Nordix Foundation. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} + name: {{ include "common.fullname" . }}-policy-conf +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/a1policymanagement/templates/deployment.yaml b/kubernetes/a1policymanagement/templates/deployment.yaml new file mode 100644 index 0000000000..6987bd41c5 --- /dev/null +++ b/kubernetes/a1policymanagement/templates/deployment.yaml @@ -0,0 +1,75 @@ +{{/* +################################################################################ +# Copyright (c) 2020 Nordix Foundation. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +*/}} + +kind: Deployment +apiVersion: apps/v1 +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: {{ index .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: + labels: {{- include "common.labels" . | nindent 8 }} + spec: + initContainers: + - name: {{ include "common.name" . }}-update-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: A1CONTROLLER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }} + - name: A1CONTROLLER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: {{ include "common.fullname" . }}-policy-conf-input + - mountPath: /config + name: config + containers: + - name: {{ include "common.name" . }} + image: {{ include "common.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{ include "common.containerPorts" . | nindent 10 }} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + livenessProbe: + httpGet: + path: /status + port: {{ .Values.liveness.port }} + scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + volumeMounts: + - name: config + mountPath: /opt/app/policy-agent/data + resources: {{ include "common.resources" . | nindent 10 }} + volumes: + - name: {{ include "common.fullname" . }}-policy-conf-input + configMap: + name: {{ include "common.fullname" . }}-policy-conf + - name: config + emptyDir: + medium: Memory diff --git a/kubernetes/a1policymanagement/templates/secrets.yaml b/kubernetes/a1policymanagement/templates/secrets.yaml new file mode 100644 index 0000000000..55e465c373 --- /dev/null +++ b/kubernetes/a1policymanagement/templates/secrets.yaml @@ -0,0 +1,19 @@ +{{/* +################################################################################ +# Copyright (c) 2020 Nordix Foundation. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/a1policymanagement/templates/service.yaml b/kubernetes/a1policymanagement/templates/service.yaml new file mode 100644 index 0000000000..f13c16105b --- /dev/null +++ b/kubernetes/a1policymanagement/templates/service.yaml @@ -0,0 +1,19 @@ +{{/* +################################################################################ +# Copyright (c) 2020 Nordix Foundation. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +*/}} + +{{ include "common.service" . }} diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml new file mode 100644 index 0000000000..ac26f9b575 --- /dev/null +++ b/kubernetes/a1policymanagement/values.yaml @@ -0,0 +1,89 @@ +################################################################################ +# Copyright (c) 2020 Nordix Foundation. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +# Default values for Policy Management Service. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + nodePortPrefix: 300 + envsubstImage: dibi/envsubst + +secrets: + - uid: controller-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.a1controller.credsExternalSecret) . }}' + login: '{{ .Values.a1controller.user }}' + password: '{{ .Values.a1controller.password }}' + passwordPolicy: required + +repository: nexus3.onap.org:10001 +image: onap/ccsdk-oran-a1policymanagementservice:1.1.0 +pullPolicy: IfNotPresent +replicaCount: 1 + +service: + type: NodePort + name: a1policymanagement + both_tls_and_plain: true + ports: + - name: api + port: 8433 + plain_port: 8081 + port_protocol: http + nodePort: '94' + +# SDNC Credentials are used here +a1controller: + user: admin + password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + +sdncLink: https://sdnc.onap:8443 +# Add your own A1 Mediator link. Supports both STD & OSC Version. ex. http://<ip>:<port> +# Alternatively you can also use the A1 simulator available in ORAN. It provides STD & OSC Version for A1 termination. +# Refer source code & run in docker container : https://gerrit.o-ran-sc.org/r/admin/repos/sim/a1-interface +# Refer it/dep repo for k8's deployment: https://gerrit.o-ran-sc.org/r/admin/repos/it/dep +ricLink: +streamPublish: http://message-router:3904/events/A1-POLICY-AGENT-WRITE +streamSubscribe: http://message-router:3904/events/A1-POLICY-AGENT-READ/users/policy-agent?timeout=15000&limit=100 + +liveness: + port: api + initialDelaySeconds: 60 + periodSeconds: 10 +readiness: + port: api + initialDelaySeconds: 60 + periodSeconds: 10 + +#Resource Limit flavor -By Default using small +flavor: small + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 2Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 4Gi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks Binary files differdeleted file mode 100644 index e7da9a7d44..0000000000 --- a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks +++ /dev/null diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks Binary files differdeleted file mode 100644 index f47adb614f..0000000000 --- a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks +++ /dev/null diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12 b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12 Binary files differdeleted file mode 100644 index 9b90af6499..0000000000 --- a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12 +++ /dev/null diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/root.crt b/kubernetes/aaf/components/aaf-cert-service/resources/root.crt deleted file mode 100644 index b5e75dadd6..0000000000 --- a/kubernetes/aaf/components/aaf-cert-service/resources/root.crt +++ /dev/null @@ -1,33 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFnjCCA4agAwIBAgIEDQtWKTANBgkqhkiG9w0BAQwFADB3MQswCQYDVQQGEwJV
-UzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuLUZyYW5jaXNjbzEZ
-MBcGA1UEChMQTGludXgtRm91bmRhdGlvbjENMAsGA1UECxMET05BUDERMA8GA1UE
-AxMIb25hcC5vcmcwHhcNMjAwNzA5MDgwNDE1WhcNMzAwNzA3MDgwNDE1WjB3MQsw
-CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuLUZy
-YW5jaXNjbzEZMBcGA1UEChMQTGludXgtRm91bmRhdGlvbjENMAsGA1UECxMET05B
-UDERMA8GA1UEAxMIb25hcC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
-AoICAQCkxel9G29Hgy9j7cEQ0BGlPrP9s1SF3ADe7f56jTjQd/jFUsN67Da+l9Dt
-vy1yUwPnTr3krpXOHwQKplsuBDMoa0ayRhqUpp6fuSuu/zgGJOQIe7NlJh9FbYfq
-ax0nHO8qtwd+eTUCqkwVfOFZpDFwR7Ss73Z++14Em8TgFiIsTlBV1sa/xRWLT9JL
-Sqnr0tQiUJewO6sCUsis+U7kEf+QCueJAktMxR70rQcAJ2gd/zlnIaoaL4rF+MU8
-xlbEfMK/rxC6jeVm3oJu4ihjDKj1V6PDyEtzjsWQFtM+y6wgd98Kxt+0mHW3mZZ0
-+Ul0fHSE0fRNp8qEMOUKYFbCffWBrMBZaOaUy6FSnnGi8frv7WqJXNiO2lClhsN1
-2yA1HgiorhK9sXjVdwsjTmJhOdvn5sla22+QXrobNflHZHo8JhWHpZ9RbBWAZdaa
-FrEizBoDnkpdaNb2PykYjqPo8D1Y/lOSDOg32wOW50F6bZg3yyQzFe0+PsAPK/u+
-b8THRJhkbXYvcAoDQv785aXoaa0mVg+yAvz6dorchJkViaOvUlNl+DNNKGJb1hWc
-KWLU1SpH7I9QWQYGExFEzsg4Wv2ErGponSoecAm+IM23mn/fhGrwv1r/bl5WR++5
-5nUIAbPysz3yQoMllSsBBOpuSsCLo1KQqQeQxnTwFxLS0Ag2SwIDAQABozIwMDAd
-BgNVHQ4EFgQUff+Pkp90yZtYsNvFGhq6SBdL+f0wDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQwFAAOCAgEAAWzAQxiJb+3WiXnVC0AeQ2GBnj3JNWI13WE1VJ1a
-+hsKAGHk6ACzsGfN0BiGp81Bt/4y+AinWTPI0xnuYqfJHS8/7sEvC7aSzmR0TsuM
-u7xOYCiczoEwlM2YoFt1dRWt+ve6EZgTXzBSm75to7F3HS0dZzRaEKxyOA3ONFHT
-tGgT+u7851qJQvNVwTOt54C7/PZ9Me5y98sosiGbp0USKroJbiMXHzIligp8s1uT
-+Pm581C8YTVHKciR/4fhChu+tx39ZR2p4AoJFjEvgcWqYy+sOyn+Z8sWWLoj3dFk
-xjdpSRLPI771ihGdV2JXwgzN1ei8OvUzrW1a1gLZkZ1ZWtK4rwpJteFh4YW/wuDb
-dKElfqXJITmOEO+uT4cJ5+hGa3rl6asxbEJ6vhy7SZPOzgM1uAjRT1MpBtG/ZPY5
-mOkjzNbjlNsgwJNkuXCi4+3DWNC3QNrIqm825Wdr79TM3kYGfkK/ngargA0z0KYc
-7sF6P0tGo6gLACbx+dO9KFpjBIqVaw9AUwb/IOGm1Yv+QutEISqgDQTKzT0iv2Pt
-eSkR2IzaEvH0VmBnTHoHQwrV7x10cMxhwoA1mRvdt8L+gKC91CbVirIiRGCrJabO
-GiKKZ+pD5kVi9gy7omrjw2kH6Vu4aQGySGBhzpIZ977oO9u+jaTdMHBtladqVvWd
-sIM= ------END CERTIFICATE----- diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks b/kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks Binary files differdeleted file mode 100644 index 90dfcb937c..0000000000 --- a/kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks +++ /dev/null diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml index bf1179d49a..84d69ed127 100644 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml @@ -28,7 +28,7 @@ spec: selector: matchLabels: app: {{ include "common.name" . }} - serviceName: + serviceName: {{ include "common.servicename" . }} template: metadata: labels: diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml index 45bf399437..b50fe7789c 100644 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml @@ -28,7 +28,7 @@ spec: selector: matchLabels: app: {{ include "common.name" . }} - serviceName: + serviceName: {{ include "common.servicename" . }} template: metadata: labels: diff --git a/kubernetes/aaf/components/aaf-sms/templates/job.yaml b/kubernetes/aaf/components/aaf-sms/templates/job.yaml index b3745e1e52..3650990b99 100644 --- a/kubernetes/aaf/components/aaf-sms/templates/job.yaml +++ b/kubernetes/aaf/components/aaf-sms/templates/job.yaml @@ -25,7 +25,6 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: - replicas: {{ .Values.replicaCount }} template: metadata: labels: diff --git a/kubernetes/aaf/components/aaf-sms/values.yaml b/kubernetes/aaf/components/aaf-sms/values.yaml index dccf57ca96..148d10da13 100644 --- a/kubernetes/aaf/components/aaf-sms/values.yaml +++ b/kubernetes/aaf/components/aaf-sms/values.yaml @@ -104,6 +104,11 @@ service: internalPort: 10443 externalPort: 10443 +#define value for aaf-sms-quorumclient subchart +aaf-sms-quorumclient: + service: + name: aaf-sms + persistence: enabled: true volumeReclaimPolicy: Retain diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/deployment.yaml index 53ea99524b..2715120ba9 100644 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/deployment.yaml @@ -17,7 +17,7 @@ {{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}} apiVersion: apps/v1 -kind: StatefulSet +kind: Deployment metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: selector: {{- include "common.selectors" . | nindent 4 }} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml index 23fe79d716..90d18997ac 100644 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml @@ -48,17 +48,16 @@ spec: - name: {{ include "common.fullname" . }}-tpmconfig mountPath: "/abrmd/cred/" readOnly: true - resources: {{ toYaml .Values.resources | nindent 10 }} + resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} - {{- end -}} {{- if .Values.global.tpm.enabled }} {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} {{- end -}} + {{- end -}} {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} - resources: {{ include "common.resources" . | nindent 10 }} volumes: - name: {{ include "common.fullname" . }}-data persistentVolumeClaim: diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml index c6041d124d..c40c6b075a 100644 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml @@ -20,7 +20,6 @@ apiVersion: batch/v1 kind: Job metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - replicas: {{ .Values.replicaCount }} serviceName: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml index 1643c15c5d..021276b06d 100644 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml @@ -20,7 +20,6 @@ apiVersion: batch/v1 kind: Job metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - replicas: {{ .Values.replicaCount }} template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: diff --git a/kubernetes/aaf/requirements.yaml b/kubernetes/aaf/requirements.yaml index ccbe14c7a3..7a7103fc09 100644 --- a/kubernetes/aaf/requirements.yaml +++ b/kubernetes/aaf/requirements.yaml @@ -1,6 +1,7 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # Modifications Copyright © 2020 Orange +# Modifications Copyright © 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,9 +19,6 @@ dependencies: - name: aaf-cass version: ~6.x-0 repository: 'file://components/aaf-cass' - - name: aaf-cert-service - version: ~6.x-0 - repository: 'file://components/aaf-cert-service' - name: aaf-cm version: ~6.x-0 repository: 'file://components/aaf-cm' diff --git a/kubernetes/aaf/values.yaml b/kubernetes/aaf/values.yaml index af42081857..2afdb422cb 100644 --- a/kubernetes/aaf/values.yaml +++ b/kubernetes/aaf/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications © 2020 AT&T +# Modifications Copyright © 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -75,10 +76,6 @@ global: public_port: 31112 # Note: as hello is a sample app, find values in charts/aaf-hello/values.yaml - certServiceClient: - secret: - name: aaf-cert-service-client-tls-secret - ################################################################# # Application configuration defaults. ################################################################# diff --git a/kubernetes/aai b/kubernetes/aai -Subproject 1990a02ce9295df7c94009401c24fa226a10f8e +Subproject 944970742185cccb73110875d1b4ad9f7305337 diff --git a/kubernetes/appc/charts/appc-ansible-server/templates/statefulset.yaml b/kubernetes/appc/charts/appc-ansible-server/templates/statefulset.yaml index 882372e9c7..04d254f1b0 100644 --- a/kubernetes/appc/charts/appc-ansible-server/templates/statefulset.yaml +++ b/kubernetes/appc/charts/appc-ansible-server/templates/statefulset.yaml @@ -23,6 +23,7 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: + serviceName: {{ include "common.servicename" . }} selector: matchLabels: app: {{ include "common.name" . }} diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml index 57ce1e9cea..8b3ce26d52 100644 --- a/kubernetes/appc/values.yaml +++ b/kubernetes/appc/values.yaml @@ -133,6 +133,8 @@ mariadb-galera: dgbuilder: nameOverride: appc-dgbuilder + certInitializer: + nameOverride: appc-dgbuilder-cert-initializer config: db: rootPasswordExternalSecret: '{{ include "common.release" . }}-appc-db-root-pass' diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties index 453f906101..3202b828e5 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties +++ b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties @@ -151,3 +151,9 @@ cdslistener.healthcheck.mapping-service-name-with-service-link=[SDC Listener ser #Actuator properties management.endpoints.web.exposure.include=* management.endpoint.health.show-details=always + +#K8s Plugin properties +#Credentials are placeholders as k8s plugin has not authentication atm +blueprintprocessor.k8s.plugin.username=unused +blueprintprocessor.k8s.plugin.password=unused +blueprintprocessor.k8s.plugin.url=http://multicloud-k8s:9015/ diff --git a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml index f1b00c09f4..b23a1b05c2 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml @@ -61,7 +61,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-blueprintsprocessor:0.7.5 +image: onap/ccsdk-blueprintsprocessor:1.0.0 pullPolicy: Always # flag to enable debugging - application support required @@ -167,21 +167,21 @@ logback: hibernate: INFO onapCcsdkCds: INFO -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi +flavor: small + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 4Gi + unlimited: {} diff --git a/kubernetes/cds/charts/cds-command-executor/values.yaml b/kubernetes/cds/charts/cds-command-executor/values.yaml index 5fcfbc4787..fff3fc7298 100755 --- a/kubernetes/cds/charts/cds-command-executor/values.yaml +++ b/kubernetes/cds/charts/cds-command-executor/values.yaml @@ -39,7 +39,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-commandexecutor:0.7.5 +image: onap/ccsdk-commandexecutor:1.0.0 pullPolicy: Always # application configuration diff --git a/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml b/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml index f9c3377dd8..80c8fca37e 100755 --- a/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml +++ b/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml @@ -51,9 +51,9 @@ spec: - name: AUTH_TYPE value: {{ .Values.config.authType }} - name: API_USERNAME - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "login") | nindent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-credentials" "key" "login") | nindent 12 }} - name: API_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "password") | nindent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-credentials" "key" "password") | nindent 12 }} - name: LOG_FILE value: {{ .Values.config.logFile }} - name: ARTIFACT_MANAGER_PORT diff --git a/kubernetes/cds/charts/cds-py-executor/values.yaml b/kubernetes/cds/charts/cds-py-executor/values.yaml index 6a29b1c80c..6a7f30fdce 100755 --- a/kubernetes/cds/charts/cds-py-executor/values.yaml +++ b/kubernetes/cds/charts/cds-py-executor/values.yaml @@ -37,7 +37,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-py-executor:0.7.5 +image: onap/ccsdk-py-executor:1.0.0 pullPolicy: Always # default number of instances diff --git a/kubernetes/cds/charts/cds-sdc-listener/values.yaml b/kubernetes/cds/charts/cds-sdc-listener/values.yaml index 50462bbed7..102ea0f36c 100644 --- a/kubernetes/cds/charts/cds-sdc-listener/values.yaml +++ b/kubernetes/cds/charts/cds-sdc-listener/values.yaml @@ -36,7 +36,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-sdclistener:0.7.5 +image: onap/ccsdk-sdclistener:1.0.0 name: sdc-listener pullPolicy: Always @@ -88,21 +88,21 @@ logback: hibernate: INFO onapCcsdkCds: INFO -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory -# Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi +flavor: small + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 4Gi + unlimited: {} diff --git a/kubernetes/cds/charts/cds-ui/values.yaml b/kubernetes/cds/charts/cds-ui/values.yaml index da8bf8c871..9fad2aa667 100644 --- a/kubernetes/cds/charts/cds-ui/values.yaml +++ b/kubernetes/cds/charts/cds-ui/values.yaml @@ -26,7 +26,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-cds-ui-server:0.7.5 +image: onap/ccsdk-cds-ui-server:1.0.0 pullPolicy: Always # application configuration diff --git a/kubernetes/clamp/Makefile b/kubernetes/clamp/Makefile new file mode 100644 index 0000000000..248fb056ab --- /dev/null +++ b/kubernetes/clamp/Makefile @@ -0,0 +1,55 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/clamp/components/Makefile b/kubernetes/clamp/components/Makefile new file mode 100644 index 0000000000..acaf7fb683 --- /dev/null +++ b/kubernetes/clamp/components/Makefile @@ -0,0 +1,50 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @:
\ No newline at end of file diff --git a/kubernetes/clamp/charts/clamp-backend/Chart.yaml b/kubernetes/clamp/components/clamp-backend/Chart.yaml index 89117ce205..89117ce205 100644 --- a/kubernetes/clamp/charts/clamp-backend/Chart.yaml +++ b/kubernetes/clamp/components/clamp-backend/Chart.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/requirements.yaml b/kubernetes/clamp/components/clamp-backend/requirements.yaml index caff1e5dc4..08708fba14 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/requirements.yaml +++ b/kubernetes/clamp/components/clamp-backend/requirements.yaml @@ -14,6 +14,6 @@ # limitations under the License. dependencies: - - name: common + - name: certInitializer version: ~6.x-0 - repository: '@local' + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/clamp/components/clamp-backend/resources/config/application.properties b/kubernetes/clamp/components/clamp-backend/resources/config/application.properties new file mode 100644 index 0000000000..b2cee395b9 --- /dev/null +++ b/kubernetes/clamp/components/clamp-backend/resources/config/application.properties @@ -0,0 +1,69 @@ +### +# ============LICENSE_START======================================================= +# ONAP CLAMP +# ================================================================================ +# Copyright (C) 2017-2019 AT&T Intellectual Property. All rights +# reserved. +# ================================================================================ +# Modifications copyright (c) 2019 Nokia +# ================================================================================\ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END============================================ +# =================================================================== +# +### +{{- if .Values.global.aafEnabled }} +server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} +server.ssl.key-store-password=${cadi_keystore_password_p12} +server.ssl.key-password=${cadi_key_password} +server.ssl.key-store-type=PKCS12 +server.ssl.key-alias={{ .Values.certInitializer.fqi }} + +# The key file used to decode the key store and trust store password +# If not defined, the key store and trust store password will not be decrypted +clamp.config.keyFile=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keyFile }} + +## Config part for Client certificates +server.ssl.client-auth=want +server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} +server.ssl.trust-store-password=${cadi_truststore_password} +{{- end }} + +#clds datasource connection details +spring.datasource.username=${MYSQL_USER} +spring.datasource.password=${MYSQL_PASSWORD} +spring.datasource.url=jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3 +spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,legacy-operational-policy,default-dictionary-elements + +#The log folder that will be used in logback.xml file +clamp.config.files.sdcController=file:/opt/clamp/sdc-controllers-config.json + +# +# Configuration Settings for Policy Engine Components +clamp.config.policy.api.url=https4://policy-api.{{ include "common.namespace" . }}:6969 +clamp.config.policy.api.userName=healthcheck +clamp.config.policy.api.password=zb!XztG34 +clamp.config.policy.pap.url=https4://policy-pap.{{ include "common.namespace" . }}:6969 +clamp.config.policy.pap.userName=healthcheck +clamp.config.policy.pap.password=zb!XztG34 + +#DCAE Inventory Url Properties +clamp.config.dcae.inventory.url=https4://inventory.{{ include "common.namespace" . }}:8080 +clamp.config.dcae.dispatcher.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443 +#DCAE Deployment Url Properties +clamp.config.dcae.deployment.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443 +clamp.config.dcae.deployment.userName=none +clamp.config.dcae.deployment.password=none + +#AAF related parameters +clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095
\ No newline at end of file diff --git a/kubernetes/clamp/charts/clamp-backend/resources/config/log/filebeat/filebeat.yml b/kubernetes/clamp/components/clamp-backend/resources/config/log/filebeat/filebeat.yml index dab2e44f5e..dab2e44f5e 100644 --- a/kubernetes/clamp/charts/clamp-backend/resources/config/log/filebeat/filebeat.yml +++ b/kubernetes/clamp/components/clamp-backend/resources/config/log/filebeat/filebeat.yml diff --git a/kubernetes/clamp/charts/clamp-backend/resources/config/sdc-controllers-config.json b/kubernetes/clamp/components/clamp-backend/resources/config/sdc-controllers-config.json index 3adda95c11..3adda95c11 100644 --- a/kubernetes/clamp/charts/clamp-backend/resources/config/sdc-controllers-config.json +++ b/kubernetes/clamp/components/clamp-backend/resources/config/sdc-controllers-config.json diff --git a/kubernetes/clamp/charts/clamp-backend/templates/NOTES.txt b/kubernetes/clamp/components/clamp-backend/templates/NOTES.txt index e36d6a5bfb..e36d6a5bfb 100644 --- a/kubernetes/clamp/charts/clamp-backend/templates/NOTES.txt +++ b/kubernetes/clamp/components/clamp-backend/templates/NOTES.txt diff --git a/kubernetes/clamp/charts/clamp-backend/templates/configmap.yaml b/kubernetes/clamp/components/clamp-backend/templates/configmap.yaml index f66312c741..3fce850140 100644 --- a/kubernetes/clamp/charts/clamp-backend/templates/configmap.yaml +++ b/kubernetes/clamp/components/clamp-backend/templates/configmap.yaml @@ -25,6 +25,5 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} - spring_application_json: {{ tpl .Values.config.springApplicationJson . | quote }} {{ include "common.log.configMap" . }} diff --git a/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml b/kubernetes/clamp/components/clamp-backend/templates/deployment.yaml index f08fd67fc4..f86c636a43 100644 --- a/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml +++ b/kubernetes/clamp/components/clamp-backend/templates/deployment.yaml @@ -39,7 +39,7 @@ spec: - /app/ready.py args: - --container-name - - mariadb + - clamp-mariadb env: - name: NAMESPACE valueFrom: @@ -49,6 +49,7 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: # side car containers {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }} @@ -56,8 +57,19 @@ spec: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + workingDir: "/opt/clamp/" args: - - "" + - -c + - | + export $(grep '^cadi_' {{ .Values.certInitializer.credsPath }}/org.onap.clamp.cred.props | xargs -0) + java -Djava.security.egd=file:/dev/./urandom -Xms256m -Xmx1g -jar ./app.jar + {{- else }} + args: + - "" + {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -74,12 +86,15 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: logs mountPath: {{ .Values.log.path }} - mountPath: /opt/clamp/sdc-controllers-config.json name: {{ include "common.fullname" . }}-config subPath: sdc-controllers-config.json + - mountPath: /opt/clamp/application.properties + name: {{ include "common.fullname" . }}-config + subPath: application.properties env: - name: MYSQL_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} @@ -87,11 +102,6 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} - name: MYSQL_DATABASE value: {{ tpl .Values.db.databaseName .}} - - name: SPRING_APPLICATION_JSON - valueFrom: - configMapKeyRef: - name: {{ template "common.fullname" . }} - key: spring_application_json resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -102,13 +112,15 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} items: - key: sdc-controllers-config.json path: sdc-controllers-config.json + - key: application.properties + path: application.properties - name: logs emptyDir: {} {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }} diff --git a/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml b/kubernetes/clamp/components/clamp-backend/templates/secrets.yaml index 57f88ce32d..57f88ce32d 100644 --- a/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml +++ b/kubernetes/clamp/components/clamp-backend/templates/secrets.yaml diff --git a/kubernetes/clamp/charts/clamp-backend/templates/service.yaml b/kubernetes/clamp/components/clamp-backend/templates/service.yaml index b1a5465116..b1a5465116 100644 --- a/kubernetes/clamp/charts/clamp-backend/templates/service.yaml +++ b/kubernetes/clamp/components/clamp-backend/templates/service.yaml diff --git a/kubernetes/clamp/charts/clamp-backend/values.yaml b/kubernetes/clamp/components/clamp-backend/values.yaml index 7d8e077f59..a6d5ca0b4c 100644 --- a/kubernetes/clamp/charts/clamp-backend/values.yaml +++ b/kubernetes/clamp/components/clamp-backend/values.yaml @@ -21,6 +21,38 @@ global: # global defaults repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ== readinessImage: onap/oom/readiness:3.0.1 persistence: {} + centralizedLoggingEnabled: true + #AAF service + aafEnabled: true + +################################################################# +# AAF part +################################################################# +certInitializer: + permission_user: 1000 + permission_group: 999 + keystoreFile: "org.onap.clamp.p12" + truststoreFile: "org.onap.clamp.trust.jks" + keyFile: "org.onap.clamp.keyfile" + truststoreFileONAP: "truststoreONAPall.jks" + nameOverride: clamp-backend-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: clamp + fqi: clamp@clamp.onap.org + public_fqdn: clamp.onap.org + cadi_longitude: "-72.0" + cadi_latitude: "38.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop; + grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_truststore_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_truststore_password.pwd; + grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_key_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_key_password.pwd; + grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_keystore_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_keystore_password.pwd; + grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_keystore_password_p12=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_keystore_password_p12.pwd; + cd {{ .Values.credsPath }}; + chmod a+rx *; secrets: - uid: db-secret @@ -34,7 +66,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-backend:5.0.7 +image: onap/clamp-backend:5.1.0 pullPolicy: Always # flag to enable debugging - application support required @@ -48,7 +80,12 @@ log: # Application configuration defaults. ################################################################# -db: {} +#####dummy values for db user and password to pass lint!!!####### + +db: + user: dummyclds + password: dummysidnnd83K + databaseName: dummycldsdb4 config: log: @@ -56,26 +93,6 @@ config: logstashPort: 5044 mysqlPassword: strong_pitchou dataRootDir: /dockerdata-nfs - springApplicationJson: > - { - "spring.datasource.username": "${MYSQL_USER}", - "spring.datasource.password": "${MYSQL_PASSWORD}", - "spring.datasource.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3", - "spring.profiles.active": "clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,legacy-operational-policy,default-dictionary-elements", - "clamp.config.files.sdcController": "file:/opt/clamp/sdc-controllers-config.json", - "clamp.config.dcae.inventory.url": "https4://inventory.{{ include "common.namespace" . }}:8080", - "clamp.config.dcae.dispatcher.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443", - "clamp.config.dcae.deployment.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443", - "clamp.config.dcae.deployment.userName": "none", - "clamp.config.dcae.deployment.password": "none", - "clamp.config.policy.api.url": "https4://policy-api.{{ include "common.namespace" . }}:6969", - "clamp.config.policy.api.userName": "healthcheck", - "clamp.config.policy.api.password": "zb!XztG34", - "clamp.config.policy.pap.url": "https4://policy-pap.{{ include "common.namespace" . }}:6969", - "clamp.config.policy.pap.userName": "healthcheck", - "clamp.config.policy.pap.password": "zb!XztG34", - "clamp.config.cadi.aafLocateUrl": "https://aaf-locate.{{ include "common.namespace" . }}:8095" - } # default number of instances replicaCount: 1 diff --git a/kubernetes/clamp/charts/clamp-dash-es/Chart.yaml b/kubernetes/clamp/components/clamp-dash-es/Chart.yaml index b2f8624a4b..b2f8624a4b 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/Chart.yaml +++ b/kubernetes/clamp/components/clamp-dash-es/Chart.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/requirements.yaml b/kubernetes/clamp/components/clamp-dash-es/requirements.yaml index caff1e5dc4..317d5b5d79 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/requirements.yaml +++ b/kubernetes/clamp/components/clamp-dash-es/requirements.yaml @@ -17,3 +17,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml b/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml index 1eb20fce89..9e04d5ae01 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml +++ b/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml @@ -106,14 +106,24 @@ transport.tcp.port: {{.Values.service.externalPort2}} ######## Start OpenDistro for Elasticsearch Security Demo Configuration ######## # WARNING: revise all the lines below before you go into production +{{- if .Values.global.aafEnabled }} +opendistro_security.ssl.transport.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }} +opendistro_security.ssl.transport.pemkey_filepath: {{ .Values.certInitializer.clamp_key }} +opendistro_security.ssl.transport.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }} +opendistro_security.ssl.http.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }} +opendistro_security.ssl.http.pemkey_filepath: {{ .Values.certInitializer.clamp_key }} +opendistro_security.ssl.http.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }} +{{- else }} opendistro_security.ssl.transport.pemcert_filepath: esnode.pem opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem -opendistro_security.ssl.transport.enforce_hostname_verification: false -opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}} opendistro_security.ssl.http.pemcert_filepath: esnode.pem opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem +{{- end }} +opendistro_security.ssl.transport.enforce_hostname_verification: false +opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}} + opendistro_security.allow_unsafe_democertificates: true opendistro_security.allow_default_init_securityindex: true opendistro_security.authcz.admin_dn: diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/configmap.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/configmap.yaml index 20ff6f27c2..20ff6f27c2 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/templates/configmap.yaml +++ b/kubernetes/clamp/components/clamp-dash-es/templates/configmap.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml index 0ec38b08e3..0e37df7ddc 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml +++ b/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml @@ -59,10 +59,22 @@ spec: mountPath: /usr/share/elasticsearch/logs/ - name: {{ include "common.fullname" . }}-data mountPath: /usr/share/elasticsearch/data/ +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_key }} + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_pem }} + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_ca_certs_pem }} + /usr/local/bin/docker-entrypoint.sh + {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} name: {{ include "common.servicename" . }} @@ -85,7 +97,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} env: - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -104,7 +116,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/pv.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/pv.yaml index 3669621b24..3669621b24 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/templates/pv.yaml +++ b/kubernetes/clamp/components/clamp-dash-es/templates/pv.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/pvc.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/pvc.yaml index 6ae4eea0d3..6ae4eea0d3 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/templates/pvc.yaml +++ b/kubernetes/clamp/components/clamp-dash-es/templates/pvc.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/service.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/service.yaml index 292fc31dc3..292fc31dc3 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/templates/service.yaml +++ b/kubernetes/clamp/components/clamp-dash-es/templates/service.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-es/values.yaml b/kubernetes/clamp/components/clamp-dash-es/values.yaml index 27158a6668..04580a0354 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/values.yaml +++ b/kubernetes/clamp/components/clamp-dash-es/values.yaml @@ -20,6 +20,44 @@ global: nodePortPrefix: 302 repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ== persistence: {} + centralizedLoggingEnabled: true + #AAF service + aafEnabled: true + +################################################################# +# AAF part +################################################################# +certInitializer: + permission_user: 1000 + permission_group: 999 + addconfig: true + keystoreFile: "org.onap.clamp.p12" + truststoreFile: "org.onap.clamp.trust.jks" + keyFile: "org.onap.clamp.keyfile" + truststoreFileONAP: "truststoreONAPall.jks" + clamp_key: "org.onap.clamp.crt.key" + clamp_pem: "org.onap.clamp.key.pem" + clamp_ca_certs_pem: "clamp-ca-certs.pem" + nameOverride: clamp-es-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: clamp + fqi: clamp@clamp.onap.org + public_fqdn: clamp.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop; + export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0); + cd {{ .Values.credsPath }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }}; + chmod a+rx *; + flavor: small ################################################################# @@ -32,7 +70,7 @@ busyboxImage: library/busybox:latest # application image repository: nexus3.onap.org:10001 -image: onap/clamp-dashboard-elasticsearch:5.0.3 +image: onap/clamp-dashboard-elasticsearch:5.0.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/Chart.yaml b/kubernetes/clamp/components/clamp-dash-kibana/Chart.yaml index 5d897d96eb..5d897d96eb 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/Chart.yaml +++ b/kubernetes/clamp/components/clamp-dash-kibana/Chart.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-es/requirements.yaml b/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml index caff1e5dc4..317d5b5d79 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/requirements.yaml +++ b/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml @@ -17,3 +17,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml b/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml index db81e3da00..acfb4cc081 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml +++ b/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml @@ -18,9 +18,13 @@ server.host: "0" server.port: {{.Values.service.externalPort}} server.ssl.enabled: {{.Values.config.sslEnabled}} +{{- if .Values.global.aafEnabled }} +server.ssl.certificate: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }} +server.ssl.key: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }} +{{ else }} server.ssl.certificate: {{.Values.config.sslPemCertFilePath}} server.ssl.key: {{.Values.config.sslPemkeyFilePath}} - +{{- end }} # The URL of the Elasticsearch instance to use for all your queries. elasticsearch.hosts: ${elasticsearch_base_url} diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/configmap.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/configmap.yaml index 5d1b32258c..5d1b32258c 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/templates/configmap.yaml +++ b/kubernetes/clamp/components/clamp-dash-kibana/templates/configmap.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml index 0e5f65cabb..d9a3035123 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/templates/deployment.yaml +++ b/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml @@ -49,6 +49,7 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -73,7 +74,7 @@ spec: env: - name: elasticsearch_base_url value: "{{ternary "https" "http" .Values.security.ssl.enabled}}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}" - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -90,7 +91,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/ingress.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml index 443e76b76e..e5d7174e85 100644 --- a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/ingress.yaml +++ b/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml @@ -1,4 +1,4 @@ -# Copyright © 2020 Nordix Foundation +{{/* # Copyright © 2020 Samsung, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,5 +11,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.ingress" . }} diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/service.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/service.yaml index 07d4a8f8ea..07d4a8f8ea 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/templates/service.yaml +++ b/kubernetes/clamp/components/clamp-dash-kibana/templates/service.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml b/kubernetes/clamp/components/clamp-dash-kibana/values.yaml index 11f29570bd..37dae0ffb1 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml +++ b/kubernetes/clamp/components/clamp-dash-kibana/values.yaml @@ -21,6 +21,44 @@ global: repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ== readinessImage: onap/oom/readiness:3.0.1 persistence: {} + centralizedLoggingEnabled: true + #AAF service + aafEnabled: true + +################################################################# +# AAF part +################################################################# +certInitializer: + permission_user: 1000 + permission_group: 999 + addconfig: true + keystoreFile: "org.onap.clamp.p12" + truststoreFile: "org.onap.clamp.trust.jks" + keyFile: "org.onap.clamp.keyfile" + truststoreFileONAP: "truststoreONAPall.jks" + clamp_key: "org.onap.clamp.crt.key" + clamp_pem: "org.onap.clamp.key.pem" + clamp_ca_certs_pem: "clamp-ca-certs.pem" + nameOverride: clamp-kibana-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: clamp + fqi: clamp@clamp.onap.org + public_fqdn: clamp.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop; + export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0); + cd {{ .Values.credsPath }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }}; + chmod a+rx *; + flavor: small ################################################################# @@ -33,7 +71,7 @@ busyboxImage: library/busybox:latest # application image repository: nexus3.onap.org:10001 -image: onap/clamp-dashboard-kibana:5.0.3 +image: onap/clamp-dashboard-kibana:5.0.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/Chart.yaml b/kubernetes/clamp/components/clamp-dash-logstash/Chart.yaml index 9fc0317fd3..9fc0317fd3 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/Chart.yaml +++ b/kubernetes/clamp/components/clamp-dash-logstash/Chart.yaml diff --git a/kubernetes/oof/charts/oof-has/requirements.yaml b/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml index 685abbcc66..317d5b5d79 100755..100644 --- a/kubernetes/oof/charts/oof-has/requirements.yaml +++ b/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T,VMware +# Modifications Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,6 +17,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' - - name: music + - name: certInitializer version: ~6.x-0 - repository: '@local' + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/logstash.yml b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/logstash.yml index cecd5b18c8..cecd5b18c8 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/logstash.yml +++ b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/logstash.yml diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf index c005fcca3e..87c8f06e42 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf +++ b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf @@ -46,7 +46,11 @@ input { request_timeout => 30 schedule => { "every" => "1m" } codec => "plain" +{{- if .Values.global.aafEnabled }} + cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}" +{{- else }} cacert => "/certs.d/aafca.pem" +{{- end }} } } @@ -217,8 +221,13 @@ output { if "error" in [tags] { elasticsearch { + ilm_enabled => false codec => "json" +{{- if .Values.global.aafEnabled }} + cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}" +{{- else }} cacert => "/clamp-cert/ca-certs.pem" +{{- end }} ssl_certificate_verification => false hosts => ["${elasticsearch_base_url}"] user => ["${logstash_user}"] @@ -229,9 +238,14 @@ output { } else if "event-cl-aggs" in [tags] { elasticsearch { + ilm_enabled => false codec => "json" hosts => ["${elasticsearch_base_url}"] +{{- if .Values.global.aafEnabled }} + cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}" +{{- else }} cacert => "/clamp-cert/ca-certs.pem" +{{- end }} ssl_certificate_verification => false user => ["${logstash_user}"] password => ["${logstash_pwd}"] @@ -243,9 +257,14 @@ output { } else { elasticsearch { + ilm_enabled => false codec => "json" hosts => ["${elasticsearch_base_url}"] +{{- if .Values.global.aafEnabled }} + cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}" +{{- else }} cacert => "/clamp-cert/ca-certs.pem" +{{- end }} ssl_certificate_verification => false user => ["${logstash_user}"] password => ["${logstash_pwd}"] diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/templates/configmap.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/configmap.yaml index 4278a6e6d3..4278a6e6d3 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/templates/configmap.yaml +++ b/kubernetes/clamp/components/clamp-dash-logstash/templates/configmap.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml index acd108d2cf..887f722179 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml +++ b/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml @@ -49,6 +49,7 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -91,7 +92,7 @@ spec: periodSeconds: {{ .Values.liveness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} {{ end -}} - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -111,7 +112,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/templates/service.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/service.yaml index 07d4a8f8ea..07d4a8f8ea 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/templates/service.yaml +++ b/kubernetes/clamp/components/clamp-dash-logstash/templates/service.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml b/kubernetes/clamp/components/clamp-dash-logstash/values.yaml index c2a522b1c8..2b3c9f1712 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml +++ b/kubernetes/clamp/components/clamp-dash-logstash/values.yaml @@ -21,6 +21,44 @@ global: repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ== readinessImage: onap/oom/readiness:3.0.1 persistence: {} + centralizedLoggingEnabled: true + #AAF service + aafEnabled: true + +################################################################# +# AAF part +################################################################# +certInitializer: + permission_user: 1000 + permission_group: 999 + addconfig: true + keystoreFile: "org.onap.clamp.p12" + truststoreFile: "org.onap.clamp.trust.jks" + keyFile: "org.onap.clamp.keyfile" + truststoreFileONAP: "truststoreONAPall.jks" + clamp_key: "org.onap.clamp.crt.key" + clamp_pem: "org.onap.clamp.key.pem" + clamp_ca_certs_pem: "clamp-ca-certs.pem" + nameOverride: clamp-logstash-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: clamp + fqi: clamp@clamp.onap.org + public_fqdn: clamp.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop; + export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0); + cd {{ .Values.credsPath }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }}; + chmod a+rx *; + flavor: small ################################################################# @@ -29,7 +67,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-dashboard-logstash:5.0.3 +image: onap/clamp-dashboard-logstash:5.0.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/clamp/charts/mariadb/Chart.yaml b/kubernetes/clamp/components/clamp-mariadb/Chart.yaml index eaad8b8440..91984c1014 100644 --- a/kubernetes/clamp/charts/mariadb/Chart.yaml +++ b/kubernetes/clamp/components/clamp-mariadb/Chart.yaml @@ -15,5 +15,5 @@ apiVersion: v1 description: MariaDB Service -name: mariadb +name: clamp-mariadb version: 6.0.0 diff --git a/kubernetes/clamp/charts/mariadb/NOTES.txt b/kubernetes/clamp/components/clamp-mariadb/NOTES.txt index 1103affff1..1103affff1 100644 --- a/kubernetes/clamp/charts/mariadb/NOTES.txt +++ b/kubernetes/clamp/components/clamp-mariadb/NOTES.txt diff --git a/kubernetes/portal/components/portal-zookeeper/requirements.yaml b/kubernetes/clamp/components/clamp-mariadb/requirements.yaml index c5d7864b9d..9b96d0cfc4 100644 --- a/kubernetes/portal/components/portal-zookeeper/requirements.yaml +++ b/kubernetes/clamp/components/clamp-mariadb/requirements.yaml @@ -15,4 +15,4 @@ dependencies: - name: common version: ~6.x-0 - repository: '@local' + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh b/kubernetes/clamp/components/clamp-mariadb/resources/config/init/docker-entrypoint.sh index 6c69694011..71f32e2eff 100755 --- a/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh +++ b/kubernetes/clamp/components/clamp-mariadb/resources/config/init/docker-entrypoint.sh @@ -18,6 +18,11 @@ for arg; do esac done +prepare_password() +{ + echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g" +} + # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of @@ -36,7 +41,7 @@ file_env() { elif [ "${!fileVar:-}" ]; then val="$(< "${!fileVar}")" fi - val=`echo -n $val | sed -e "s/'/''/g"` + val=`prepare_password $val` export "$var"="$val" unset "$fileVar" } diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/conf.d/conf1/my.cnf b/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/conf.d/conf1/my.cnf index 612590cc6b..612590cc6b 100644 --- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/conf.d/conf1/my.cnf +++ b/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/conf.d/conf1/my.cnf diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql b/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql index 1f153bce04..1f153bce04 100644 --- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql +++ b/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql diff --git a/kubernetes/clamp/charts/mariadb/templates/NOTES.txt b/kubernetes/clamp/components/clamp-mariadb/templates/NOTES.txt index 1103affff1..1103affff1 100644 --- a/kubernetes/clamp/charts/mariadb/templates/NOTES.txt +++ b/kubernetes/clamp/components/clamp-mariadb/templates/NOTES.txt diff --git a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/configmap.yaml index 01420aa97b..01420aa97b 100644 --- a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml +++ b/kubernetes/clamp/components/clamp-mariadb/templates/configmap.yaml diff --git a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/deployment.yaml index 7d6e162813..7d6e162813 100644 --- a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml +++ b/kubernetes/clamp/components/clamp-mariadb/templates/deployment.yaml diff --git a/kubernetes/clamp/charts/mariadb/templates/pv.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/pv.yaml index 424987936d..424987936d 100644 --- a/kubernetes/clamp/charts/mariadb/templates/pv.yaml +++ b/kubernetes/clamp/components/clamp-mariadb/templates/pv.yaml diff --git a/kubernetes/clamp/charts/mariadb/templates/pvc.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/pvc.yaml index 6856c80540..6856c80540 100644 --- a/kubernetes/clamp/charts/mariadb/templates/pvc.yaml +++ b/kubernetes/clamp/components/clamp-mariadb/templates/pvc.yaml diff --git a/kubernetes/clamp/charts/mariadb/templates/secrets.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/secrets.yaml index 57f88ce32d..57f88ce32d 100644 --- a/kubernetes/clamp/charts/mariadb/templates/secrets.yaml +++ b/kubernetes/clamp/components/clamp-mariadb/templates/secrets.yaml diff --git a/kubernetes/clamp/charts/mariadb/templates/service.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/service.yaml index 2533c26161..2533c26161 100644 --- a/kubernetes/clamp/charts/mariadb/templates/service.yaml +++ b/kubernetes/clamp/components/clamp-mariadb/templates/service.yaml diff --git a/kubernetes/clamp/charts/mariadb/values.yaml b/kubernetes/clamp/components/clamp-mariadb/values.yaml index 2a90e8480c..492145ae07 100644 --- a/kubernetes/clamp/charts/mariadb/values.yaml +++ b/kubernetes/clamp/components/clamp-mariadb/values.yaml @@ -22,7 +22,7 @@ global: # global defaults persistence: {} # application image repository: docker.io -image: mariadb:10.3.12 +image: mariadb:10.5.4 pullPolicy: Always flavor: small ################################################################# @@ -40,7 +40,11 @@ secrets: password: '{{ .Values.db.password }}' # Application configuration -db: {} +# dummy value db user pasword to pass lint!!! +db: + user: dummy-clds + password: dummy-sidnnd83K + databaseName: dummy-cldsdb4 # default number of instances replicaCount: 1 diff --git a/kubernetes/clamp/requirements.yaml b/kubernetes/clamp/requirements.yaml index d3c442d32e..dd93eaca2d 100644 --- a/kubernetes/clamp/requirements.yaml +++ b/kubernetes/clamp/requirements.yaml @@ -14,9 +14,21 @@ # limitations under the License. dependencies: - - name: common + - name: certInitializer version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) repository: '@local' + - name: clamp-mariadb + version: ~6.x-0 + repository: 'file://components/clamp-mariadb' + - name: clamp-backend + version: ~6.x-0 + repository: 'file://components/clamp-backend' + - name: clamp-dash-es + version: ~6.x-0 + repository: 'file://components/clamp-dash-es' + - name: clamp-dash-logstash + version: ~6.x-0 + repository: 'file://components/clamp-dash-logstash' + - name: clamp-dash-kibana + version: ~6.x-0 + repository: 'file://components/clamp-dash-kibana'
\ No newline at end of file diff --git a/kubernetes/clamp/resources/config/default.conf b/kubernetes/clamp/resources/config/default.conf index 84beff8d5a..3e6fde9d0d 100644 --- a/kubernetes/clamp/resources/config/default.conf +++ b/kubernetes/clamp/resources/config/default.conf @@ -2,8 +2,14 @@ server { listen 2443 default ssl; ssl_protocols TLSv1.2; + {{ if .Values.global.aafEnabled }} + ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}}; + ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}}; + {{ else }} ssl_certificate /etc/ssl/clamp.pem; ssl_certificate_key /etc/ssl/clamp.key; + {{ end }} + ssl_verify_client optional_no_ca; location /restservices/clds/ { proxy_pass https://clamp-backend:443; diff --git a/kubernetes/clamp/templates/deployment.yaml b/kubernetes/clamp/templates/deployment.yaml index d64a218985..b10d9d7926 100644 --- a/kubernetes/clamp/templates/deployment.yaml +++ b/kubernetes/clamp/templates/deployment.yaml @@ -49,6 +49,7 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness +{{ include "common.certInitializer.initContainer" . | nindent 6 }} containers: # side car containers {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }} @@ -72,7 +73,7 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: logs mountPath: {{ .Values.log.path }} - mountPath: /etc/nginx/conf.d/default.conf @@ -88,7 +89,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml index 49fd98d27b..d180fbf729 100644 --- a/kubernetes/clamp/values.yaml +++ b/kubernetes/clamp/values.yaml @@ -21,7 +21,43 @@ global: # global defaults readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 - centralizedLoggingEnabled: false + centralizedLoggingEnabled: true + #AAF service + aafEnabled: true + +################################################################# +# AAF part +################################################################# +certInitializer: + permission_user: 1000 + permission_group: 999 + addconfig: true + keystoreFile: "org.onap.clamp.p12" + truststoreFile: "org.onap.clamp.trust.jks" + keyFile: "org.onap.clamp.keyfile" + truststoreFileONAP: "truststoreONAPall.jks" + clamp_key: "clamp.key" + clamp_pem: "clamp.pem" + clamp_ca_certs_pem: "clamp-ca-certs.pem" + nameOverride: clamp-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: clamp + fqi: clamp@clamp.onap.org + public_fqdn: clamp.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop; + export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0); + cd {{ .Values.credsPath }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }}; + chmod a+rx *; secrets: - uid: db-root-pass @@ -44,7 +80,7 @@ clamp-backend: db: userCredsExternalSecret: *dbUserPass databaseName: *dbName -mariadb: +clamp-mariadb: db: rootCredsExternalSecret: *dbRootPass userCredsExternalSecret: *dbUserPass @@ -57,7 +93,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-frontend:5.0.7 +image: onap/clamp-frontend:5.1.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/common/Makefile b/kubernetes/common/Makefile index 941c2f84df..0e923b7a75 100644 --- a/kubernetes/common/Makefile +++ b/kubernetes/common/Makefile @@ -22,6 +22,8 @@ COMMON_CHARTS_DIR := common EXCLUDES := HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") + .PHONY: $(EXCLUDES) $(HELM_CHARTS) all: $(COMMON_CHARTS_DIR) $(HELM_CHARTS) @@ -41,7 +43,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/common/cassandra/templates/pv.yaml b/kubernetes/common/cassandra/templates/pv.yaml index 76a224ab5f..a0d998cd07 100644 --- a/kubernetes/common/cassandra/templates/pv.yaml +++ b/kubernetes/common/cassandra/templates/pv.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.replicaPV" . }} diff --git a/kubernetes/common/cassandra/templates/service.yaml b/kubernetes/common/cassandra/templates/service.yaml index 0b91076f82..8934d41c33 100644 --- a/kubernetes/common/cassandra/templates/service.yaml +++ b/kubernetes/common/cassandra/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, AT&T, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.headlessService" . }} diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml index 96139ce988..2bcafd9ade 100644 --- a/kubernetes/common/cassandra/templates/statefulset.yaml +++ b/kubernetes/common/cassandra/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, AT&T, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml index c453f11c85..6734e0be81 100644 --- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml +++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml @@ -144,7 +144,7 @@ {{- define "common.certInitializer._volumeMount" -}} {{- $dot := default . .dot -}} {{- $initRoot := default $dot.Values.certInitializer .initRoot -}} -- mountPath: {{ $initRoot.mountPath }} +- mountPath: {{ $initRoot.appMountPath }} name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }} {{- end -}} diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml index 271e410069..642fe7799b 100644 --- a/kubernetes/common/certInitializer/values.yaml +++ b/kubernetes/common/certInitializer/values.yaml @@ -51,6 +51,7 @@ cadi_latitude: "38.0" cadi_longitude: "-72.0" aaf_add_config: "" mountPath: "/opt/app/osaaf" +appMountPath: "/opt/app/osaaf" importCustomCertsEnabled: false truststoreMountpath: "" truststoreOutputFileName: truststore.jks diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml index cf866571c7..f6feee6e06 100644 --- a/kubernetes/common/cmpv2Config/values.yaml +++ b/kubernetes/common/cmpv2Config/values.yaml @@ -12,9 +12,10 @@ # See the License for the specific language governing permissions and # limitations under the License. global: - aaf: + platform: certServiceClient: - image: onap/org.onap.aaf.certservice.aaf-certservice-client:1.2.0 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0 + secretName: oom-cert-service-client-tls-secret envVariables: # Certificate related cmpv2Organization: "Linux-Foundation" @@ -23,7 +24,10 @@ global: cmpv2State: "California" cmpv2Country: "US" # Client configuration related - requestURL: "https://aaf-cert-service:8443/v1/certificate/" + requestURL: "https://oom-cert-service:8443/v1/certificate/" requestTimeout: "30000" keystorePassword: "secret" truststorePassword: "secret" + certPostProcessor: + image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.1.0 + diff --git a/kubernetes/common/common/templates/_aafconfig.tpl b/kubernetes/common/common/templates/_aafconfig.tpl index afc402f648..b1021ab9d7 100644 --- a/kubernetes/common/common/templates/_aafconfig.tpl +++ b/kubernetes/common/common/templates/_aafconfig.tpl @@ -117,9 +117,9 @@ - name: aaf_locator_app_ns value: "{{ $aafRoot.app_ns }}" - name: DEPLOY_FQI - {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "login") | indent 6 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "login") | indent 6 }} - name: DEPLOY_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "password") | indent 6 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "password") | indent 6 }} #Note: want to put this on Nodes, eventually - name: cadi_longitude value: "{{ default "52.3" $aafRoot.cadi_longitude }}" diff --git a/kubernetes/common/common/templates/_createPassword.tpl b/kubernetes/common/common/templates/_createPassword.tpl index 8b2f1e274d..bfd0999e16 100644 --- a/kubernetes/common/common/templates/_createPassword.tpl +++ b/kubernetes/common/common/templates/_createPassword.tpl @@ -32,11 +32,26 @@ {{ else if eq "testRelease" (include "common.release" .) }} {{/* Special case for chart liniting. DON"T NAME YOUR PRODUCTION RELEASE testRelease */}} {{- printf "testRelease" -}} + {{ else if eq "test-release" .Release.Name }} + {{/* Special case for chart linting in helm3. DON"T NAME YOUR PRODUCTION RELEASE test-release */}} + {{- printf "testRelease" -}} {{ else }} {{ fail "masterPassword not provided" }} {{ end }} {{- end -}} +{{- define "common._defaultPasswordStrength" -}} + {{ if .Values.passwordStrengthOverride }} + {{- printf "%s" .Values.passwordStrengthOverride -}} + {{ else if .Values.global.passwordStrength }} + {{- printf "%s" .Values.global.passwordStrength -}} + {{ else if .Values.passwordStrength }} + {{- printf "%s" .Values.passwordStrength -}} + {{ else }} + {{- printf "long" }} + {{ end }} +{{- end -}} + {{/* Generate a new password based on masterPassword. The new password is not random, it is derived from masterPassword, fully qualified chart name and @@ -59,7 +74,8 @@ {{- define "common.createPassword" -}} {{- $dot := default . .dot -}} {{- $uid := default "onap" .uid -}} - {{- $strength := default "long" .strength -}} + {{- $defaultStrength := include "common._defaultPasswordStrength" $dot | trim -}} + {{- $strength := default $defaultStrength .strength -}} {{- $mp := include "common.masterPassword" $dot -}} {{- derivePassword 1 $strength $mp (include "common.fullname" $dot) $uid -}} {{- end -}} diff --git a/kubernetes/common/common/templates/_name.tpl b/kubernetes/common/common/templates/_name.tpl index e918cc1dd8..adbe2b6cf9 100644 --- a/kubernetes/common/common/templates/_name.tpl +++ b/kubernetes/common/common/templates/_name.tpl @@ -51,6 +51,11 @@ {{- $dot := default . .dot -}} {{- $suffix := default "" .suffix -}} {{- $name := default $dot.Chart.Name $dot.Values.nameOverride -}} + {{/* when linted, the name must be lower cased. When used from a component, + name should be overriden in order to avoid collision so no need to do it */}} + {{- if eq (printf "common/%s/templates" $name) $dot.Template.BasePath -}} + {{- $name = lower $name -}} + {{- end -}} {{- include "common.fullnameExplicit" (dict "dot" $dot "chartName" $name "suffix" $suffix) }} {{- end -}} diff --git a/kubernetes/common/common/templates/_secret.tpl b/kubernetes/common/common/templates/_secret.tpl index 990c476f29..2490debffb 100644 --- a/kubernetes/common/common/templates/_secret.tpl +++ b/kubernetes/common/common/templates/_secret.tpl @@ -137,6 +137,10 @@ type: Opaque {{- $uid := (default "" .uid) }} {{- $name := (default "" .name) }} {{- $fullname := ne (default "" .chartName) "" | ternary (include "common.fullnameExplicit" (dict "dot" $global "chartName" .chartName)) (include "common.fullname" $global) }} + {{- if eq "test-release" $global.Release.Name -}} + {{/* Special case for chart liniting in helm3. DON"T NAME YOUR PRODUCTION RELEASE test-release */}} + {{- $uid = lower $uid -}} + {{- end -}} {{- default (printf "%s-%s" $fullname $uid) $name }} {{- end -}} diff --git a/kubernetes/common/dgbuilder/requirements.yaml b/kubernetes/common/dgbuilder/requirements.yaml index 4735901dfa..cf305d4bc9 100644 --- a/kubernetes/common/dgbuilder/requirements.yaml +++ b/kubernetes/common/dgbuilder/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: 'file://../common' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/common/dgbuilder/resources/config/customSettings.js b/kubernetes/common/dgbuilder/resources/config/customSettings.js index 42c2e5728b..b6a1a8636a 100644 --- a/kubernetes/common/dgbuilder/resources/config/customSettings.js +++ b/kubernetes/common/dgbuilder/resources/config/customSettings.js @@ -54,6 +54,8 @@ module.exports={ }, "uiHost": "0.0.0.0", "version": "0.9.1", - "performGitPull": "N", - "enableHttps" : true + {{ if .Values.global.aafEnabled }} + "enableHttps" : true, + {{ end }} + "performGitPull": "N" } diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml index 1c32e12204..ec088e9274 100644 --- a/kubernetes/common/dgbuilder/templates/deployment.yaml +++ b/kubernetes/common/dgbuilder/templates/deployment.yaml @@ -70,6 +70,7 @@ spec: image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config +{{ include "common.certInitializer.initContainer" . | indent 6 }} - command: - /app/ready.py args: @@ -89,7 +90,7 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/bin/bash"] - args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && ./start.sh sdnc1.0 && wait"] + args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && {{ if .Values.global.aafEnabled}} cp /opt/app/osaaf/local/node-*.pem certs && {{end}}./start.sh sdnc1.0 && wait"] ports: - containerPort: {{ .Values.service.internalPort }} readinessProbe: @@ -101,6 +102,7 @@ spec: - name: SDNC_CONFIG_DIR value: /opt/onap/sdnc/data/properties volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -127,6 +129,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: +{{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/common/dgbuilder/templates/ingress.yaml b/kubernetes/common/dgbuilder/templates/ingress.yaml index 0cd8cfbd36..4392308e38 100644 --- a/kubernetes/common/dgbuilder/templates/ingress.yaml +++ b/kubernetes/common/dgbuilder/templates/ingress.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,5 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +*/}} {{ include "common.ingress" . }} diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml index a7e6e24265..6d1412ee39 100644 --- a/kubernetes/common/dgbuilder/values.yaml +++ b/kubernetes/common/dgbuilder/values.yaml @@ -83,7 +83,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-dgbuilder-image:0.7.4 +image: onap/ccsdk-dgbuilder-image:1.0.1 pullPolicy: Always # flag to enable debugging - application support required @@ -158,21 +158,45 @@ ingress: config: ssl: "redirect" -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi + # dependency / sub-chart configuration +certInitializer: + nameOverride: dgbuilder-cert-initializer + truststoreMountpath: /opt/onap/ccsdk/dgbuilder/certs + fqdn: "sdnc" + app_ns: "org.osaaf.aaf" + fqi: "sdnc@sdnc.onap.org" + fqi_namespace: org.onap.sdnc + public_fqdn: "dgbuilder.onap.org" + aafDeployFqi: "deployer@people.osaaf.org" + aafDeployPass: demo123456! + cadi_latitude: "38.0" + cadi_longitude: "-72.0" + credsPath: /opt/app/osaaf/local + aaf_add_config: > + cd /opt/app/osaaf/local; + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1 ; + cp {{ .Values.fqi_namespace }}.crt node-cert.pem; + cp {{ .Values.fqi_namespace }}.key node-key.pem; + chmod go+r node-*.pem + +#Resource Limit flavor -By Default using small +flavor: small +#segregation for different envionment (Small and Large) + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 2Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 4Gi + unlimited: {} + diff --git a/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml index 7e73420e13..583c2d7429 100644 --- a/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml +++ b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.enabled }} {{- range $kind, $enabled := .Values.hooks }} {{- if $enabled }} @@ -45,7 +47,7 @@ spec: {{- end }} containers: - name: {{ template "common.fullname" . }}-curator - image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + image: {{printf "%s/%s" (include "common.repository" .) .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: config-volume diff --git a/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml b/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml index dc2a430922..2af57aae77 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.enabled }} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml index 901c0a5c06..b9e2c05d1a 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.enabled }} {{ $role := "curator" -}} {{ $suffix := $role -}} @@ -74,7 +76,7 @@ spec: {{- end }} containers: - name: {{ template "common.fullname" . }}-curator - image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + image: {{printf "%s/%s" (include "common.repository" .) .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: config-volume diff --git a/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml b/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml index 6fe032d818..628cdd1d73 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if and .Values.enabled .Values.psp.create }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy diff --git a/kubernetes/common/elasticsearch/components/curator/templates/role.yaml b/kubernetes/common/elasticsearch/components/curator/templates/role.yaml index 0d189f448b..f124a44c85 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/role.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/role.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if and .Values.enabled .Values.rbac.enabled }} kind: Role apiVersion: rbac.authorization.k8s.io/v1 diff --git a/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml b/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml index b112468dc3..f10b14231f 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if and .Values.enabled .Values.rbac.enabled }} kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml index 0bd4ae0999..a1732cfedc 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if and .Values.enabled .Values.serviceAccount.create .Values.rbac.enabled }} apiVersion: v1 kind: ServiceAccount diff --git a/kubernetes/common/elasticsearch/components/curator/values.yaml b/kubernetes/common/elasticsearch/components/curator/values.yaml index 5e0d9668d3..addd52867e 100644 --- a/kubernetes/common/elasticsearch/components/curator/values.yaml +++ b/kubernetes/common/elasticsearch/components/curator/values.yaml @@ -31,16 +31,14 @@ repositoryOverride: docker.io ## enabled: false name: curator -image: - imageName: bitnami/elasticsearch-curator - tag: 5.8.1-debian-9-r74 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName +image: bitnami/elasticsearch-curator:5.8.1-debian-9-r74 +pullPolicy: IfNotPresent +## Optionally specify an array of imagePullSecrets. +## Secrets must be manually created in the namespace. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +## +# pullSecrets: +# - myRegistryKeySecretName service: port: 9200 cronjob: diff --git a/kubernetes/common/elasticsearch/components/data/templates/pv.yaml b/kubernetes/common/elasticsearch/components/data/templates/pv.yaml index c713ec81ac..133984c800 100644 --- a/kubernetes/common/elasticsearch/components/data/templates/pv.yaml +++ b/kubernetes/common/elasticsearch/components/data/templates/pv.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}} diff --git a/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml index 2ac3880886..4a8ef08946 100644 --- a/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml +++ b/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount diff --git a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml index e1a56e3e14..98d533d4e2 100644 --- a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml +++ b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet {{ $role := "data" -}} @@ -86,7 +88,7 @@ spec: {{- end }} containers: - name: {{ include "common.name" . }}-data - image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + image: {{ printf "%s/%s" (include "common.repository" .) .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} {{- if .Values.securityContext.enabled }} securityContext: @@ -94,7 +96,7 @@ spec: {{- end }} env: - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} + value: {{ ternary "true" "false" .Values.debug | quote }} - name: ELASTICSEARCH_CLUSTER_NAME value: {{include "elasticsearch.clustername" .}} - name: ELASTICSEARCH_CLUSTER_HOSTS diff --git a/kubernetes/common/elasticsearch/components/data/values.yaml b/kubernetes/common/elasticsearch/components/data/values.yaml index cfb7f51da3..a9e3d78ac1 100644 --- a/kubernetes/common/elasticsearch/components/data/values.yaml +++ b/kubernetes/common/elasticsearch/components/data/values.yaml @@ -46,24 +46,22 @@ service: - name: http-transport port: 9300 -image: - imageName: bitnami/elasticsearch - tag: 6.8.6-debian-9-r23 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Set to true if you would like to see extra information on logs - ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging - ## - debug: false +image: bitnami/elasticsearch:7.6.1 +## Specify a imagePullPolicy +## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' +## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images +## +pullPolicy: IfNotPresent +## Optionally specify an array of imagePullSecrets. +## Secrets must be manually created in the namespace. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +## +# pullSecrets: +# - myRegistryKeySecretName +## Set to true if you would like to see extra information on logs +## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging +## +debug: false ## updateStrategy for ElasticSearch Data statefulset diff --git a/kubernetes/common/elasticsearch/components/master/templates/pv.yaml b/kubernetes/common/elasticsearch/components/master/templates/pv.yaml index c713ec81ac..133984c800 100644 --- a/kubernetes/common/elasticsearch/components/master/templates/pv.yaml +++ b/kubernetes/common/elasticsearch/components/master/templates/pv.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}} diff --git a/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml index 05a3af37f2..323b9fc318 100644 --- a/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml +++ b/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.serviceAccount.create }} diff --git a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml index 1b5e305f25..6744f75f26 100644 --- a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml +++ b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet @@ -84,7 +86,7 @@ spec: {{- end }} containers: - name: {{ include "common.name" . }}-master - image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + image: {{ printf "%s/%s" (include "common.repository" .) .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} {{- if .Values.securityContext.enabled }} securityContext: @@ -92,7 +94,7 @@ spec: {{- end }} env: - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} + value: {{ ternary "true" "false" .Values.debug | quote }} - name: ELASTICSEARCH_CLUSTER_NAME value: {{ include "elasticsearch.clustername" . }} - name: ELASTICSEARCH_CLUSTER_HOSTS diff --git a/kubernetes/common/elasticsearch/components/master/templates/svc.yaml b/kubernetes/common/elasticsearch/components/master/templates/svc.yaml index 8d66ef082e..ca94e242a4 100644 --- a/kubernetes/common/elasticsearch/components/master/templates/svc.yaml +++ b/kubernetes/common/elasticsearch/components/master/templates/svc.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,9 +12,10 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ $role := "master" -}} {{ $labels := (dict "role" $role) -}} {{ $matchLabels := (dict "role" $role) }} -{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }}
\ No newline at end of file +{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }} diff --git a/kubernetes/common/elasticsearch/components/master/values.yaml b/kubernetes/common/elasticsearch/components/master/values.yaml index 2862692eef..23302335ea 100644 --- a/kubernetes/common/elasticsearch/components/master/values.yaml +++ b/kubernetes/common/elasticsearch/components/master/values.yaml @@ -43,24 +43,22 @@ replicaCount: 3 ## master acts as master only node, choose 'no' if no further data nodes are deployed) dedicatednode: "yes" ## dedicatednode: "no" -image: - imageName: bitnami/elasticsearch - tag: 6.8.6-debian-9-r23 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Set to true if you would like to see extra information on logs - ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging - ## - debug: false +image: bitnami/elasticsearch:7.6.1 +## Specify a imagePullPolicy +## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' +## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images +## +pullPolicy: IfNotPresent +## Optionally specify an array of imagePullSecrets. +## Secrets must be manually created in the namespace. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +## +# pullSecrets: +# - myRegistryKeySecretName +## Set to true if you would like to see extra information on logs +## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging +## +debug: false ## String to partially override common.fullname template (will maintain the release name) ## diff --git a/kubernetes/common/elasticsearch/templates/_helpers.tpl b/kubernetes/common/elasticsearch/templates/_helpers.tpl index fdbe82f855..6e745bd560 100644 --- a/kubernetes/common/elasticsearch/templates/_helpers.tpl +++ b/kubernetes/common/elasticsearch/templates/_helpers.tpl @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. diff --git a/kubernetes/common/elasticsearch/templates/configmap-es.yaml b/kubernetes/common/elasticsearch/templates/configmap-es.yaml index 38234da0cf..7138e4e094 100644 --- a/kubernetes/common/elasticsearch/templates/configmap-es.yaml +++ b/kubernetes/common/elasticsearch/templates/configmap-es.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.config }} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml index 1ab5b59855..cf9ef73e52 100644 --- a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml +++ b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment {{ $role := "coordinating-only" -}} @@ -85,7 +87,7 @@ spec: {{- include "common.certInitializer.volumeMount" . | nindent 10 }} - name: {{ include "common.name" . }}-elasticsearch - image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + image: {{ printf "%s/%s" (include "common.repository" .) .Values.image }} {{- if .Values.securityContext.enabled }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} securityContext: @@ -93,7 +95,7 @@ spec: {{- end }} env: - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} + value: {{ ternary "true" "false" .Values.debug | quote }} - name: ELASTICSEARCH_CLUSTER_NAME value: {{ include "elasticsearch.clustername" .}} - name: ELASTICSEARCH_CLUSTER_HOSTS diff --git a/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml b/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml index 610c7d68c1..d7fd447846 100644 --- a/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml +++ b/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ $role := "coordinating-only" -}} {{ $labels := (dict "role" $role) -}} diff --git a/kubernetes/common/elasticsearch/templates/discovery-svc.yaml b/kubernetes/common/elasticsearch/templates/discovery-svc.yaml index fa79c29eca..9750be7b80 100644 --- a/kubernetes/common/elasticsearch/templates/discovery-svc.yaml +++ b/kubernetes/common/elasticsearch/templates/discovery-svc.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- $matchLabels := (dict "discovery" (include "elasticsearch.clustername" .) "nameNoMatch" "useDiscoveryService") }} {{ include "common.headlessService" (dict "matchLabels" $matchLabels "dot" .) }} diff --git a/kubernetes/common/elasticsearch/templates/secrets.yaml b/kubernetes/common/elasticsearch/templates/secrets.yaml index 359e8975e1..b8cd0686c4 100644 --- a/kubernetes/common/elasticsearch/templates/secrets.yaml +++ b/kubernetes/common/elasticsearch/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada # Copyright © 2019 Samsung Electronics # @@ -12,4 +13,5 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/common/elasticsearch/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/templates/serviceaccount.yaml index 49ad504da6..a9b54882f1 100644 --- a/kubernetes/common/elasticsearch/templates/serviceaccount.yaml +++ b/kubernetes/common/elasticsearch/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount diff --git a/kubernetes/common/elasticsearch/values.yaml b/kubernetes/common/elasticsearch/values.yaml index f8b3be5c8f..31edcabfa1 100644 --- a/kubernetes/common/elasticsearch/values.yaml +++ b/kubernetes/common/elasticsearch/values.yaml @@ -40,24 +40,22 @@ sysctlImage: enabled: true # application image -image: - imageName: bitnami/elasticsearch - tag: 6.8.6-debian-9-r23 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Set to true if you would like to see extra information on logs - ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging - ## - debug: false +image: bitnami/elasticsearch:7.6.1 +## Specify a imagePullPolicy +## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' +## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images +## +pullPolicy: IfNotPresent +## Optionally specify an array of imagePullSecrets. +## Secrets must be manually created in the namespace. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +## +# pullSecrets: +# - myRegistryKeySecretName +## Set to true if you would like to see extra information on logs +## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging +## +debug: false ## String to partially override common.fullname template (will maintain the release name) ## diff --git a/kubernetes/common/etcd/templates/pv.yaml b/kubernetes/common/etcd/templates/pv.yaml index ed1344d4c1..ac5b7b975d 100644 --- a/kubernetes/common/etcd/templates/pv.yaml +++ b/kubernetes/common/etcd/templates/pv.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- $global := . }} {{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} diff --git a/kubernetes/common/etcd/templates/service.yaml b/kubernetes/common/etcd/templates/service.yaml index 4268dd6d2c..04fc93af00 100644 --- a/kubernetes/common/etcd/templates/service.yaml +++ b/kubernetes/common/etcd/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright 2019 Intel Corporation Inc # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml index fcab51cb59..c45648f757 100644 --- a/kubernetes/common/etcd/templates/statefulset.yaml +++ b/kubernetes/common/etcd/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Intel Corporation Inc # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet metadata: diff --git a/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh index 42c5c89726..678761736a 100755 --- a/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh +++ b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh @@ -32,8 +32,9 @@ if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql fi -function prepare_password { - echo -n $1 | sed -e "s/'/''/g" +prepare_password() +{ + echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g" } mysql_root_password=`prepare_password $MYSQL_ROOT_PASSWORD` diff --git a/kubernetes/common/mariadb-init/templates/_mariadb.tpl b/kubernetes/common/mariadb-init/templates/_mariadb.tpl index af9a4f5f02..5563fe714d 100644 --- a/kubernetes/common/mariadb-init/templates/_mariadb.tpl +++ b/kubernetes/common/mariadb-init/templates/_mariadb.tpl @@ -1,5 +1,6 @@ {{/* # Copyright © 2019 Orange +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,3 +21,15 @@ {{- define "mariadbInit.mariadbClusterSecret" -}} {{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride)) -}} {{- end -}} + +{{- define "mariadbInit._updateSecrets" -}} + {{- if not .Values.secretsUpdated }} + {{- $global := . }} + {{- range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }} + {{- $item := dict "uid" $db "type" "basicAuth" "externalSecret" (default "" $dbInfos.externalSecret) "login" (default "" $dbInfos.user) "password" (default "" $dbInfos.password) "passwordPolicy" "required" }} + {{- $newList := append $global.Values.secrets $item }} + {{- $_ := set $global.Values "secrets" $newList }} + {{- end -}} + {{ $_ := set $global.Values "secretsUpdated" true }} + {{- end -}} +{{- end -}} diff --git a/kubernetes/common/mariadb-init/templates/configmap.yaml b/kubernetes/common/mariadb-init/templates/configmap.yaml index 0144ec1907..d021d60b8d 100644 --- a/kubernetes/common/mariadb-init/templates/configmap.yaml +++ b/kubernetes/common/mariadb-init/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Orange # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml index 3149f94611..cccb118787 100644 --- a/kubernetes/common/mariadb-init/templates/job.yaml +++ b/kubernetes/common/mariadb-init/templates/job.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Orange # Copyright © 2020 Samsung Electronics # @@ -12,6 +13,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} + +{{ include "mariadbInit._updateSecrets" . -}} apiVersion: batch/v1 kind: Job @@ -38,7 +42,7 @@ spec: - /app/ready.py args: - --container-name - - {{ .Values.global.mariadbGalera.nameOverride }} + - {{ default .Values.global.mariadbGalera.nameOverride .Values.mariadbGalera.containerName }} env: - name: NAMESPACE valueFrom: @@ -56,21 +60,21 @@ spec: - /db_init/db_init.sh env: - name: DB_HOST - value: "{{ .Values.global.mariadbGalera.nameOverride }}" + value: "{{ default .Values.global.mariadbGalera.nameOverride .Values.mariadbGalera.serviceName }}" - name: DB_PORT - value: "{{ .Values.global.mariadbGalera.servicePort }}" + value: "{{ default .Values.global.mariadbGalera.servicePort .Values.mariadbGalera.servicePort }}" - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }} - name: {{ printf "MYSQL_USER_%s" .Values.config.mysqlDatabase | upper }} - {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "login") | indent 10 }} - name: {{ printf "MYSQL_PASSWORD_%s" .Values.config.mysqlDatabase | upper }} - {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "password") | indent 10 }} {{- $root := . }} {{ range $db, $_values := .Values.config.mysqlAdditionalDatabases }} - name: {{ printf "MYSQL_USER_%s" $db | upper }} - {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "login") | indent 10 }} - name: {{ printf "MYSQL_PASSWORD_%s" $db | upper }} - {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "password") | indent 10 }} {{ end }} volumeMounts: - mountPath: /etc/localtime diff --git a/kubernetes/common/mariadb-init/templates/secret.yaml b/kubernetes/common/mariadb-init/templates/secret.yaml index 71a89d019b..a9d9e0b704 100644 --- a/kubernetes/common/mariadb-init/templates/secret.yaml +++ b/kubernetes/common/mariadb-init/templates/secret.yaml @@ -1,4 +1,6 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada, Orange +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,27 +13,8 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -{{- define "mariadb-init._update-secrets" -}} - {{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }} -{{ printf "- uid: %s" $db }} -{{ printf " type: basicAuth" }} - {{- if $dbInfos.externalSecret }} -{{ printf " externalSecret: %s" $dbInfos.externalSecret }} - {{- end }} -{{ printf " login: %s" $dbInfos.user }} -{{ printf " password: %s" $dbInfos.password }} -{{ printf " passwordPolicy: required" }} - {{- end -}} -{{- end -}} +{{ include "mariadbInit._updateSecrets" . -}} -{{ $global := . }} -{{ $secretsString := .Values.secrets | toYaml | indent 2 }} -{{ $additionalSecretsString := (include "mariadb-init._update-secrets" .) | indent 2 }} -{{ $finalSecretsString := (cat "\nsecrets:\n" $secretsString $additionalSecretsString) | replace " -" " -" }} -{{ $finalSecrets := ($finalSecretsString | fromYaml).secrets }} - -{{ $newValues := set $global.Values "secrets" $finalSecrets }} -{{ $tmpGlobal := set $global "Values" $newValues }} - -{{ include "common.secret" $tmpGlobal }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/common/mariadb-init/values.yaml b/kubernetes/common/mariadb-init/values.yaml index 0f6d4f8a1e..dd5d208190 100644 --- a/kubernetes/common/mariadb-init/values.yaml +++ b/kubernetes/common/mariadb-init/values.yaml @@ -32,8 +32,8 @@ global: secrets: - uid: root-password type: password - externalSecret: '{{ tpl (default (include "mariadbInit.mariadbClusterSecret" .) .Values.global.mariadbGalera.userRootSecret) . }}' - password: '{{ tpl (default "" .global.mariadbGalera.userRootPassword) . }}' + externalSecret: '{{ tpl (ternary (default "" .Values.mariadbGalera.userRootSecret) (default (include "mariadbInit.mariadbClusterSecret" .) .Values.global.mariadbGalera.userRootSecret) (not (empty (default "" .Values.mariadbGalera.serviceName)))) . }}' + password: '{{ tpl (ternary (default "" .Values.mariadbGalera.userRootPassword) (default "" .Values.global.mariadbGalera.userRootPassword) (not (empty (default "" .Values.mariadbGalera.serviceName)))) . }}' - uid: '{{ .Values.config.mysqlDatabase }}' type: basicAuth externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}' @@ -51,6 +51,15 @@ pullPolicy: IfNotPresent # Set it if you want to change the name of the different components # nameOverride: +mariadbGalera: {} +# serviceName: some-name +# containerName: some-name +# servicePort: 3306 +# userRootPassword: some-password +# userRootSecret: some-secret-name +# userRootSecretKey: password + + config: userPassword: Ci@shsOd3pky1Vji userName: u5WZ1GMSIS1wHZF diff --git a/kubernetes/common/mongo/templates/statefulset.yaml b/kubernetes/common/mongo/templates/statefulset.yaml index 111bc80586..abc71b3133 100644 --- a/kubernetes/common/mongo/templates/statefulset.yaml +++ b/kubernetes/common/mongo/templates/statefulset.yaml @@ -36,10 +36,15 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: +{{ include "common.podSecurityContext" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ .Values.dockerHubRepository }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - docker-entrypoint.sh + args: + - --nounixsocket env: - name: MONGO_INITDB_DATABASE value: "{{ .Values.config.dbName }}" @@ -68,6 +73,7 @@ spec: mountPath: /var/lib/mongo resources: {{ include "common.resources" . | indent 12 }} +{{ include "common.containerSecurityContext" . | indent 10 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} diff --git a/kubernetes/common/mongo/values.yaml b/kubernetes/common/mongo/values.yaml index d272f706ea..d8988c3ae7 100644 --- a/kubernetes/common/mongo/values.yaml +++ b/kubernetes/common/mongo/values.yaml @@ -83,6 +83,10 @@ service: rpcbindPort: 111 rpcbindUdpPort: 111 +securityContext: + user_id: 999 + group_id: 999 + ingress: enabled: false diff --git a/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml b/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml index fbdac61a9e..5ae944a568 100644 --- a/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml +++ b/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml @@ -26,17 +26,6 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - {{ .Chart.Name }} - topologyKey: kubernetes.io/hostname serviceName: {{ include "common.servicename" . }} replicas: {{ .Values.replicaCount }} selector: @@ -133,5 +122,3 @@ spec: requests: storage: {{ .Values.persistence.size | quote }} {{- end }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/common/music/charts/music/templates/configmap.yaml b/kubernetes/common/music/charts/music/templates/configmap.yaml index 4023f343df..d42cf2e7e0 100644 --- a/kubernetes/common/music/charts/music/templates/configmap.yaml +++ b/kubernetes/common/music/charts/music/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017-2020 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/common/music/charts/music/templates/deployment.yaml b/kubernetes/common/music/charts/music/templates/deployment.yaml index 81c3c2049d..63b5ab0974 100644 --- a/kubernetes/common/music/charts/music/templates/deployment.yaml +++ b/kubernetes/common/music/charts/music/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017-2020 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -77,7 +79,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} resources: -{{ toYaml .Values.resources | indent 12 }} +{{ include "common.resources" . | indent 12 }} env: - name: SPRING_OPTS value: "{{ .Values.springOpts }}" diff --git a/kubernetes/common/music/charts/music/templates/secrets.yaml b/kubernetes/common/music/charts/music/templates/secrets.yaml index 5d5f5bb397..15791a85d7 100644 --- a/kubernetes/common/music/charts/music/templates/secrets.yaml +++ b/kubernetes/common/music/charts/music/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 AT&T, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/common/music/charts/music/templates/service.yaml b/kubernetes/common/music/charts/music/templates/service.yaml index ca774c9b5b..3bd32a9419 100644 --- a/kubernetes/common/music/charts/music/templates/service.yaml +++ b/kubernetes/common/music/charts/music/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017-2020 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.service" . }} diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl index 456aa32bc0..9ce9b88644 100644 --- a/kubernetes/common/postgres/templates/_deployment.tpl +++ b/kubernetes/common/postgres/templates/_deployment.tpl @@ -30,7 +30,6 @@ metadata: heritage: {{ $dot.Release.Service }} name: "{{ index $dot.Values "container" "name" $pgMode }}" spec: - serviceName: {{ $dot.Values.service.name }} replicas: 1 selector: matchLabels: diff --git a/kubernetes/common/postgres/templates/configmap.yaml b/kubernetes/common/postgres/templates/configmap.yaml index 26ba390040..e8bfd1194a 100644 --- a/kubernetes/common/postgres/templates/configmap.yaml +++ b/kubernetes/common/postgres/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Amdocs, Bell Canada, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/contrib/components/ejbca/resources/certprofile_CUSTOM_ENDUSER-1834889499.xml b/kubernetes/contrib/components/ejbca/resources/certprofile_CUSTOM_ENDUSER-1834889499.xml new file mode 100644 index 0000000000..e163aed82a --- /dev/null +++ b/kubernetes/contrib/components/ejbca/resources/certprofile_CUSTOM_ENDUSER-1834889499.xml @@ -0,0 +1,595 @@ +<?xml version="1.0" encoding="UTF-8"?> +<java version="1.8.0_242" class="java.beans.XMLDecoder"> + <object class="java.util.LinkedHashMap"> + <void method="put"> + <string>version</string> + <float>46.0</float> + </void> + <void method="put"> + <string>type</string> + <int>1</int> + </void> + <void method="put"> + <string>certversion</string> + <string>X509v3</string> + </void> + <void method="put"> + <string>encodedvalidity</string> + <string>2y</string> + </void> + <void method="put"> + <string>usecertificatevalidityoffset</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>certificatevalidityoffset</string> + <string>-10m</string> + </void> + <void method="put"> + <string>useexpirationrestrictionforweekdays</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>expirationrestrictionforweekdaysbefore</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>expirationrestrictionweekdays</string> + <object class="java.util.ArrayList"> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>true</boolean> + </void> + </object> + </void> + <void method="put"> + <string>allowvalidityoverride</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>allowextensionoverride</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>allowdnoverride</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>allowdnoverridebyeei</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>allowbackdatedrevokation</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecertificatestorage</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>storecertificatedata</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>storesubjectaltname</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>usebasicconstrants</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>basicconstraintscritical</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>usesubjectkeyidentifier</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>subjectkeyidentifiercritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useauthoritykeyidentifier</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>authoritykeyidentifiercritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usesubjectalternativename</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>subjectalternativenamecritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useissueralternativename</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>issueralternativenamecritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecrldistributionpoint</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usedefaultcrldistributionpoint</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>crldistributionpointcritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>crldistributionpointuri</string> + <string></string> + </void> + <void method="put"> + <string>usefreshestcrl</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecadefinedfreshestcrl</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>freshestcrluri</string> + <string></string> + </void> + <void method="put"> + <string>crlissuer</string> + <string></string> + </void> + <void method="put"> + <string>usecertificatepolicies</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>certificatepoliciescritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>certificatepolicies</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>availablekeyalgorithms</string> + <object class="java.util.ArrayList"> + <void method="add"> + <string>DSA</string> + </void> + <void method="add"> + <string>ECDSA</string> + </void> + <void method="add"> + <string>RSA</string> + </void> + </object> + </void> + <void method="put"> + <string>availableeccurves</string> + <object class="java.util.ArrayList"> + <void method="add"> + <string>ANY_EC_CURVE</string> + </void> + </object> + </void> + <void method="put"> + <string>availablebitlengths</string> + <object class="java.util.ArrayList"> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>192</int> + </void> + <void method="add"> + <int>224</int> + </void> + <void method="add"> + <int>239</int> + </void> + <void method="add"> + <int>256</int> + </void> + <void method="add"> + <int>384</int> + </void> + <void method="add"> + <int>512</int> + </void> + <void method="add"> + <int>521</int> + </void> + <void method="add"> + <int>1024</int> + </void> + <void method="add"> + <int>1536</int> + </void> + <void method="add"> + <int>2048</int> + </void> + <void method="add"> + <int>3072</int> + </void> + <void method="add"> + <int>4096</int> + </void> + <void method="add"> + <int>6144</int> + </void> + <void method="add"> + <int>8192</int> + </void> + </object> + </void> + <void method="put"> + <string>minimumavailablebitlength</string> + <int>0</int> + </void> + <void method="put"> + <string>maximumavailablebitlength</string> + <int>8192</int> + </void> + <void method="put"> + <string>signaturealgorithm</string> + <null/> + </void> + <void method="put"> + <string>usekeyusage</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>keyusage</string> + <object class="java.util.ArrayList"> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + </object> + </void> + <void method="put"> + <string>allowkeyusageoverride</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>keyusagecritical</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>useextendedkeyusage</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>extendedkeyusage</string> + <object class="java.util.ArrayList"> + <void method="add"> + <string>1.3.6.1.5.5.7.3.2</string> + </void> + <void method="add"> + <string>1.3.6.1.5.5.7.3.4</string> + </void> + <void method="add"> + <string>1.3.6.1.5.5.7.3.1</string> + </void> + </object> + </void> + <void method="put"> + <string>extendedkeyusagecritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usedocumenttypelist</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>documenttypelistcritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>documenttypelist</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>availablecas</string> + <object class="java.util.ArrayList"> + <void method="add"> + <int>-1</int> + </void> + </object> + </void> + <void method="put"> + <string>usedpublishers</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>useocspnocheck</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useldapdnorder</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>usecustomdnorder</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usemicrosofttemplate</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>microsofttemplate</string> + <string></string> + </void> + <void method="put"> + <string>usecardnumber</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecnpostfix</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>cnpostfix</string> + <string></string> + </void> + <void method="put"> + <string>usesubjectdnsubset</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>subjectdnsubset</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>usesubjectaltnamesubset</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>subjectaltnamesubset</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>usepathlengthconstraint</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>pathlengthconstraint</string> + <int>0</int> + </void> + <void method="put"> + <string>useqcstatement</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usepkixqcsyntaxv2</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useqcstatementcritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useqcstatementraname</string> + <string></string> + </void> + <void method="put"> + <string>useqcsematicsid</string> + <string></string> + </void> + <void method="put"> + <string>useqcetsiqccompliance</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useqcetsisignaturedevice</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useqcetsivaluelimit</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>qcetsivaluelimit</string> + <int>0</int> + </void> + <void method="put"> + <string>qcetsivaluelimitexp</string> + <int>0</int> + </void> + <void method="put"> + <string>qcetsivaluelimitcurrency</string> + <string></string> + </void> + <void method="put"> + <string>useqcetsiretentionperiod</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>qcetsiretentionperiod</string> + <int>0</int> + </void> + <void method="put"> + <string>useqccustomstring</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>qccustomstringoid</string> + <string></string> + </void> + <void method="put"> + <string>qccustomstringtext</string> + <string></string> + </void> + <void method="put"> + <string>qcetsipds</string> + <null/> + </void> + <void method="put"> + <string>qcetsitype</string> + <null/> + </void> + <void method="put"> + <string>usecertificatetransparencyincerts</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecertificatetransparencyinocsp</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecertificatetransparencyinpublisher</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usesubjectdirattributes</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usenameconstraints</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useauthorityinformationaccess</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>caissuers</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>usedefaultcaissuer</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usedefaultocspservicelocator</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>ocspservicelocatoruri</string> + <string></string> + </void> + <void method="put"> + <string>cvcaccessrights</string> + <int>3</int> + </void> + <void method="put"> + <string>usedcertificateextensions</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>approvals</string> + <object class="java.util.LinkedHashMap"> + <void method="put"> + <object class="java.lang.Enum" method="valueOf"> + <class>org.cesecore.certificates.ca.ApprovalRequestType</class> + <string>REVOCATION</string> + </object> + <int>-1</int> + </void> + <void method="put"> + <object class="java.lang.Enum" method="valueOf"> + <class>org.cesecore.certificates.ca.ApprovalRequestType</class> + <string>KEYRECOVER</string> + </object> + <int>-1</int> + </void> + <void method="put"> + <object class="java.lang.Enum" method="valueOf"> + <class>org.cesecore.certificates.ca.ApprovalRequestType</class> + <string>ADDEDITENDENTITY</string> + </object> + <int>-1</int> + </void> + </object> + </void> + <void method="put"> + <string>useprivkeyusageperiodnotbefore</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useprivkeyusageperiod</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useprivkeyusageperiodnotafter</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>privkeyusageperiodstartoffset</string> + <long>0</long> + </void> + <void method="put"> + <string>privkeyusageperiodlength</string> + <long>63072000</long> + </void> + <void method="put"> + <string>usesingleactivecertificateconstraint</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>overridableextensionoids</string> + <object class="java.util.LinkedHashSet"/> + </void> + <void method="put"> + <string>nonoverridableextensionoids</string> + <object class="java.util.LinkedHashSet"/> + </void> + <void method="put"> + <string>allowcertsnoverride</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecustomdnorderldap</string> + <boolean>false</boolean> + </void> + </object> +</java> diff --git a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh index f1bd07e158..ad10240b94 100755 --- a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh +++ b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh @@ -12,6 +12,12 @@ configureEjbca() { ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value ${RA_IAK} ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe + #Custom EJBCA cert profile and endentity are imported to allow issuing certificates with correct extended usage (containing serverAuth) + ejbca.sh ca importprofiles -d /opt/primekey/custom_profiles + #Profile name taken from certprofile filename (certprofile_<profile-name>-<id>.xml) + ejbca.sh config cmp updatealias --alias cmpRA --key ra.certificateprofile --value CUSTOM_ENDUSER + #ID taken from entityprofile filename (entityprofile_<profile-name>-<id>.xml) + ejbca.sh config cmp updatealias --alias cmpRA --key ra.endentityprofileid --value 1356531849 ejbca.sh config cmp dumpalias --alias cmpRA ejbca.sh config cmp addalias --alias cmp ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true diff --git a/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml b/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml new file mode 100644 index 0000000000..652acd5fa7 --- /dev/null +++ b/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml @@ -0,0 +1,936 @@ +<?xml version="1.0" encoding="UTF-8"?> +<java version="1.8.0_242" class="java.beans.XMLDecoder"> + <object class="java.util.LinkedHashMap"> + <void method="put"> + <string>version</string> + <float>14.0</float> + </void> + <void method="put"> + <string>NUMBERARRAY</string> + <object class="java.util.ArrayList"> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>3</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + </object> + </void> + <void method="put"> + <string>SUBJECTDNFIELDORDER</string> + <object class="java.util.ArrayList"> + <void method="add"> + <int>500</int> + </void> + <void method="add"> + <int>1100</int> + </void> + <void method="add"> + <int>1200</int> + </void> + <void method="add"> + <int>1300</int> + </void> + <void method="add"> + <int>1400</int> + </void> + <void method="add"> + <int>1600</int> + </void> + </object> + </void> + <void method="put"> + <string>SUBJECTALTNAMEFIELDORDER</string> + <object class="java.util.ArrayList"> + <void method="add"> + <int>1800</int> + </void> + <void method="add"> + <int>1801</int> + </void> + <void method="add"> + <int>1802</int> + </void> + </object> + </void> + <void method="put"> + <string>SUBJECTDIRATTRFIELDORDER</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <int>0</int> + <string></string> + </void> + <void method="put"> + <int>20000</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10000</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30000</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>1</int> + <string></string> + </void> + <void method="put"> + <int>20001</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10001</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30001</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>95</int> + <string></string> + </void> + <void method="put"> + <int>20095</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10095</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30095</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>96</int> + <string></string> + </void> + <void method="put"> + <int>20096</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10096</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30096</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>5</int> + <string></string> + </void> + <void method="put"> + <int>20005</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10005</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30005</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>26</int> + <string></string> + </void> + <void method="put"> + <int>20026</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10026</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30026</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>29</int> + <string>1834889499</string> + </void> + <void method="put"> + <int>20029</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10029</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30029</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30</int> + <string>1834889499</string> + </void> + <void method="put"> + <int>20030</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10030</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30030</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>31</int> + <string>1</string> + </void> + <void method="put"> + <int>20031</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10031</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30031</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>32</int> + <string>1;2;3;4</string> + </void> + <void method="put"> + <int>20032</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10032</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30032</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>33</int> + <string></string> + </void> + <void method="put"> + <int>20033</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10033</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30033</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>34</int> + <string></string> + </void> + <void method="put"> + <int>20034</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10034</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30034</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>38</int> + <string>1</string> + </void> + <void method="put"> + <int>20038</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10038</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30038</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>37</int> + <string>-477565695</string> + </void> + <void method="put"> + <int>20037</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10037</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30037</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>98</int> + <string></string> + </void> + <void method="put"> + <int>20098</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10098</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30098</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>99</int> + <string></string> + </void> + <void method="put"> + <int>20099</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10099</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30099</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>97</int> + <string></string> + </void> + <void method="put"> + <int>20097</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10097</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30097</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>91</int> + <string>false</string> + </void> + <void method="put"> + <int>20091</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10091</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30091</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>94</int> + <string>-1</string> + </void> + <void method="put"> + <int>20094</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10094</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30094</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>93</int> + <string>-1</string> + </void> + <void method="put"> + <int>20093</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10093</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30093</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>89</int> + <string></string> + </void> + <void method="put"> + <int>20089</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10089</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30089</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>88</int> + <string></string> + </void> + <void method="put"> + <int>20088</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10088</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30088</int> + <boolean>true</boolean> + </void> + <void method="put"> + <string>ALLOW_MERGEDN_WEBSERVICES</string> + <boolean>false</boolean> + </void> + <void method="put"> + <int>2</int> + <string></string> + </void> + <void method="put"> + <int>20002</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10002</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10090</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>90</int> + <string>0</string> + </void> + <void method="put"> + <string>REVERSEFFIELDCHECKS</string> + <boolean>false</boolean> + </void> + <void method="put"> + <int>28</int> + <string>false</string> + </void> + <void method="put"> + <int>20028</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10028</int> + <boolean>false</boolean> + </void> + <void method="put"> + <string>REUSECERTIFICATE</string> + <boolean>false</boolean> + </void> + <void method="put"> + <int>35</int> + <string>false</string> + </void> + <void method="put"> + <int>20035</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10035</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10092</int> + <boolean>false</boolean> + </void> + <void method="put"> + <string>USEEXTENSIONDATA</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>PRINTINGUSE</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>PRINTINGDEFAULT</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>PRINTINGREQUIRED</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>PRINTINGCOPIES</string> + <int>1</int> + </void> + <void method="put"> + <string>PRINTINGPRINTERNAME</string> + <string></string> + </void> + <void method="put"> + <string>PRINTINGSVGDATA</string> + <string></string> + </void> + <void method="put"> + <string>PRINTINGSVGFILENAME</string> + <string></string> + </void> + <void method="put"> + <int>11</int> + <string></string> + </void> + <void method="put"> + <int>20011</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10011</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30011</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>12</int> + <string></string> + </void> + <void method="put"> + <int>20012</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10012</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30012</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>13</int> + <string></string> + </void> + <void method="put"> + <int>20013</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10013</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30013</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>14</int> + <string></string> + </void> + <void method="put"> + <int>20014</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10014</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30014</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>16</int> + <string></string> + </void> + <void method="put"> + <int>20016</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10016</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30016</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>18</int> + <string></string> + </void> + <void method="put"> + <int>20018</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10018</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30018</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>118</int> + <string></string> + </void> + <void method="put"> + <int>20118</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10118</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30118</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>218</int> + <string></string> + </void> + <void method="put"> + <int>20218</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10218</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30218</int> + <boolean>true</boolean> + </void> + </object> +</java> diff --git a/kubernetes/contrib/components/ejbca/templates/configmap.yaml b/kubernetes/contrib/components/ejbca/templates/configmap.yaml index d336bc9a94..d61af076a0 100644 --- a/kubernetes/contrib/components/ejbca/templates/configmap.yaml +++ b/kubernetes/contrib/components/ejbca/templates/configmap.yaml @@ -18,3 +18,11 @@ metadata: name: "{{ include "common.fullname" . }}-config-script" data: {{ tpl (.Files.Glob "resources/ejbca-config.sh").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ include "common.fullname" . }}-profiles" +data: +{{ tpl (.Files.Glob "resources/certprofile_CUSTOM_ENDUSER-1834889499.xml").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/entityprofile_Custom_EndEntity-1356531849.xml").AsConfig . | indent 2 }} diff --git a/kubernetes/contrib/components/ejbca/templates/deployment.yaml b/kubernetes/contrib/components/ejbca/templates/deployment.yaml index 1b1843476d..495b816bc5 100644 --- a/kubernetes/contrib/components/ejbca/templates/deployment.yaml +++ b/kubernetes/contrib/components/ejbca/templates/deployment.yaml @@ -51,6 +51,8 @@ spec: volumeMounts: - name: "{{ include "common.fullname" . }}-volume" mountPath: /opt/primekey/scripts/ + - name: "{{ include "common.fullname" . }}-profiles-volume" + mountPath: /opt/primekey/custom_profiles/ ports: {{ include "common.containerPorts" . | nindent 10 }} env: - name: INITIAL_ADMIN @@ -90,3 +92,7 @@ spec: name: "{{ include "common.fullname" . }}-config-script" defaultMode: 0755 name: "{{ include "common.fullname" . }}-volume" + - configMap: + name: "{{ include "common.fullname" . }}-profiles" + defaultMode: 0755 + name: "{{ include "common.fullname" . }}-profiles-volume" diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json index 6de75c96d7..d0413192c8 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json @@ -41,15 +41,20 @@ }, "external_cert": { - "image_tag": "{{ .Values.global.tlsRepository }}/{{ .Values.cmpv2Config.global.aaf.certServiceClient.image }}", - "request_url": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.requestURL }}", - "timeout": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.requestTimeout }}", - "country": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2Country }}", - "organization": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2Organization }}", - "state": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2State }}", - "organizational_unit": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2OrganizationalUnit }}", - "location": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2Location }}", - "keystore_password": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.keystorePassword }}", - "truststore_password": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.truststorePassword }}" + "image_tag": "{{ .Values.global.tlsRepository }}/{{ .Values.cmpv2Config.global.platform.certServiceClient.image }}", + "request_url": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.requestURL }}", + "timeout": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.requestTimeout }}", + "country": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Country }}", + "organization": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Organization }}", + "state": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2State }}", + "organizational_unit": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2OrganizationalUnit }}", + "location": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Location }}", + "cert_secret_name": "{{ .Values.cmpv2Config.global.platform.certServiceClient.secretName }}", + "keystore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.keystorePassword }}", + "truststore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.truststorePassword }}" + }, + "truststore_merger": + { + "image_tag": "{{ .Values.global.tlsRepository }}/{{ .Values.cmpv2Config.global.platform.certPostProcessor.image }}" } } diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml index a0cbbbdba2..f571affec0 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml @@ -1,6 +1,7 @@ #============LICENSE_START======================================================== #================================================================================= -# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2020 Nokia. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,4 +20,9 @@ tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.hv_ves }} {{ end }} use_tls: true -security_ssl_disable: false
\ No newline at end of file +security_ssl_disable: false +external_cert_ca_name: "RA" +external_cert_common_name: "dcae-hv-ves-collector" +external_cert_sans: "dcae-hv-ves-collector:hv-ves-collector:hv-ves" +external_cert_cert_type: "JKS" +external_cert_use_external_tls: false diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml index 5a2a595ca6..15f5ab9006 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml @@ -31,3 +31,8 @@ ves_measurement_publish_url: "http://{{ .Values.config.address.message_router }} ves_pnfRegistration_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_PNFREG_OUTPUT/" ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/" user_list: "sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6|demouser,$2a$10$1cc.COcqV/d3iT2N7BjPG.S6ZKv2jpb9a5MV.o7lMih/GpjJRX.Ce" +external_cert_ca_name: "RA" +external_cert_common_name: "dcae-ves-collector" +external_cert_sans: "dcae-ves-collector:ves-collector:ves" +external_cert_cert_type: "JKS" +external_cert_use_external_tls: false diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml index afacc26733..4d10bcc0c9 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -128,10 +128,7 @@ spec: - name: CMADDR value: {{ .Values.config.address.cm.host }} - name: CMPASS - valueFrom: - secretKeyRef: - name: {{ include "common.name" . }}-cmpass - key: password + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14}} - name: CMPROTO value: {{ .Values.config.address.cm.proto }} - name: CMPORT diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml index 44395e48e8..6489659d86 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,18 +16,4 @@ # limitations under the License. # ============LICENSE_END========================================================= -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.name" . }}-cmpass - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - password: YWRtaW4= ---- {{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index 367014d551..3ef6d551bf 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -36,6 +36,10 @@ secrets: externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "dcae-bootstrap-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}' password: '{{ .Values.postgres.config.pgRootpassword }}' policy: generate + - uid: 'cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' config: logstashServiceName: log-ls @@ -104,7 +108,7 @@ mongo: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.0.4 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.1.6 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager @@ -113,10 +117,10 @@ componentImages: holmes_rules: onap/holmes/rule-management:1.2.7 holmes_engine: onap/holmes/engine-management:1.2.6 tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.2.0 - ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.3 + ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.5 snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0 - prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.2 - hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.4.0 + prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.4 + hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.5.0 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml index 539d202c0f..337461fa38 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -68,7 +68,6 @@ spec: - {{ include "common.namespace" . }} - --configmap - {{ .Values.multisiteConfigMapName }} - restartPolicy: Never - name: init-tls env: - name: POD_IP @@ -144,6 +143,9 @@ spec: name: cm-persistent - mountPath: /opt/onap/certs name: tls-info + - mountPath: /opt/onap/cm-secrets + name: cm-secrets + readOnly: true securityContext: privileged: True volumes: @@ -171,5 +173,8 @@ spec: {{- end }} - emptyDir: {} name: tls-info + - name: cm-secrets + secret: + secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "cm-pass") }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml index dee9200eff..876b971db1 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml @@ -41,3 +41,5 @@ metadata: annotations: kubernetes.io/service-account.name: default type: kubernetes.io/service-account-token +--- +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml index a727b1a41b..8140b6b798 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -31,7 +31,15 @@ global: user: docker password: docker +secrets: + - uid: 'cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' + policy: required + config: + cloudifyManagerPassword: "override me" logstashServiceName: log-ls logstashPort: 5044 # Addresses of other ONAP entities @@ -45,7 +53,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.cm-container:3.1.0 +image: onap/org.onap.dcaegen2.deployments.cm-container:3.3.2 pullPolicy: Always # name of shared ConfigMap with kubeconfig for multiple clusters diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml index 299e3ef878..e0e45c457a 100644 --- a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml @@ -89,7 +89,7 @@ spec: port: {{ .Values.service.secure.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} + {{ end }} readinessProbe: httpGet: scheme: "HTTPS" @@ -139,7 +139,7 @@ spec: port: {{ .Values.service.insecure.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} + {{ end }} readinessProbe: httpGet: scheme: "HTTP" diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml index 0d3082819f..a7be74a7ad 100644 --- a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml @@ -44,7 +44,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.configbinding:2.5.2 +image: onap/org.onap.dcaegen2.platform.configbinding:2.5.3 pullPolicy: Always # probe configuration parameters diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml index e46901bc94..404927cda8 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -105,7 +105,7 @@ spec: successThreshold: 1 timeoutSeconds: 1 volumeMounts: - - mountPath: /usr/local/share/ca-certificates/ + - mountPath: /opt/app/osaaf/ name: tls-info - mountPath: /opt/logs/dcae/dashboard name: component-log @@ -119,7 +119,7 @@ spec: - name: postgres_port value: "{{ .Values.postgres.config.pgPort }}" - name: cloudify_password - value: admin + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }} - name: dhandler_url value: {{ .Values.config.dhandler_url }} - name: cfy_url diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml index b143034d8f..34932b713d 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml @@ -1,16 +1,17 @@ {{/* # Copyright © 2020 Samsung Electronics -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. */}} + {{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml index 884a753ff8..a86a1eed49 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml @@ -34,8 +34,14 @@ secrets: login: '{{ .Values.postgres.config.pgUserName }}' password: '{{ .Values.postgres.config.pgUserPassword }}' passwordPolicy: generate + - uid: 'cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' + policy: required config: + cloudifyManagerPassword: "override me" logstashServiceName: log-ls logstashPort: 5044 dhandler_url: https://deployment-handler:8443 @@ -52,7 +58,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.3.2 +image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.4.0 pullPolicy: Always # probe configuration parameters diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml index 1a28bc45c0..88ec5cbe66 100755 --- a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2020 Nokia # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -124,7 +124,7 @@ spec: - name: CLOUDIFY_USER value: admin - name: CLOUDIFY_PASSWORD - value: admin + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }} - name: CONFIG_BINDING_SERVICE value: config-binding-service - name: NODE_EXTRA_CA_CERTS diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/secrets.yaml index 493cfe5f88..34932b713d 100644 --- a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/secret.yaml +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/secrets.yaml @@ -1,4 +1,5 @@ -# Copyright © 2020 Nordix Foundation +{{/* +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml index fd705499d0..7e340db628 100644 --- a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml @@ -31,7 +31,15 @@ global: user: docker password: docker +secrets: + - uid: 'cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' + policy: required + config: + cloudifyManagerPassword: "override me" logstashServiceName: log-ls logstashPort: 5044 # Addresses of other ONAP entities @@ -45,7 +53,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.deployment-handler:4.3.0 +image: onap/org.onap.dcaegen2.platform.deployment-handler:4.4.1 pullPolicy: Always # probe configuration parameters diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml index ee2c03e237..3fec537716 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml @@ -53,7 +53,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.inventory-api:3.4.1 +image: onap/org.onap.dcaegen2.platform.inventory-api:3.5.1 pullPolicy: Always diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml index a29e334a25..61084fa26c 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -117,7 +117,7 @@ spec: - name: CLOUDIFY_USER value: admin - name: CLOUDIFY_PASSWORD - value: admin + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }} - name: CONFIG_BINDING_SERVICE value: config-binding-service - name: POD_IP diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/ingress.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/secrets.yaml index 0cd8cfbd36..34932b713d 100644 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/ingress.yaml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/secrets.yaml @@ -1,4 +1,5 @@ -# Copyright © 2020 Samsung, Orange +{{/* +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -{{ include "common.ingress" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml index 2d0930846f..4a587d82eb 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml @@ -31,7 +31,15 @@ global: user: docker password: docker +secrets: + - uid: 'cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' + policy: required + config: + cloudifyManagerPassword: "override me" logstashServiceName: log-ls logstashPort: 5044 # Addresses of other ONAP entities diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml index 9a061876f8..cd09e96217 100644 --- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml @@ -48,7 +48,7 @@ spec: - --container-name - "message-router" - --container-name - - "sdc-dcae-be" + - "sdc-be" - "-t" - "45" env: diff --git a/kubernetes/dcaegen2/templates/secrets.yaml b/kubernetes/dcaegen2/templates/secrets.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/dcaegen2/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml index 939bd115a4..1918a8fea7 100644 --- a/kubernetes/dcaegen2/values.yaml +++ b/kubernetes/dcaegen2/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2018 Amdocs, Bell Canada # Modifications Copyright © 2018-2019 AT&T +# Modifications Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,22 +26,47 @@ global: busyboxRepository: docker.io busyboxImage: library/busybox:1.30 +################################################################# +# Secrets metaconfig +################################################################# +secrets: +- name: &cmPassSecretName '{{ include "common.release" . }}-dcaegen2-cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' + +config: {} + +# To work around DCAEGEN2-2450, set password strength to "basic" +# to ensure password contains only alphanumerics +passwordStrengthOverride: basic + # Enable all DCAE components by default dcae-bootstrap: enabled: true + config: + cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-cloudify-manager: enabled: true + config: + cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-config-binding-service: enabled: true dcae-dashboard: enabled: true + config: + cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-deployment-handler: enabled: true + config: + cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-healthcheck: enabled: true dcae-inventory-api: enabled: true dcae-policy-handler: enabled: true + config: + cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-servicechange-handler: enabled: true diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml index f373888ab8..c717ca3309 100644 --- a/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml @@ -35,7 +35,7 @@ config: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.distributorapi:1.0.1 +image: onap/org.onap.dcaegen2.platform.mod.distributorapi:1.1.0 service: type: ClusterIP diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml index 64268abb33..28d974c815 100644 --- a/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml @@ -36,13 +36,13 @@ spec: {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{ ( index .Values.service.ports 0).port }} + port: {{ include "common.getPort" (dict "global" . "name" "http") }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: tcpSocket: - port: {{ ( index .Values.service.ports 0).port }} + port: {{ include "common.getPort" (dict "global" . "name" "http") }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml index a83770ea45..161b3621a0 100644 --- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml @@ -92,7 +92,7 @@ postgres: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.2 +image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.3 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml index e2251e00fb..aa3e245a0b 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml @@ -71,7 +71,7 @@ readiness: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.6 +image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.1.0 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml index 8756d57516..8b8c16c287 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml +++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml @@ -217,6 +217,7 @@ <appender-ref ref="asyncDebug" /> <appender-ref ref="asyncError" /> <appender-ref ref="asyncJettyLog" /> + <appender-ref ref="STDOUT" /> </root> </configuration>
\ No newline at end of file diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml index 2b4b722bfb..1e08954b66 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml @@ -24,7 +24,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/dmaap/datarouter-node:2.1.6 +image: onap/dmaap/datarouter-node:2.1.7 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml index dba613c33c..73446ee3ec 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml @@ -402,6 +402,7 @@ <appender-ref ref="asyncEELFError" /> <appender-ref ref="asyncEELFjettylog" /> <appender-ref ref="asyncEELFDebug" /> + <appender-ref ref="STDOUT" /> </root> </configuration>
\ No newline at end of file diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml index c4ca4edc8b..d33cb297db 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml @@ -15,7 +15,7 @@ apiVersion: v1 kind: Service metadata: - name: {{ .Values.global.dmaapDrProvName }} + name: {{ default "dmaap-dr-prov" .Values.global.dmaapDrProvName }} namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml index 1cf2e583d1..3d4febcde1 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml @@ -35,7 +35,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/dmaap/datarouter-prov:2.1.6 +image: onap/dmaap/datarouter-prov:2.1.7 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml index 7c6334c76d..169e898ca6 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml @@ -148,7 +148,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} resources: -{{ toYaml .Values.resources | indent 10 }} +{{ include "common.resources" . | indent 10 }} env: - name : KAFKA_HEAP_OPTS value: "{{ .Values.zkConfig.heapOptions }}" diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml b/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml index f02a2db764..ad2ce2b92a 100644 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml +++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml @@ -20,11 +20,6 @@ <jmxConfigurator /> <property name="logDirectory" value="${AJSC_HOME}/log" /> <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> - <filter class="ch.qos.logback.classic.filter.LevelFilter"> - <level>ERROR</level> - <onMatch>ACCEPT</onMatch> - <onMismatch>DENY</onMismatch> - </filter> <encoder> <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n </pattern> diff --git a/kubernetes/esr/charts/esr-server/resources/config/logback.xml b/kubernetes/esr/charts/esr-server/resources/config/logback.xml index c647f3d1e1..fcc9f250d9 100644 --- a/kubernetes/esr/charts/esr-server/resources/config/logback.xml +++ b/kubernetes/esr/charts/esr-server/resources/config/logback.xml @@ -15,35 +15,38 @@ # limitations under the License. --> -<configuration scan="false" debug="true"> - <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/> - <property name="p_lvl" value="%level"/> - <property name="p_log" value="%logger"/> - <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/> - <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/> - <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/> - <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/> - <property name="p_thr" value="%thread"/> - <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/> - - <property name="logDir" value="/var/log/onap" /> - <property name="debugDir" value="/var/log/onap" /> - - <property name="componentName" value="esr"></property> - <property name="subComponentName" value="esr-server"></property> +<configuration scan="{{ .Values.log.scan.enabled }}" debug="{{ .Values.log.debug }}"> + + <property name="componentName" value='{{default "UNSET_COMPONENT" .Values.log.componentName}}'/> + <property name="subcomponentName" value='{{default "UNSET_SUBCOMPONENT" .Values.log.subcomponentName}}'/> + + <property name="logDir" value="{{ .Values.log.logDir }}" /> + <property name="queueSize" value="{{ .Values.log.queueSize }}"/> + + <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/> + <property name="p_lvl" value="%level"/> + <property name="p_log" value="%logger"/> + <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/> + <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/> + <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/> + <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/> + <property name="p_thr" value="%thread"/> + <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/> <property name="errorLogName" value="error" /> <property name="metricsLogName" value="metrics" /> <property name="auditLogName" value="audit" /> <property name="debugLogName" value="debug" /> - <property name="errorPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" /> - <property name="debugPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" /> - + <property name="errorPattern" value="${p_tim}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" /> + <property name="debugPattern" value="${p_tim}|%X{RequestId}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" /> <property name="auditPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||||||%msg%n" /> <property name="metricPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|||||%msg%n" /> + <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> - <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" /> + + <!-- Console (human-readable) logging --> + <property name="consolePattern" value="%nopexception${p_log}\t${p_tim}\t${p_lvl}\t%message\t${p_mdc}\t%rootException\t${p_mak}\t${p_thr}%n"/> <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender"> @@ -57,7 +60,7 @@ </appender> <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> + <queueSize>${queueSize}</queueSize> <appender-ref ref="EELFAudit" /> </appender> @@ -73,7 +76,7 @@ </appender> <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> + <queueSize>${queueSize}</queueSize> <appender-ref ref="EELFMetrics"/> </appender> @@ -93,16 +96,16 @@ </appender> <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> + <queueSize>${queueSize}</queueSize> <appender-ref ref="EELFError"/> </appender> <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${debugLogDirectory}/${debugLogName}.log</file> + <file>${logDirectory}/${debugLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${debugLogDirectory}/${debugLogName}.log.%d</fileNamePattern> + <fileNamePattern>${logDirectory}/${debugLogName}.log.%d</fileNamePattern> </rollingPolicy> <encoder> <pattern>${debugPattern}</pattern> @@ -110,11 +113,17 @@ </appender> <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> + <queueSize>${queueSize}</queueSize> <appender-ref ref="EELFDebug" /> <includeCallerData>true</includeCallerData> </appender> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>${consolePattern}</pattern> + </encoder> + </appender> + <logger name="com.att.eelf.audit" level="info" additivity="false"> <appender-ref ref="asyncEELFAudit" /> </logger> @@ -127,9 +136,9 @@ <appender-ref ref="asyncEELFError" /> </logger> - <root level="INFO"> + <root level="{{ .Values.log.root.level }}"> <appender-ref ref="asyncEELFDebug" /> + <appender-ref ref="STDOUT" /> </root> -</configuration> - +</configuration>
\ No newline at end of file diff --git a/kubernetes/esr/charts/esr-server/values.yaml b/kubernetes/esr/charts/esr-server/values.yaml index 6008f1f747..0177690e80 100644 --- a/kubernetes/esr/charts/esr-server/values.yaml +++ b/kubernetes/esr/charts/esr-server/values.yaml @@ -64,6 +64,17 @@ service: ingress: enabled: false +log: + componentName: esr + subcomponentName: esr-server + debug: true + scan: + enabled: false + logDir: /var/log/onap + queueSize: 256 + root: + level: INFO + resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml index b0cc27bd8d..8bfebf1679 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml @@ -1,4 +1,4 @@ -# Copyright (c) 2020 Samsung Electronics +{{/*# Copyright (c) 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,5 +11,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml b/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml index af0b2b975c..3781d96328 100644 --- a/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml +++ b/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml @@ -41,6 +41,12 @@ <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" /> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>${errorPattern}</pattern> + </encoder> + </appender> + <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender"> <file>${logDirectory}/${auditLogName}.log</file> @@ -125,6 +131,7 @@ <root level="INFO"> <appender-ref ref="asyncEELFDebug" /> + <appender-ref ref="STDOUT" /> </root> </configuration> diff --git a/kubernetes/msb/charts/msb-eag/resources/config/logback.xml b/kubernetes/msb/charts/msb-eag/resources/config/logback.xml index 49d5e64896..6dc4443d6e 100644 --- a/kubernetes/msb/charts/msb-eag/resources/config/logback.xml +++ b/kubernetes/msb/charts/msb-eag/resources/config/logback.xml @@ -41,6 +41,12 @@ <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" /> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>${errorPattern}</pattern> + </encoder> + </appender> + <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender"> <file>${logDirectory}/${auditLogName}.log</file> @@ -125,6 +131,7 @@ <root level="INFO"> <appender-ref ref="asyncEELFDebug" /> + <appender-ref ref="STDOUT" /> </root> </configuration> diff --git a/kubernetes/msb/charts/msb-iag/resources/config/logback.xml b/kubernetes/msb/charts/msb-iag/resources/config/logback.xml index bceefc500c..65ff43485a 100644 --- a/kubernetes/msb/charts/msb-iag/resources/config/logback.xml +++ b/kubernetes/msb/charts/msb-iag/resources/config/logback.xml @@ -41,6 +41,12 @@ <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" /> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>${errorPattern}</pattern> + </encoder> + </appender> + <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender"> <file>${logDirectory}/${auditLogName}.log</file> @@ -125,6 +131,7 @@ <root level="INFO"> <appender-ref ref="asyncEELFDebug" /> + <appender-ref ref="STDOUT" /> </root> </configuration> diff --git a/kubernetes/multicloud/charts/multicloud-k8s/values.yaml b/kubernetes/multicloud/charts/multicloud-k8s/values.yaml index 2cdbba77c0..b9fa617d94 100644 --- a/kubernetes/multicloud/charts/multicloud-k8s/values.yaml +++ b/kubernetes/multicloud/charts/multicloud-k8s/values.yaml @@ -73,6 +73,23 @@ mongo: mountSubPath: multicloud-k8s/mongo/data enabled: true disableNfsProvisioner: true + flavor: &storage_flavor large + resources: &storage_resources + small: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 10m + memory: 75Mi + large: + limits: + cpu: 200m + memory: 1Gi + requests: + cpu: 50m + memory: 300Mi + unlimited: {} #etcd chart overrides for k8splugin etcd: @@ -82,6 +99,8 @@ etcd: persistence: mountSubPath: multicloud-k8s/etcd/data enabled: true + flavor: *storage_flavor + resources: *storage_resources # No persistence right now as we rely on Mongo to handle that persistence: diff --git a/kubernetes/multicloud/charts/multicloud-pike/templates/deployment.yaml b/kubernetes/multicloud/charts/multicloud-pike/templates/deployment.yaml index 76f3e8cbdc..bfcacb8013 100644 --- a/kubernetes/multicloud/charts/multicloud-pike/templates/deployment.yaml +++ b/kubernetes/multicloud/charts/multicloud-pike/templates/deployment.yaml @@ -40,6 +40,8 @@ spec: spec: containers: - env: + - name: MSB_PROTO + value: {{ .Values.config.msbprotocol }} - name: MSB_ADDR value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}" - name: MSB_PORT @@ -54,6 +56,8 @@ spec: value: "{{ .Values.config.aai.username }}" - name: AAI_PASSWORD value: "{{ .Values.config.aai.password }}" + - name: SSL_ENABLED + value: "{{ .Values.config.ssl_enabled }}" name: {{ include "common.name" . }} volumeMounts: - mountPath: /var/log/onap diff --git a/kubernetes/multicloud/charts/multicloud-pike/values.yaml b/kubernetes/multicloud/charts/multicloud-pike/values.yaml index ec79a1a847..50ced500d5 100644 --- a/kubernetes/multicloud/charts/multicloud-pike/values.yaml +++ b/kubernetes/multicloud/charts/multicloud-pike/values.yaml @@ -31,8 +31,10 @@ istioSidecar: true # application configuration config: + ssl_enabled: false + msbprotocol: https msbgateway: msb-iag - msbPort: 80 + msbPort: 443 aai: port: 8443 schemaVersion: v13 diff --git a/kubernetes/multicloud/values.yaml b/kubernetes/multicloud/values.yaml index d075291db2..0ff561c800 100644 --- a/kubernetes/multicloud/values.yaml +++ b/kubernetes/multicloud/values.yaml @@ -20,7 +20,7 @@ global: nodePortPrefix: 302 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 - artifactImage: onap/multicloud/framework-artifactbroker:1.5.1 + artifactImage: onap/multicloud/framework-artifactbroker:1.6.0 prometheus: enabled: false persistence: {} @@ -30,7 +30,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/multicloud/framework:1.5.1 +image: onap/multicloud/framework:1.6.0 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml index dc2f5dbb81..631cb7cba8 100644 --- a/kubernetes/nbi/templates/deployment.yaml +++ b/kubernetes/nbi/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Orange # Modifications Copyright © 2018 Amdocs, Bell Canada # Modifications Copyright © 2020 Nokia @@ -13,6 +14,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment diff --git a/kubernetes/nbi/templates/ingress.yaml b/kubernetes/nbi/templates/ingress.yaml index 0cd8cfbd36..06e66ebbf1 100644 --- a/kubernetes/nbi/templates/ingress.yaml +++ b/kubernetes/nbi/templates/ingress.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.ingress" . }} diff --git a/kubernetes/nbi/templates/secret.yaml b/kubernetes/nbi/templates/secret.yaml index bd7eb8ea40..34932b713d 100644 --- a/kubernetes/nbi/templates/secret.yaml +++ b/kubernetes/nbi/templates/secret.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/nbi/templates/service.yaml b/kubernetes/nbi/templates/service.yaml index ccc1a13e71..4d5359ce0e 100644 --- a/kubernetes/nbi/templates/service.yaml +++ b/kubernetes/nbi/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/onap/requirements.yaml b/kubernetes/onap/requirements.yaml index 9385adea9a..9143c1feff 100755 --- a/kubernetes/onap/requirements.yaml +++ b/kubernetes/onap/requirements.yaml @@ -1,4 +1,6 @@ # Copyright © 2019 Amdocs, Bell Canada +# Copyright (c) 2020 Nordix Foundation, Modifications +# Modifications Copyright © 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -152,3 +154,11 @@ dependencies: version: ~6.x-0 repository: '@local' condition: modeling.enabled + - name: platform + version: ~6.x-0 + repository: '@local' + condition: platform.enabled + - name: a1policymanagement + version: ~6.x-0 + repository: '@local' + condition: a1policymanagement.enabled diff --git a/kubernetes/onap/resources/environments/public-cloud.yaml b/kubernetes/onap/resources/environments/public-cloud.yaml index 08329d8b43..4a910987a9 100644 --- a/kubernetes/onap/resources/environments/public-cloud.yaml +++ b/kubernetes/onap/resources/environments/public-cloud.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Copyright (c) 2020 Nordix Foundation, Modifications # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -174,3 +175,10 @@ mariadb-galera: readiness: initialDelaySeconds: 120 +a1policymanagement: + liveness: + initialDelaySeconds: 60 + periodSeconds: 10 + readiness: + initialDelaySeconds: 60 + periodSeconds: 10 diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml index 86f898d18c..1d0663ea65 100644 --- a/kubernetes/onap/resources/overrides/onap-all.yaml +++ b/kubernetes/onap/resources/overrides/onap-all.yaml @@ -1,4 +1,6 @@ # Copyright © 2019 Amdocs, Bell Canada +# Copyright (c) 2020 Nordix Foundation, Modifications +# Modifications Copyright © 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -79,3 +81,7 @@ vnfsdk: enabled: true modeling: enabled: true +platform: + enabled: true +a1policymanagement: + enabled: true
\ No newline at end of file diff --git a/kubernetes/onap/resources/overrides/aaf-cert-service-environment.yaml b/kubernetes/onap/resources/overrides/oom-cert-service-environment.yaml index da00f61e2f..9914e1496e 100644 --- a/kubernetes/onap/resources/overrides/aaf-cert-service-environment.yaml +++ b/kubernetes/onap/resources/overrides/oom-cert-service-environment.yaml @@ -1,4 +1,5 @@ # Copyright © 2020 Nordix Foundation +# Modifications Copyright © 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -34,7 +35,7 @@ ################################################################# global: cmpv2Enabled: true - aaf: + platform: certServiceClient: envVariables: # Certificate related diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 394c0b4f7e..3413c3840e 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -1,4 +1,6 @@ # Copyright © 2019 Amdocs, Bell Canada +# Copyright (c) 2020 Nordix Foundation, Modifications +# Modifications Copyright © 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -89,6 +91,11 @@ global: # flag to enable debugging - application support required debugEnabled: false + # default password complexity + # available options: phrase, name, pin, basic, short, medium, long, maximum security + # More datails: https://masterpassword.app/masterpassword-algorithm.pdf + passwordStrength: long + # configuration to set log level to all components (the one that are using # "common.log.level" to set this) # can be overrided per components by setting logConfiguration.logLevelOverride @@ -99,8 +106,8 @@ global: ingress: enabled: false virtualhost: - enabled: true - baseurl: "simpledemo.onap.org" + enabled: true + baseurl: "simpledemo.onap.org" # Global Service Mesh configuration # POC Mode, don't use it in production @@ -116,12 +123,12 @@ global: # Enabling CMPv2 cmpv2Enabled: true - aaf: + platform: certServiceClient: - image: onap/org.onap.aaf.certservice.aaf-certservice-client:1.2.0 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0 secret: - name: aaf-cert-service-client-tls-secret - mountPath: /etc/onap/aaf/certservice/certs/ + name: oom-cert-service-client-tls-secret + mountPath: /etc/onap/oom/certservice/certs/ envVariables: # Certificate related cmpv2Organization: "Linux-Foundation" @@ -131,11 +138,12 @@ global: cmpv2Country: "US" # Client configuration related caName: "RA" - requestURL: "https://aaf-cert-service:8443/v1/certificate/" + requestURL: "https://oom-cert-service:8443/v1/certificate/" requestTimeout: "30000" - keystorePath: "/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks" + keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks" + outputType: "P12" keystorePassword: "secret" - truststorePath: "/etc/onap/aaf/certservice/certs/truststore.jks" + truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks" truststorePassword: "secret" # TLS @@ -149,13 +157,12 @@ global: # default centralizedLoggingEnabled: ¢ralizedLogging false - -# Example of specific for the components where you want to disable TLS only for -# it: -# if set this element will force or not tls even if global.serviceMesh.tls and -# global.tlsEnabled is set otherwise. -# robot: -# tlsOverride: false + # Example of specific for the components where you want to disable TLS only for + # it: + # if set this element will force or not tls even if global.serviceMesh.tls and + # global.tlsEnabled is set otherwise. + # robot: + # tlsOverride: false # Global storage configuration # Set to "-" for default, or with the name of the storage class @@ -302,3 +309,7 @@ vnfsdk: enabled: false modeling: enabled: false +platform: + enabled: false +a1policymanagement: + enabled: false diff --git a/kubernetes/oof/Makefile b/kubernetes/oof/Makefile index e27258aafc..8af301d7ae 100644 --- a/kubernetes/oof/Makefile +++ b/kubernetes/oof/Makefile @@ -1,4 +1,4 @@ -# Copyright © 2017 Amdocs, AT&T, Bell Canada, VMware +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,6 +12,39 @@ # See the License for the specific language governing permissions and # limitations under the License. -make-has: - cd charts && helm dep up oof-has - cd charts && helm dep up oof-cmso +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.cred.props b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.cred.props deleted file mode 100644 index b56c500ffd..0000000000 --- a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.cred.props +++ /dev/null @@ -1,22 +0,0 @@ - # ------------------------------------------------------------------------- - # Copyright (c) 2019 AT&T Intellectual Property - # - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - # - # ------------------------------------------------------------------------- - # - -aaf_id=oof@oof.onap.org -aaf_password=demo123456! -cadi_keyfile=/share/etc/certs/org.onap.oof.keyfile -cadi_truststore=/share/etc/certs//truststoreONAPall.jks diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.jks b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.jks Binary files differdeleted file mode 100644 index f1e01085f9..0000000000 --- a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.jks +++ /dev/null diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.keyfile b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.keyfile deleted file mode 100644 index 78a6afba63..0000000000 --- a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.keyfile +++ /dev/null @@ -1,27 +0,0 @@ -dX1X5XcwStbiOmKV2k-px6nukVP3Ucg3mB6Rx3IyAyAQOZx8nU-TBK9kOV635VI5559pLF6z7jGR -BcBfEgQtiO93vGKsSfkiVjorFz5UDqqXvoW6kFz4yQHBYR8cfFIRQ4L6mitfrs6gsM0d7CBqBz29 -I5lyzeSzmaPmJDP92jw--y3cvGRYYNLGvl3U3IIeCFX9IkDY29OZazaQaihAZx2trjLZKEeuzLN1 -6JQGbKEqCCRzZ46TXnH1DKRPxxV2aNzb_3I8402XUmlGBPf0Ucyj2wlBWrSApVVaxKKIEgIjf7vs -x2fEMD-ye--2MkalDZ6Tm_x75GFKiia7Uc2fBBb4xHGZZEmKTh4php1Gu3v1bVY8hjXXVTpF-WXm -cm9T4uczm_CgnKE4PtqLnYQg87LI8ONbWIE5jkgu1D4lhWkzO8nMrQlnFT0HlB-CRGu_xRsIWvnc -bTA8K4iKJMHm7IhRfrBFNRBSq8AH_9LoUfTQ62C-Nt8g6Wu7ox6fO_dus1S9H9ndNzos31IVrn1h -5QHxuBCUORISWjGoEQSM6spz3pyvbNMgKpkkg2izwXzDwc3RbqOgiSY8WtpKXuWceU-Ltl_npFpO -O1suykGF6fnuql87ERJ7mcEiNd8L2_GuxTr-0YbbWgCK2IBDyfNc6ayTcjN0huoF72umE0ODQ0aK -0HUAWAV4W6cWXEj7iOpMx1jkDURbWEdPetlz-LZKv7aN3s65Cl4Nib7ltWrs9ilP5J-KUKTkUPpM -poBWXVZf4IjNx3H2KFzdLeGSXO3kG46tQDeeloFuY2yk1FWeyS9xLS60H2komdIW6qRVVBzeJHRN -7dYMK5AhAgOghhe5XBhH1yHVdjLJuOMXPRrXe8dTyNU6fD1rHuvGukwSLW9lXsQkJBENfsIxY-At --j6Gm54G_Dz5k7tu7ThpCREVxNoBDMOBC_RemS0P-pqHSEpxEc0OjLQbVSPBQRa3eaRiqLMz_dop -FGJt56UE73Qn0HWQw16lSdKSDtuSlByEwbQ8fRFN6e2f6DCHwW81kPpfJBcoPgO4RcoazNfbLXGI -c3q9SSpOy6r33lPT8ZigURWiNqgO2NgWswAhaN1lllbXooQxhmTnokTxi8lbQ45ZMI0n5TKFJVAB -TtEpi4VESECsda-Rlt2w-SE9QMSSxbdYcoMutupHoj2EuRcEDAW9ghLcfBqBkGapS_Vk-E7VYBqT -mCzuKx5WdvNj9RFCIHq7U6axpddRd7XGgKhQwyLo075DLlpULcXjHegh2Dv_U-CgwMc7J4NfCNYL -atLIkKAhxiaHt7nkhSVKsJK89-7_NQd-OubYnUNMREoEBJautCFfyiL5fooEb2Vdu1S-27fAYk3f -9Zv4j_lwldSGBkNZg8vKGsSLgl9acdXld_zyUI9iGe-cj5eibI7LLpaxRL9UyBJWvElyDdTQvTZL -DdpWmy3QF9GUGx0AwZixPixXdIHmmu2yOu1kFqNAjHqfVfoyNETlGrQRM5IPQ6RmBhWC3Iv5mSNA -FZ0J95bvy9_HS718wAhlEiw4B6FGnTR8KZozfOtr2ihh8QybBgvvJrs-68RIB56gWyavbn-aAnXi -zTI1YYCVzBDVv4XPzqK4itVl5gPb3KCHPUSlrVhkPLXAUix3b4-nu4pk8veAE1CYZCIy_GqPNUOT -LqLl4-WMHodF7SLNzvPSqgolCC1TjnuO1ysOHlK86W7nZPyrpnideiLbGs6G51cG0pIcDIyWNm6d -9TXQTiRx87cZxRxEEFz57ftjqy3qhg_sw2ziFWOeItEO6OaOgwfH2OtMToeBWiJepyfG1eB4n7jH -OsTQLSvCt2gHI1zXyCtYBZKeZI2dxO6cOdh5ljIuS0rABHe1BP2ZkKmJIXoEPFstJlAz4GPaghL4 -8rCndhdyoW7CayzBAAe5balYq63qjqUD_eOIp-pHcEe0Mfbmzu4CDSK8-40Qia6ApskFsRCkzu1V -Pf1fH6-3rvQZFqt6irr_7HWUFhGRcXw9kBOy8h24nTawv-L6eydW5iX0pwRMz_QfHo_Krm6O
\ No newline at end of file diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.location.props b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.location.props deleted file mode 100644 index 7e154c4665..0000000000 --- a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.location.props +++ /dev/null @@ -1,20 +0,0 @@ - # ------------------------------------------------------------------------- - # Copyright (c) 2019 AT&T Intellectual Property - # - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - # - # ------------------------------------------------------------------------- - # - -cadi_latitude=0.00 -cadi_longitude=0.00 diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.props b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.props deleted file mode 100644 index c96e7f7b04..0000000000 --- a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.props +++ /dev/null @@ -1,26 +0,0 @@ - # ------------------------------------------------------------------------- - # Copyright (c) 2019 AT&T Intellectual Property - # - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - # - # ------------------------------------------------------------------------- - # - -aaf_id=oof@oof.onap.org -aaf_locate_url=https://aaf-locate:8095 -aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1 -cadi_etc_dir=/share/etc/certs/ -cadi_latitude=0.00 -cadi_longitude=0.00 -cadi_prop_files=/share/etc/certs/org.onap.oof.location.props:/share/etc/certs/org.onap.oof.cred.props -cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1 diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/truststoreONAPall.jks b/kubernetes/oof/charts/oof-cmso/resources/certs/truststoreONAPall.jks Binary files differdeleted file mode 100644 index ff844b109d..0000000000 --- a/kubernetes/oof/charts/oof-cmso/resources/certs/truststoreONAPall.jks +++ /dev/null diff --git a/kubernetes/oof/charts/oof-cmso/values.yaml b/kubernetes/oof/charts/oof-cmso/values.yaml deleted file mode 100644 index b1c3561538..0000000000 --- a/kubernetes/oof/charts/oof-cmso/values.yaml +++ /dev/null @@ -1,92 +0,0 @@ -# Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: cmso-db-root-password - name: '{{ include "common.release" . }}-cmso-db-root-password' - type: password - password: '' - policy: generate - - uid: cmso-db-secret - name: '{{ include "common.release" . }}-cmso-db-secret' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' - login: '{{ .Values.config.db.userName }}' - password: '{{ .Values.config.db.userPassword }}' - passwordPolicy: generate - -mariadb-galera: - replicaCount: 1 - nameOverride: cmso-db - service: - type: ClusterIP - name: oof-cmso-dbhost - portName: cmso-dbhost - nfsprovisionerPrefix: cmso - sdnctlPrefix: cmso - persistence: - mountSubPath: cmso/data - enabled: true - disableNfsProvisioner: true - config: - mariadbRootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password' - userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret' - mysqlDatabase: cmso - externalConfig: | - [mysqld] - lower_case_table_names = 1 - -global: - commonConfigPrefix: "oof-cmso" - truststoreFile: "truststoreONAPall.jks" - keystoreFile: "org.onap.oof.jks" - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - keystorePassword: OA7*y0PEGTma?$be2z#0$:L] - truststorePassword: - authentication: aaf-auth - busyBoxImage: busybox:1.30 - busyBoxRepository: docker.io - -flavor: small - -config: - log: - logstashServiceName: log-ls - logstashPort: 5044 - db: - # userCredentialsExternalsecret: some secret - userName: cmso-admin - # userPassword: password - -oof-cmso-service: - config: - db: - userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret' - rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password' - host: oof-cmso-dbhost - container: cmso-db - mysqlDatabase: cmso - -oof-cmso-optimizer: - config: - db: - userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret' - rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password' - host: oof-cmso-dbhost - container: cmso-db - mysqlDatabase: optimizer diff --git a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.crt b/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.crt deleted file mode 100644 index 68f474b44f..0000000000 --- a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.crt +++ /dev/null @@ -1,89 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFEDCCA/igAwIBAgIILW/fiLbps5cwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE -BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp -bnRlcm1lZGlhdGVDQV85MB4XDTIwMDQwNDE4NDMxNloXDTIxMDQwNDE4NDMxNlow -XjERMA8GA1UEAwwIb29mLm9uYXAxHTAbBgNVBAsMFG9vZkBvb2Yub25hcC5vcmc6 -REVWMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv9ebvHIAgYYtJZDvxwDLR -UlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+CLYpRbLQ -IlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8MS2XrnxB -HpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCKGUfEjKb+ -LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaHKfVxm1ZH -hvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2guGQUGsib -AgMBAAGjggHnMIIB4zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB -Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze -81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ -MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUkjCndmbyBIsg2xtiFYgeONQa8Ysw -ggEtBgNVHREEggEkMIIBIIEfbWFyay5kLm1hbmFnZXJAcGVvcGxlLm9zYWFmLmNv -bYIIb29mLm9uYXCCCWNtc28tb25hcIIcY21zby5hcGkuc2ltcGxlZGVtby5vbmFw -Lm9yZ4IJY21zby5vbmFwgghvb2YtY21zb4ISb29mLWNtc28tb3B0aW1pemVyghJv -b2YtY21zby10aWNrZXRtZ3SCEW9vZi1jbXNvLXRvcG9sb2d5ggtvb2YtaGFzLWFw -aYIQb29mLWhhcy1hcGkub25hcIIIb29mLW9uYXCCCm9vZi1vcHRlbmeCD29vZi1v -cHRlbmcub25hcIIIb29mLW9zZGaCDW9vZi1vc2RmLm9uYXCCG29vZi5hcGkuc2lt -cGxlZGVtby5vbmFwLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAHoAD6tRvFPAtUfkU -FsTO2p7lftMld0CzeAWfEln9vBXwr0ZGdNTP2TWJAcenIE1cwJavyQuDc3sZ4Z20 -/pOz1/oic9gnlVFe46/KRcwVUVXBU1EJlXB2UPU/v4MNrkWUcgqzEcxfKmBWl/My -7OlQFc7zAeqZw6XtnaLzMipaXg98M7sWnfS4t116wfwmHIkP2RY7dAp1XAbzOW+X -koFvfuj6MljxEzy8oc90SxhQHWNhWH73FxW0MuP+qf6x5PRciXIq6NJOrkG91Z0L -mksGtWU58Y7uP9DzcxaOB4cv3UpK4rx//IUnAN4/aDxLq566A5qj21ftMhHlCFg5 -GsHFjQ== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB -RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN -MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG -A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL -neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d -o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3 -nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV -v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO -15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw -gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV -M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/ -BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B -AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q -ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl -u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+ -+pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/ -QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht -8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX -kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3 -aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky -uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w -tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep -BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV -BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx -NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK -DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC -ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 -XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn -H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM -pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 -NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg -2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY -wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd -ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM -P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 -aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY -PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G -A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ -UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN -BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz -L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 -7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx -c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf -jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 -RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h -PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF -CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ -Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A -cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR -ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX -dYY= ------END CERTIFICATE----- - - diff --git a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.key b/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.key deleted file mode 100644 index a83edd1f86..0000000000 --- a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCv9ebvHIAgYYtJ -ZDvxwDLRUlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+ -CLYpRbLQIlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8 -MS2XrnxBHpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCK -GUfEjKb+LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaH -KfVxm1ZHhvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2g -uGQUGsibAgMBAAECggEAZFnZWoTmjZET3sdLaJQ0ZyyKwuFnURqyO5m6YuWTaj4Q -MFLBRJplneAQmOEGcdo5PsKcHDYM5185D6foO6GEWS86Dgqqm3TjAX0kUeRZY63V -SpyBCWWsaH+vOKeL/T5UAF5PZky6kDFGlo11cwwP0ROdcuxflkck0DopoG7vMQE0 -XvOWDn9z7WLu6hph7RnweW5Wou3VG2WSlE8i7gngAExxRFs2RxUr3UHooUX0pLOY -Qk/ofsWB6AhMD02BAIgKEWZK33+uTHUchbm3zA1sAx8vXoA5G9uSh/E+YnXbt3D0 -0wrHIJy+BW3f4WfGc7tE3HpsnLsnUwBV48DvG/zAAQKBgQD4HshYjEkT4WAVnzbe -FaivRh67sFqHvkpSA4gmNdot1Q4MeZ1I5u2lKBntbxyk72m/zA/7qw2h1PT2r430 -XA2/cV+YHCiTbPqfm0Lj+w0ht+RmF3VQB1uHWjsVvybPIeuwVLZ3hgu2Tl2oDCKd -8bKLpvj4fwZRxbp3G5VjuQztiwKBgQC1jHYVaUHkekshHG0HFPBKAEU8urSeKzoD -Y7SyrDLQwx3rqhY3v0VZntjnT47JEThECunl5Aun0YJyMs12Ex0zI7ciC9WIgbHx -Qhs/46uhKPuiEHzBsET6CX7wDBJMBIN6HrNMsSdCTmWZu6LGJSlHasEXnmKsTngF -nYdBeQATMQKBgGMvOvtaqOPPli9OhApnMhVOvH5e0vGsed0rGEPeByeHIaSPAPbh -iWIaE7M8VYEBS46mLkV2bW6hyILMTry+B6jd007lArtcNxuSXzzvYKJ39k9xVS32 -ovoKcdARp5vpfWPxmTdSWGA6F2pT34qv0aXNy3zamlYZ6p4uYpuIn8hdAoGAKL5h -MeTxeMlJWyD6BwDX/IObBkoQhv7EgkY6I28p6FghuuXtHo26jqZrn13neZB3xC1+ -2K0ZQIxwbhigq8MWZoe5bdaiEYSp3q8rVmdN+VktP+3bUcyxbjv7VPwgjxbkOt/w -9WE8olDd1Gab3UQxw2ld9GMDWhAyN3BnDnaNYcECgYBFyc/maooUp2x1SEh3UisY -vkpzYvUyHGiq2/gwm1htz8HQO75RuNY/YtxN1m9jrMArPBy6OgQ/Wk3Zi6S8HqYY -ENTUUsIVr33nJT3rOWWJ2qdAmo6kAWt/J3LPNV01MWZ2cU4DcEDF1ZVkGFVgI0ZC -h+G1ZXD4PyjI6KWhRC3JuA== ------END PRIVATE KEY-----
\ No newline at end of file diff --git a/kubernetes/oof/components/Makefile b/kubernetes/oof/components/Makefile new file mode 100755 index 0000000000..2fc0cbe4ab --- /dev/null +++ b/kubernetes/oof/components/Makefile @@ -0,0 +1,50 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/oof/charts/oof-cmso/Chart.yaml b/kubernetes/oof/components/oof-cmso/Chart.yaml index a21ed25927..a21ed25927 100644 --- a/kubernetes/oof/charts/oof-cmso/Chart.yaml +++ b/kubernetes/oof/components/oof-cmso/Chart.yaml diff --git a/kubernetes/oof/components/oof-cmso/Makefile b/kubernetes/oof/components/oof-cmso/Makefile new file mode 100644 index 0000000000..52df18adad --- /dev/null +++ b/kubernetes/oof/components/oof-cmso/Makefile @@ -0,0 +1,50 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/oof/components/oof-cmso/components/Makefile b/kubernetes/oof/components/oof-cmso/components/Makefile new file mode 100755 index 0000000000..35be2140e1 --- /dev/null +++ b/kubernetes/oof/components/oof-cmso/components/Makefile @@ -0,0 +1,50 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/Chart.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/Chart.yaml index 7b55f08569..7b55f08569 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/Chart.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/Chart.yaml diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/requirements.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/requirements.yaml new file mode 100644 index 0000000000..1d9792fa5f --- /dev/null +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/cadi.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/cadi.properties index 871341d1fa..7904e8ff86 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/cadi.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/cadi.properties @@ -3,19 +3,19 @@ # Copyright (c) 2019 AT&T Intellectual Property. # ======================================================================= # Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain a +# not use this file except in compliance with the License. You may obtain a # copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express -# or implied. See the License for the specific language governing +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express +# or implied. See the License for the specific language governing # permissions and limitations under the License. # ============LICENSE_END================================================= -# +# #------------------------------------------------------------------------------- cadi_loglevel=DEBUG -cadi_prop_files=/share/etc/certs/org.onap.oof.props +cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/liquibase.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/liquibase.properties index 32d77bb663..32d77bb663 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/liquibase.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/liquibase.properties diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/logback.xml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/logback.xml index e4386fd249..e4386fd249 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/logback.xml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/logback.xml diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/optimizer.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties index 32636f4b2e..98b7543756 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/optimizer.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties @@ -59,5 +59,5 @@ aaf.enabled=true aaf.namespace=org.onap.oof cadi_loglevel=DEBUG -cadi_prop_files=/share/etc/certs/org.onap.oof.props +cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
\ No newline at end of file diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/NOTES.txt b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/NOTES.txt index 1103affff1..1103affff1 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/NOTES.txt +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/NOTES.txt diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/configmap.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/configmap.yaml index e4d0a5c256..e4d0a5c256 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/configmap.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/configmap.yaml diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml index 15ce71b716..fd131906a2 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 AT&T +# Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -48,6 +49,20 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness + - name: {{ include "common.name" . }}-db-config-readiness + command: + - /app/ready.py + args: + - -j + - "{{ include "common.release" . }}-cmso-db-config-config-job" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-chown command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"] image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" @@ -64,17 +79,18 @@ spec: - name: DB_PORT value: {{ .Values.config.db.port | quote}} - name: DB_USERNAME - value: {{ .Values.config.db.root }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}} - name: DB_SCHEMA value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}} terminationMessagePolicy: File volumeMounts: - name: {{ include "common.fullname" . }}-config mountPath: /share/etc/config - name: {{ include "common.fullname" . }}-logs mountPath: /share/logs +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -85,21 +101,26 @@ spec: - name: DB_PORT value: {{ .Values.config.db.port | quote}} - name: DB_USERNAME - value: {{ .Values.config.db.root }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}} - name: DB_SCHEMA value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}} - name: JAVA_TRUSTSTORE - value: /share/etc/certs/{{ .Values.global.truststoreFile }} + value: /share/etc/osaaf/local/{{ .Values.global.truststoreFile }} - name: SSL_KEYSTORE - value: /share/etc/certs/{{ .Values.global.keystoreFile }} + value: /share/etc/osaaf/local/{{ .Values.global.keystoreFile }} - name: JAVA_TRUSTSTORE_PASSWORD value: {{ .Values.global.truststorePassword }} - - name: SSL_KEYSTORE_PASSWORD - value: {{ .Values.global.keystorePassword }} - name: AUTHENTICATION value: {{ .Values.global.authentication }} + command: + - /bin/sh + args: + - "-c" + - | + export SSL_KEYSTORE_PASSWORD=$(cat /share/etc/osaaf/local/.pass) + ./startService.sh ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -117,6 +138,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 8 }} - name: {{ include "common.fullname" . }}-logs mountPath: /share/logs - name: {{ include "common.fullname" . }}-logs @@ -138,6 +160,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: + {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/secret.yaml index bd7eb8ea40..bd7eb8ea40 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/secret.yaml diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/service.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/service.yaml index d0b586acf7..d0b586acf7 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/service.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/service.yaml diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml index 5de87f5be1..6b04cdb0d9 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2019 AT&T +# Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -24,12 +25,12 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/optf-cmso-optimizer:2.2.0 +image: onap/optf-cmso-optimizer:2.3.0 pullPolicy: Always #init container image dbinit: - image: onap/optf-cmso-dbinit:2.2.0 + image: onap/optf-cmso-dbinit:2.3.0 # flag to enable debugging - application support required debugEnabled: false @@ -39,11 +40,6 @@ debugEnabled: false # Secrets metaconfig ################################################################# secrets: - - uid: cmso-db-root-password - type: password - password: '{{ .Values.config.db.rootPassword }}' - externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}' - policy: required - uid: cmso-db-user-secret type: basicAuth externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' @@ -88,11 +84,10 @@ service: config: db: port: 3306 - root: root # rootPassword: pass # rootPasswordExternalSecret: some secret -# user: cmso-admin -# password: pass + user: cmso-admin + password: pass # userCredentialsExternalSecret: some-secret # host: host # container: container diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/Chart.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/Chart.yaml index 09150985db..09150985db 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/Chart.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/Chart.yaml diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/requirements.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/requirements.yaml new file mode 100644 index 0000000000..1d9792fa5f --- /dev/null +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/cadi.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cadi.properties index 871341d1fa..7904e8ff86 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/cadi.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cadi.properties @@ -3,19 +3,19 @@ # Copyright (c) 2019 AT&T Intellectual Property. # ======================================================================= # Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain a +# not use this file except in compliance with the License. You may obtain a # copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express -# or implied. See the License for the specific language governing +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express +# or implied. See the License for the specific language governing # permissions and limitations under the License. # ============LICENSE_END================================================= -# +# #------------------------------------------------------------------------------- cadi_loglevel=DEBUG -cadi_prop_files=/share/etc/certs/org.onap.oof.props +cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/cmso.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties index 68b36886e0..6525a4ee9c 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/cmso.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties @@ -108,5 +108,5 @@ aaf.enabled=true aaf.namespace=org.onap.oof cadi_loglevel=DEBUG -cadi_prop_files=/share/etc/certs/org.onap.oof.props +cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props aaf.user.roles=/share/etc/certs/AAFUserRoles.properties diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/liquibase.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/liquibase.properties index 66dad37bd8..66dad37bd8 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/liquibase.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/liquibase.properties diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/logback.xml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/logback.xml index e4386fd249..e4386fd249 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/logback.xml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/logback.xml diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/optimizer.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/optimizer.properties index 1e4a8417c4..1e4a8417c4 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/optimizer.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/optimizer.properties diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/ticketmgt.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/ticketmgt.properties index bdf483d289..bdf483d289 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/ticketmgt.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/ticketmgt.properties diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/NOTES.txt b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/NOTES.txt index 1103affff1..1103affff1 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/NOTES.txt +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/NOTES.txt diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/configmap.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/configmap.yaml index e4d0a5c256..e4d0a5c256 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/configmap.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/configmap.yaml diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml index ff37e8f218..51613a82b7 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml @@ -1,4 +1,5 @@ # Copyright (c) 2018 AT&T +# Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -48,6 +49,20 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness + - name: {{ include "common.name" . }}-db-config-readiness + command: + - /app/ready.py + args: + - -j + - "{{ include "common.release" . }}-cmso-db-config-config-job" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-chown command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"] image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" @@ -64,17 +79,18 @@ spec: - name: DB_PORT value: {{ .Values.config.db.port | quote}} - name: DB_USERNAME - value: {{ .Values.config.db.root }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}} - name: DB_SCHEMA value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}} terminationMessagePolicy: File volumeMounts: - name: {{ include "common.fullname" . }}-config mountPath: /share/etc/config - name: {{ include "common.fullname" . }}-logs mountPath: /share/logs +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: # side car containers - name: filebeat-onap @@ -115,15 +131,20 @@ spec: - name: DB_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}} - name: JAVA_TRUSTSTORE - value: /share/etc/certs/{{ .Values.global.truststoreFile }} + value: /share/etc/osaaf/local/{{ .Values.global.truststoreFile }} - name: SSL_KEYSTORE - value: /share/etc/certs/{{ .Values.global.keystoreFile }} + value: /share/etc/osaaf/local/{{ .Values.global.keystoreFile }} - name: JAVA_TRUSTSTORE_PASSWORD value: {{ .Values.global.truststorePassword }} - - name: SSL_KEYSTORE_PASSWORD - value: {{ .Values.global.keystorePassword }} - name: AUTHENTICATION value: {{ .Values.global.authentication }} + command: + - /bin/sh + args: + - "-c" + - | + export SSL_KEYSTORE_PASSWORD=$(cat /share/etc/osaaf/local/.pass) + ./startService.sh ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -141,6 +162,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 8 }} - name: {{ include "common.fullname" . }}-logs mountPath: /share/logs - name: {{ include "common.fullname" . }}-logs @@ -162,6 +184,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: + {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/secret.yaml index bd7eb8ea40..bd7eb8ea40 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/secret.yaml diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/service.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/service.yaml index d0b586acf7..d0b586acf7 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/service.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/service.yaml diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml index f8326272c6..4f4503be62 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2018-2019 AT&T +# Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -24,13 +25,13 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/optf-cmso-service:2.2.0 -robotimage: onap/optf-cmso-robot:2.2.0 +image: onap/optf-cmso-service:2.3.0 +robotimage: onap/optf-cmso-robot:2.3.0 pullPolicy: Always #init container image dbinit: - image: onap/optf-cmso-dbinit:2.2.0 + image: onap/optf-cmso-dbinit:2.3.0 # flag to enable debugging - application support required debugEnabled: false @@ -39,11 +40,6 @@ debugEnabled: false # Secrets metaconfig ################################################################# secrets: - - uid: cmso-db-root-password - type: password - password: '{{ .Values.config.db.rootPassword }}' - externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}' - policy: required - uid: cmso-db-user-secret type: basicAuth externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' @@ -88,11 +84,10 @@ service: config: db: port: 3306 - root: root # rootPassword: pass # rootPasswordExternalSecret: some secret -# user: cmso-admin -# password: pass + user: cmso-admin + password: pass # userCredentialsExternalSecret: some-secret # host: host # container: container diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/Chart.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/Chart.yaml index 030b3f63d0..030b3f63d0 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/Chart.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/Chart.yaml diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/requirements.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/requirements.yaml new file mode 100644 index 0000000000..1d9792fa5f --- /dev/null +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/cadi.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/resources/config/cadi.properties index 871341d1fa..7904e8ff86 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/cadi.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/resources/config/cadi.properties @@ -3,19 +3,19 @@ # Copyright (c) 2019 AT&T Intellectual Property. # ======================================================================= # Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain a +# not use this file except in compliance with the License. You may obtain a # copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express -# or implied. See the License for the specific language governing +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express +# or implied. See the License for the specific language governing # permissions and limitations under the License. # ============LICENSE_END================================================= -# +# #------------------------------------------------------------------------------- cadi_loglevel=DEBUG -cadi_prop_files=/share/etc/certs/org.onap.oof.props +cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/logback.xml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/resources/config/logback.xml index e4386fd249..e4386fd249 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/logback.xml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/resources/config/logback.xml diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/ticketmgt.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/resources/config/ticketmgt.properties index e8fb5b6b4f..c4c9d83dda 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/ticketmgt.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/resources/config/ticketmgt.properties @@ -1,27 +1,27 @@ #------------------------------------------------------------------------------- # Copyright 2017-2019 AT&T Intellectual Property. # Modifications Copyright 2018 IBM. -# +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -# -# +# +# # Unless otherwise specified, all documentation contained herein is licensed # under the Creative Commons License, Attribution 4.0 Intl. (the ??License?); # you may not use this documentation except in compliance with the License. # You may obtain a copy of the License at -# +# # https://creativecommons.org/licenses/by/4.0/ -# +# # Unless required by applicable law or agreed to in writing, documentation # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -29,10 +29,10 @@ # limitations under the License. #------------------------------------------------------------------------------- cadi_loglevel=DEBUG -cadi_prop_files=/share/etc/certs/org.onap.oof.props +cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props aaf.user.roles=/share/etc/certs/AAFUserRoles.properties aaf.urls=https://aaf-locate:8095 aaf.user.role.properties=/share/etc/certs/AAFUserRoles.properties aaf.enabled=true -aaf.namespace=org.onap.oof
\ No newline at end of file +aaf.namespace=org.onap.oof diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/NOTES.txt b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/templates/NOTES.txt index 1103affff1..1103affff1 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/NOTES.txt +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/templates/NOTES.txt diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/configmap.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/templates/configmap.yaml index e4d0a5c256..e4d0a5c256 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/configmap.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/templates/configmap.yaml diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/deployment.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/templates/deployment.yaml index fe2b1be8cf..8f8ca196b9 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/templates/deployment.yaml @@ -41,21 +41,27 @@ spec: volumeMounts: - name: {{ include "common.fullname" . }}-logs mountPath: /share/logs +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: JAVA_TRUSTSTORE - value: /share/etc/certs/{{ .Values.global.truststoreFile }} + value: /share/etc/osaaf/local/{{ .Values.global.truststoreFile }} - name: SSL_KEYSTORE - value: /share/etc/certs/{{ .Values.global.keystoreFile }} + value: /share/etc/osaaf/local/{{ .Values.global.keystoreFile }} - name: JAVA_TRUSTSTORE_PASSWORD value: {{ .Values.global.truststorePassword }} - - name: SSL_KEYSTORE_PASSWORD - value: {{ .Values.global.keystorePassword }} - name: AUTHENTICATION value: proprietary-auth + command: + - /bin/sh + args: + - "-c" + - | + export SSL_KEYSTORE_PASSWORD=$(cat /share/etc/osaaf/local/.pass) + ./startService.sh ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -73,6 +79,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 8 }} - name: {{ include "common.fullname" . }}-logs mountPath: /share/logs - name: {{ include "common.fullname" . }}-logs @@ -94,6 +101,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: + {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/service.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/templates/service.yaml index d0b586acf7..d0b586acf7 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/service.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/templates/service.yaml diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml index 4920113b41..1c1ae7ab43 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml @@ -24,7 +24,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/optf-cmso-ticketmgt:2.2.0 +image: onap/optf-cmso-ticketmgt:2.3.0 pullPolicy: Always diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/Chart.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/Chart.yaml index 006d6c5a2c..006d6c5a2c 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/Chart.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/Chart.yaml diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/requirements.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/requirements.yaml new file mode 100644 index 0000000000..1d9792fa5f --- /dev/null +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/cadi.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/resources/config/cadi.properties index 871341d1fa..7904e8ff86 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/cadi.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/resources/config/cadi.properties @@ -3,19 +3,19 @@ # Copyright (c) 2019 AT&T Intellectual Property. # ======================================================================= # Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain a +# not use this file except in compliance with the License. You may obtain a # copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express -# or implied. See the License for the specific language governing +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express +# or implied. See the License for the specific language governing # permissions and limitations under the License. # ============LICENSE_END================================================= -# +# #------------------------------------------------------------------------------- cadi_loglevel=DEBUG -cadi_prop_files=/share/etc/certs/org.onap.oof.props +cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/logback.xml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/resources/config/logback.xml index e4386fd249..e4386fd249 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/logback.xml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/resources/config/logback.xml diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/topology.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/resources/config/topology.properties index e8fb5b6b4f..c4c9d83dda 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/topology.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/resources/config/topology.properties @@ -1,27 +1,27 @@ #------------------------------------------------------------------------------- # Copyright 2017-2019 AT&T Intellectual Property. # Modifications Copyright 2018 IBM. -# +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -# -# +# +# # Unless otherwise specified, all documentation contained herein is licensed # under the Creative Commons License, Attribution 4.0 Intl. (the ??License?); # you may not use this documentation except in compliance with the License. # You may obtain a copy of the License at -# +# # https://creativecommons.org/licenses/by/4.0/ -# +# # Unless required by applicable law or agreed to in writing, documentation # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -29,10 +29,10 @@ # limitations under the License. #------------------------------------------------------------------------------- cadi_loglevel=DEBUG -cadi_prop_files=/share/etc/certs/org.onap.oof.props +cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props aaf.user.roles=/share/etc/certs/AAFUserRoles.properties aaf.urls=https://aaf-locate:8095 aaf.user.role.properties=/share/etc/certs/AAFUserRoles.properties aaf.enabled=true -aaf.namespace=org.onap.oof
\ No newline at end of file +aaf.namespace=org.onap.oof diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/NOTES.txt b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/templates/NOTES.txt index 1103affff1..1103affff1 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/NOTES.txt +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/templates/NOTES.txt diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/configmap.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/templates/configmap.yaml index e4d0a5c256..e4d0a5c256 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/configmap.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/templates/configmap.yaml diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/deployment.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/templates/deployment.yaml index 679140a504..fc713cd59a 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/templates/deployment.yaml @@ -41,21 +41,27 @@ spec: volumeMounts: - name: {{ include "common.fullname" . }}-logs mountPath: /share/logs +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: JAVA_TRUSTSTORE - value: /share/etc/certs/{{ .Values.global.truststoreFile }} + value: /share/etc/osaaf/local/{{ .Values.global.truststoreFile }} - name: SSL_KEYSTORE - value: /share/etc/certs/{{ .Values.global.keystoreFile }} + value: /share/etc/osaaf/local/{{ .Values.global.keystoreFile }} - name: JAVA_TRUSTSTORE_PASSWORD value: {{ .Values.global.truststorePassword }} - - name: SSL_KEYSTORE_PASSWORD - value: {{ .Values.global.keystorePassword }} - name: AUTHENTICATION value: {{ .Values.global.authentication }} + command: + - /bin/sh + args: + - "-c" + - | + export SSL_KEYSTORE_PASSWORD=$(cat /share/etc/osaaf/local/.pass) + ./startService.sh ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -73,6 +79,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 8 }} - name: {{ include "common.fullname" . }}-logs mountPath: /share/logs - name: {{ include "common.fullname" . }}-logs @@ -94,6 +101,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: + {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/service.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/templates/service.yaml index d0b586acf7..d0b586acf7 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/service.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/templates/service.yaml diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml index a8911aa910..9d5cec1014 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml @@ -24,7 +24,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/optf-cmso-topology:2.2.0 +image: onap/optf-cmso-topology:2.3.0 pullPolicy: Always diff --git a/kubernetes/oof/charts/oof-cmso/requirements.yaml b/kubernetes/oof/components/oof-cmso/requirements.yaml index d95b2e76ae..57357a6faf 100644 --- a/kubernetes/oof/charts/oof-cmso/requirements.yaml +++ b/kubernetes/oof/components/oof-cmso/requirements.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 AT&T +# Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,3 +23,22 @@ dependencies: - name: mariadb-galera version: ~6.x-0 repository: '@local' + - name: mariadb-init + version: ~6.x-0 + repository: '@local' + - name: oof-cmso-optimizer + version: ~6.x-0 + repository: 'file://components/oof-cmso-optimizer' + condition: oof-cmso-optimizer.enabled + - name: oof-cmso-service + version: ~6.x-0 + repository: 'file://components/oof-cmso-service' + condition: oof-cmso-service.enabled + - name: oof-cmso-ticketmgt + version: ~6.x-0 + repository: 'file://components/oof-cmso-ticketmgt' + condition: oof-cmso-ticketmgt.enabled + - name: oof-cmso-topology + version: ~6.x-0 + repository: 'file://components/oof-cmso-topology' + condition: oof-cmso-topology.enabled diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/AAFUserRoles.properties b/kubernetes/oof/components/oof-cmso/resources/certs/AAFUserRoles.properties index e7fc221a20..e7fc221a20 100644 --- a/kubernetes/oof/charts/oof-cmso/resources/certs/AAFUserRoles.properties +++ b/kubernetes/oof/components/oof-cmso/resources/certs/AAFUserRoles.properties diff --git a/kubernetes/oof/charts/oof-cmso/resources/log/filebeat/filebeat.yml b/kubernetes/oof/components/oof-cmso/resources/log/filebeat/filebeat.yml index 50586783e9..50586783e9 100644 --- a/kubernetes/oof/charts/oof-cmso/resources/log/filebeat/filebeat.yml +++ b/kubernetes/oof/components/oof-cmso/resources/log/filebeat/filebeat.yml diff --git a/kubernetes/oof/charts/oof-cmso/templates/configmap.yaml b/kubernetes/oof/components/oof-cmso/templates/configmap.yaml index f4a79627f6..f4a79627f6 100644 --- a/kubernetes/oof/charts/oof-cmso/templates/configmap.yaml +++ b/kubernetes/oof/components/oof-cmso/templates/configmap.yaml diff --git a/kubernetes/oof/charts/oof-cmso/templates/secret.yaml b/kubernetes/oof/components/oof-cmso/templates/secret.yaml index 3dbdd31b1f..3dbdd31b1f 100644 --- a/kubernetes/oof/charts/oof-cmso/templates/secret.yaml +++ b/kubernetes/oof/components/oof-cmso/templates/secret.yaml diff --git a/kubernetes/oof/components/oof-cmso/values.yaml b/kubernetes/oof/components/oof-cmso/values.yaml new file mode 100644 index 0000000000..e83e2dec56 --- /dev/null +++ b/kubernetes/oof/components/oof-cmso/values.yaml @@ -0,0 +1,153 @@ +# Copyright © 2018 AT&T +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: cmso-db-root-password + name: &rootPassword '{{ include "common.release" . }}-cmso-db-root-password' + type: password + password: '' + policy: generate + - uid: cmso-service-db-secret + name: &serviceDbCreds '{{ include "common.release" . }}-cmso-service-db-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.service.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.service.userName }}' + password: '{{ .Values.config.db.service.userPassword }}' + passwordPolicy: generate + - uid: cmso-db-secret + name: &optimizerDbCreds '{{ include "common.release" . }}-cmso-optimizer-db-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.optimizer.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.optimizer.userName }}' + password: '{{ .Values.config.db.optimizer.userPassword }}' + passwordPolicy: generate + +mariadb-galera: + replicaCount: 1 + nameOverride: &containerName cmso-db + service: + type: ClusterIP + name: &serviceName oof-cmso-dbhost + portName: cmso-dbhost + nfsprovisionerPrefix: cmso + sdnctlPrefix: cmso + persistence: + mountSubPath: cmso/data + enabled: true + disableNfsProvisioner: true + config: + mariadbRootPasswordExternalSecret: *rootPassword + # userCredentialsExternalSecret: *dbCreds + # mysqlDatabase: cmso + externalConfig: | + [mysqld] + lower_case_table_names = 1 + +global: + commonConfigPrefix: "oof-cmso" + truststoreFile: "truststoreONAPall.jks" + keystoreFile: "org.onap.oof.jks" + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + truststorePassword: + authentication: aaf-auth + busyBoxImage: busybox:1.30 + busyBoxRepository: docker.io + +mariadb-init: + mariadbGalera: + containerName: *containerName + serviceName: *serviceName + servicePort: 3306 + userRootSecret: *rootPassword + config: + userCredentialsExternalSecret: *serviceDbCreds + mysqlDatabase: cmso + mysqlAdditionalDatabases: + optimizer: + externalSecret: *optimizerDbCreds + nameOverride: cmso-db-config + +flavor: small + +config: + log: + logstashServiceName: log-ls + logstashPort: 5044 + db: + service: + # userCredentialsExternalsecret: some secret + userName: cmso-admin + # userPassword: password + optimizer: + userName: cmso-optimizer + +#sub-charts configuration +certInitializer: &certInitConfig + fqdn: "oof.onap" + app_ns: "org.osaaf.aaf" + fqi: "oof@oof.onap.org" + fqi_namespace: org.onap.oof + public_fqdn: "oof.onap.org" + aafDeployFqi: "deployer@people.osaaf.org" + aafDeployPass: demo123456! + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + appMountPath: /share/etc/osaaf + aaf_add_config: > + cd {{ .Values.credsPath }}; + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password_jks= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1; + find ./ -type f -exec sed -i -e 's/\/opt\/app\/osaaf\/local/\/share\/etc\/osaaf\/local/g' {} \; + +oof-cmso-service: + enabled: true + certInitializer: + << : *certInitConfig + nameOverride: oof-cmso-service-cert-initializer + config: + db: + userCredentialsExternalSecret: *serviceDbCreds + host: oof-cmso-dbhost + container: cmso-db + mysqlDatabase: cmso + +oof-cmso-optimizer: + enabled: true + certInitializer: + << : *certInitConfig + nameOverride: oof-cmso-optimizer-cert-initializer + config: + enabled: true + db: + userCredentialsExternalSecret: *optimizerDbCreds + host: oof-cmso-dbhost + container: cmso-db + mysqlDatabase: optimizer + +oof-cmso-topology: + enabled: true + certInitializer: + << : *certInitConfig + nameOverride: oof-cmso-topology-cert-initializer + +oof-cmso-ticketmgt: + enabled: true + certInitializer: + << : *certInitConfig + nameOverride: oof-cmso-ticketmgt-cert-initializer diff --git a/kubernetes/oof/charts/oof-has/Chart.yaml b/kubernetes/oof/components/oof-has/Chart.yaml index 3d507e913d..3d507e913d 100755 --- a/kubernetes/oof/charts/oof-has/Chart.yaml +++ b/kubernetes/oof/components/oof-has/Chart.yaml diff --git a/kubernetes/oof/components/oof-has/Makefile b/kubernetes/oof/components/oof-has/Makefile new file mode 100644 index 0000000000..52df18adad --- /dev/null +++ b/kubernetes/oof/components/oof-has/Makefile @@ -0,0 +1,50 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/oof/components/oof-has/components/Makefile b/kubernetes/oof/components/oof-has/components/Makefile new file mode 100755 index 0000000000..35be2140e1 --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/Makefile @@ -0,0 +1,50 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/Chart.yaml index 231021ddcd..231021ddcd 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-api/Chart.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/Chart.yaml diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml new file mode 100644 index 0000000000..1d9792fa5f --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/NOTES.txt b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/NOTES.txt index 1ec56d38b3..1ec56d38b3 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/NOTES.txt +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/NOTES.txt diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml index ce3148fe18..1538b47343 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml @@ -86,13 +86,14 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.global.curlImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/bin/bash","-c"] - args: ["/usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port={{ .Values.uwsgi.internalPort }} --die-on-term --exit-on-reload --logto /var/log/conductor/conductor-uwsgi.log --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --logfile-chown --logfile-chmod 664 --protocol=uwsgi --socket 0.0.0.0:{{ .Values.uwsgi.internalPort }}"] + args: ["/usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port={{ .Values.uwsgi.internalPort }} --die-on-term --exit-on-reload --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --protocol=uwsgi --socket 0.0.0.0:{{ .Values.uwsgi.internalPort }}"] ports: - containerPort: {{ .Values.uwsgi.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -143,18 +144,13 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/bitnami/nginx/conf/nginx.conf name: {{ .Values.global.commonConfigPrefix }}-config subPath: nginx.conf - - mountPath: /opt/bitnami/nginx/ssl/org.onap.oof.crt - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: org.onap.oof.crt - - mountPath: /opt/bitnami/nginx/ssl/org.onap.oof.key - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: org.onap.oof.key resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -166,6 +162,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: + {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime @@ -181,9 +178,5 @@ spec: path: log.conf - key: AAF_RootCA.cer path: AAF_RootCA.cer - - key: org.onap.oof.key - path: org.onap.oof.key - - key: org.onap.oof.crt - path: org.onap.oof.crt imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/ingress.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml index 0cd8cfbd36..0cd8cfbd36 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/templates/ingress.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/service.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml index 1e6486a96d..1e6486a96d 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/service.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml index b9efec0b45..f19ecb61ee 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-api/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml @@ -15,6 +15,8 @@ global: # global defaults nodePortPrefix: 302 + image: + optf_has: onap/optf-has:2.1.1 service: type: NodePort @@ -65,6 +67,23 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 +#sub-charts configuration +certInitializer: + nameOverride: oof-has-cert-initializer + fqdn: "oof.onap" + app_ns: "org.osaaf.aaf" + fqi: "oof@oof.onap.org" + fqi_namespace: org.onap.oof + public_fqdn: "oof.onap.org" + aafDeployFqi: "deployer@people.osaaf.org" + aafDeployPass: demo123456! + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + appMountPath: /opt/bitnami/nginx/ssl + aaf_add_config: > + chmod 444 {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key; + ingress: enabled: false diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/Chart.yaml index 91310cb879..91310cb879 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/Chart.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/Chart.yaml diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml new file mode 100644 index 0000000000..1967814f63 --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml index 506ff939e3..506ff939e3 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml index 0090742852..5fa0f2408e 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml @@ -12,6 +12,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +global: + readinessImage: onap/oom/readiness:3.0.1 + repository: nexus3.onap.org:10001 + image: + optf_has: onap/optf-has:2.1.1 + ingress: enabled: false replicaCount: 1 diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-data/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/Chart.yaml index 23cc3ca73c..23cc3ca73c 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-data/Chart.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/Chart.yaml diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml new file mode 100644 index 0000000000..1967814f63 --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml index 2041dd2c9d..2041dd2c9d 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml index 0090742852..5fa0f2408e 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml @@ -12,6 +12,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +global: + readinessImage: onap/oom/readiness:3.0.1 + repository: nexus3.onap.org:10001 + image: + optf_has: onap/optf-has:2.1.1 + ingress: enabled: false replicaCount: 1 diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/Chart.yaml index bc6db44850..bc6db44850 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/Chart.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/Chart.yaml diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml new file mode 100644 index 0000000000..1967814f63 --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml index 10bba9f61e..10bba9f61e 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml index 0090742852..5fa0f2408e 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml @@ -12,6 +12,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +global: + readinessImage: onap/oom/readiness:3.0.1 + repository: nexus3.onap.org:10001 + image: + optf_has: onap/optf-has:2.1.1 + ingress: enabled: false replicaCount: 1 diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/Chart.yaml index 8cedfd5b01..8cedfd5b01 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/Chart.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/Chart.yaml diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml new file mode 100644 index 0000000000..1967814f63 --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml index 55c9d362e4..55c9d362e4 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-data/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml index 0090742852..5fa0f2408e 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-data/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml @@ -12,6 +12,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +global: + readinessImage: onap/oom/readiness:3.0.1 + repository: nexus3.onap.org:10001 + image: + optf_has: onap/optf-has:2.1.1 + ingress: enabled: false replicaCount: 1 diff --git a/kubernetes/oof/components/oof-has/requirements.yaml b/kubernetes/oof/components/oof-has/requirements.yaml new file mode 100755 index 0000000000..b1e0e1a8ec --- /dev/null +++ b/kubernetes/oof/components/oof-has/requirements.yaml @@ -0,0 +1,42 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T,VMware +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: music + version: ~6.x-0 + repository: '@local' + - name: oof-has-api + version: ~6.x-0 + repository: 'file://components/oof-has-api' + condition: oof-has-api.enabled + - name: oof-has-controller + version: ~6.x-0 + repository: 'file://components/oof-has-controller' + condition: oof-has-controller.enabled + - name: oof-has-data + version: ~6.x-0 + repository: 'file://components/oof-has-data' + condition: oof-has-data.enabled + - name: oof-has-reservation + version: ~6.x-0 + repository: 'file://components/oof-has-reservation' + condition: oof-has-reservation.enabled + - name: oof-has-solver + version: ~6.x-0 + repository: 'file://components/oof-has-solver' + condition: oof-has-solver.enabled diff --git a/kubernetes/oof/charts/oof-has/resources/config/AAF_RootCA.cer b/kubernetes/oof/components/oof-has/resources/config/AAF_RootCA.cer index e9a50d7ea0..e9a50d7ea0 100755 --- a/kubernetes/oof/charts/oof-has/resources/config/AAF_RootCA.cer +++ b/kubernetes/oof/components/oof-has/resources/config/AAF_RootCA.cer diff --git a/kubernetes/oof/charts/oof-has/resources/config/aai_cert.cer b/kubernetes/oof/components/oof-has/resources/config/aai_cert.cer index 4c6eb916e6..4c6eb916e6 100755 --- a/kubernetes/oof/charts/oof-has/resources/config/aai_cert.cer +++ b/kubernetes/oof/components/oof-has/resources/config/aai_cert.cer diff --git a/kubernetes/oof/charts/oof-has/resources/config/aai_key.key b/kubernetes/oof/components/oof-has/resources/config/aai_key.key index 246ff6d8cb..246ff6d8cb 100755 --- a/kubernetes/oof/charts/oof-has/resources/config/aai_key.key +++ b/kubernetes/oof/components/oof-has/resources/config/aai_key.key diff --git a/kubernetes/oof/charts/oof-has/resources/config/bundle.pem b/kubernetes/oof/components/oof-has/resources/config/bundle.pem index 60121e751b..60121e751b 100755 --- a/kubernetes/oof/charts/oof-has/resources/config/bundle.pem +++ b/kubernetes/oof/components/oof-has/resources/config/bundle.pem diff --git a/kubernetes/oof/charts/oof-has/resources/config/conductor.conf b/kubernetes/oof/components/oof-has/resources/config/conductor.conf index 881ed22562..4c7228a301 100755 --- a/kubernetes/oof/charts/oof-has/resources/config/conductor.conf +++ b/kubernetes/oof/components/oof-has/resources/config/conductor.conf @@ -327,6 +327,8 @@ concurrent = true # Minimum value: 1 #max_translation_counter = 1 +# (string value) +opt_schema_file = /opt/has/conductor/etc/conductor/opt_schema.json [data] @@ -361,7 +363,7 @@ concurrent = true # # Extensions list to use (list value) -#extensions = aai +extensions = aai,generator [messaging_server] diff --git a/kubernetes/oof/charts/oof-has/resources/config/healthcheck.json b/kubernetes/oof/components/oof-has/resources/config/healthcheck.json index 833fa0f5d9..833fa0f5d9 100755 --- a/kubernetes/oof/charts/oof-has/resources/config/healthcheck.json +++ b/kubernetes/oof/components/oof-has/resources/config/healthcheck.json diff --git a/kubernetes/oof/charts/oof-has/resources/config/healthy.sh b/kubernetes/oof/components/oof-has/resources/config/healthy.sh index d78777ad1c..d78777ad1c 100755 --- a/kubernetes/oof/charts/oof-has/resources/config/healthy.sh +++ b/kubernetes/oof/components/oof-has/resources/config/healthy.sh diff --git a/kubernetes/oof/charts/oof-has/resources/config/log.conf b/kubernetes/oof/components/oof-has/resources/config/log.conf index c476d0b6c8..374d02abcd 100755 --- a/kubernetes/oof/charts/oof-has/resources/config/log.conf +++ b/kubernetes/oof/components/oof-has/resources/config/log.conf @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T,VMware +# Modifications Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,7 +26,7 @@ handlers=trfhand,consoleHandler,audithand,metrichand,errhand,debughand [handler_consoleHandler] class=StreamHandler -level=NOTSET +level=INFO formatter=generic args=(sys.stdout,) diff --git a/kubernetes/oof/charts/oof-has/resources/config/log/filebeat.yml b/kubernetes/oof/components/oof-has/resources/config/log/filebeat.yml index aa19dc2d22..aa19dc2d22 100755 --- a/kubernetes/oof/charts/oof-has/resources/config/log/filebeat.yml +++ b/kubernetes/oof/components/oof-has/resources/config/log/filebeat.yml diff --git a/kubernetes/oof/charts/oof-has/resources/config/nginx.conf b/kubernetes/oof/components/oof-has/resources/config/nginx.conf index 7b5c3a504c..a6790164d8 100644 --- a/kubernetes/oof/charts/oof-has/resources/config/nginx.conf +++ b/kubernetes/oof/components/oof-has/resources/config/nginx.conf @@ -13,8 +13,8 @@ http { listen 8091 ssl; server_name oof; - ssl_certificate /opt/bitnami/nginx/ssl/org.onap.oof.crt; - ssl_certificate_key /opt/bitnami/nginx/ssl/org.onap.oof.key; + ssl_certificate /opt/bitnami/nginx/ssl/local/org.onap.oof.crt; + ssl_certificate_key /opt/bitnami/nginx/ssl/local/org.onap.oof.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; diff --git a/kubernetes/oof/charts/oof-has/resources/config/onboard.json b/kubernetes/oof/components/oof-has/resources/config/onboard.json index 2c3d69be8d..2c3d69be8d 100755 --- a/kubernetes/oof/charts/oof-has/resources/config/onboard.json +++ b/kubernetes/oof/components/oof-has/resources/config/onboard.json diff --git a/kubernetes/oof/charts/oof-has/templates/configmap.yaml b/kubernetes/oof/components/oof-has/templates/configmap.yaml index 39b69a6817..39b69a6817 100755 --- a/kubernetes/oof/charts/oof-has/templates/configmap.yaml +++ b/kubernetes/oof/components/oof-has/templates/configmap.yaml diff --git a/kubernetes/oof/charts/oof-has/templates/job-healthcheck.yaml b/kubernetes/oof/components/oof-has/templates/job-healthcheck.yaml index c006eebf05..393a6bbf2e 100755 --- a/kubernetes/oof/charts/oof-has/templates/job-healthcheck.yaml +++ b/kubernetes/oof/components/oof-has/templates/job-healthcheck.yaml @@ -76,7 +76,7 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: healthcheck.json resources: -{{ toYaml .Values.resources | indent 10 }} +{{ include "common.resources" . | indent 10 }} nodeSelector: {{- if .Values.nodeSelector }} {{ toYaml .Values.nodeSelector | indent 8 }} diff --git a/kubernetes/oof/charts/oof-has/templates/job-onboard.yaml b/kubernetes/oof/components/oof-has/templates/job-onboard.yaml index 22cb5a17eb..a82435bccc 100755 --- a/kubernetes/oof/charts/oof-has/templates/job-onboard.yaml +++ b/kubernetes/oof/components/oof-has/templates/job-onboard.yaml @@ -81,7 +81,7 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: onboard.json resources: -{{ toYaml .Values.resources | indent 10 }} +{{ include "common.resources" . | indent 10 }} nodeSelector: {{- if .Values.nodeSelector }} {{ toYaml .Values.nodeSelector | indent 8 }} diff --git a/kubernetes/oof/charts/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml index a6f516c9b9..c7799cdc02 100755 --- a/kubernetes/oof/charts/oof-has/values.yaml +++ b/kubernetes/oof/components/oof-has/values.yaml @@ -23,8 +23,10 @@ global: repository: nexus3.onap.org:10001 commonConfigPrefix: onap-oof-has image: - optf_has: onap/optf-has:2.0.4 + optf_has: onap/optf-has:2.1.1 filebeat: docker.elastic.co/beats/filebeat:5.5.0 + persistence: + enabled: true pullPolicy: Always nodePortPrefix: 302 @@ -64,3 +66,16 @@ resources: memory: 2Gi cpu: 1000m unlimited: {} + +#component overrides +oof-has-api: + enabled: true +oof-has-controller: + enabled: true +oof-has-data: + enabled: true +oof-has-reservation: + enabled: true +oof-has-solver: + enabled: true + diff --git a/kubernetes/oof/requirements.yaml b/kubernetes/oof/requirements.yaml index ce567f9d3a..ebd2d8ffee 100755 --- a/kubernetes/oof/requirements.yaml +++ b/kubernetes/oof/requirements.yaml @@ -17,3 +17,14 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' + - name: oof-cmso + version: ~6.x-0 + repository: 'file://components/oof-cmso' + condition: oof-cmso.enabled + - name: oof-has + version: ~6.x-0 + repository: 'file://components/oof-has' + condition: oof-has.enabled diff --git a/kubernetes/oof/resources/config/common_config.yaml b/kubernetes/oof/resources/config/common_config.yaml index 9515f30fc0..7e8fe5dc72 100644 --- a/kubernetes/oof/resources/config/common_config.yaml +++ b/kubernetes/oof/resources/config/common_config.yaml @@ -5,7 +5,7 @@ osdf_system: external: 8698 # clients use this port on DockerHost osdf_ip_default: 0.0.0.0 # # Important Note: At deployment time, we need to ensure the port mapping is done - ssl_context: ['/opt/app/ssl_cert/org.onap.oof.crt', '/opt/app/ssl_cert/org.onap.oof.key'] + ssl_context: ['/opt/osdf/osaaf/local/org.onap.oof.crt', '/opt/osdf/osaaf/local/org.onap.oof.key'] osdf_temp: # special configuration required for "workarounds" or testing local_policies: @@ -40,12 +40,11 @@ osdf_temp: # special configuration required for "workarounds" or testing - vnfPolicy_vPGN_TD.json - affinity_vFW_TD.json - QueryPolicy_vFW_TD.json - - slice_selection_policy_dir_urllc_1: "./test/policy-local-files/" - slice_selection_policy_files_urllc_1: - - vnfPolicy_URLLC_Core_1.json - - thresholdPolicy_URLLC_Core_1.json - - subscriber_policy_URLLC_1.json + slice_selection_policy_dir_embb-nst: "./test/policy-local-files/slice-selection-files/" + slice_selection_policy_files_embb-nst: + - query_policy_nsi.json + - threshold_policy_nsi.json + - vnf_policy_nsi_shared_case.json service_info: vCPE: @@ -65,6 +64,12 @@ references: subscriber_role: source: onap.policies.optimization.SubscriberPolicy value: properties.properties.subscriberRole + resource_sharing_level: + source: request + value: serviceProfile.resourceSharingLevel + reuse_preference: + source: request + value: preferReuse policy_info: prioritization_attributes: @@ -81,10 +86,19 @@ policy_info: policy_scope: - scope: - - OSDF_FRANKFURT + - get_param: resource_sharing_level + - get_param: reuse_preference services: - get_param: service_name + subnet_selection: + policy_fetch: by_scope + policy_scope: + - scope: + - OSDF_GUILIN + services: + - get_param: service_name + placement: policy_fetch: by_scope policy_scope: @@ -103,3 +117,13 @@ policy_info: default: # if no explicit service related information is needed policy_fetch: by_name policy_scope: none + +PCI: + ML: + average_ho_threshold: 10000 + latest_ho_threshold: 500 + DES: + service_id: ho_metric + filter: + interval: 10 + ml_enabled: false diff --git a/kubernetes/oof/resources/config/log.yml b/kubernetes/oof/resources/config/log.yml new file mode 100644 index 0000000000..3966ea28c0 --- /dev/null +++ b/kubernetes/oof/resources/config/log.yml @@ -0,0 +1,101 @@ +version: 1 +disable_existing_loggers: True + +loggers: + error: + handlers: [error_handler, console_handler] + level: "WARN" + propagate: True + debug: + handlers: [debug_handler, console_handler] + level: "DEBUG" + propagate: True + metrics: + handlers: [metrics_handler, console_handler] + level: "INFO" + propagate: True + audit: + handlers: [audit_handler, console_handler] + level: "INFO" + propagate: True +handlers: + debug_handler: + level: "DEBUG" + class: "logging.handlers.TimedRotatingFileHandler" + filename: "logs/debug.log" + formatter: "debugFormat" + when: midnight + interval: 1 + utc: True + delay: False + backupCount: 10 + error_handler: + level: "WARN" + class: "logging.handlers.TimedRotatingFileHandler" + filename: "logs/error.log" + formatter: "errorFormat" + when: midnight + interval: 1 + utc: True + delay: False + backupCount: 10 + metrics_handler: + level: "INFO" + class: "logging.handlers.TimedRotatingFileHandler" + filename: "logs/metrics.log" + formatter: "metricsFormat" + when: midnight + interval: 1 + utc: True + delay: False + backupCount: 10 + audit_handler: + level: "INFO" + class: "logging.handlers.TimedRotatingFileHandler" + filename: "logs/audit.log" + formatter: "auditFormat" + when: midnight + interval: 1 + utc: True + delay: False + backupCount: 10 + console_handler: + level: "DEBUG" + class: "logging.StreamHandler" + formatter: "metricsFormat" + +formatters: + standard: + format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s" + debugFormat: + format: "%(mdc)s" + datefmt: "%Y-%m-%dT%H:%M:%S" + mdcfmt: "%(asctime)s.%(msecs)03d+00:00|{requestID}|%(threadName)s|{server}|%(levelname)s|%(message)s" + (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter + errorFormat: + format: "%(mdc)s" + datefmt: "%Y-%m-%dT%H:%M:%S" + mdcfmt: "%(asctime)s.%(msecs)03d+00:00|{requestID}|%(threadName)s|{serviceName}|{partnerName}\ + |{targetEntity}|{targetServiceName}|%(levelname)s|{errorCode}|{errorDescription}|%(message)s" + (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter + auditFormat: + format: "%(mdc)s" + datefmt: "%Y-%m-%dT%H:%M:%S" + mdcfmt: "{entryTimestamp}+00:00|%(asctime)s.%(msecs)03d+00:00|{requestID}|{serviceInstanceID}\ + |%(threadName)s|{server}|{serviceName}|{partnerName}|{statusCode}|{responseCode}|{responseDescription}\ + |{instanceUUID}|%(levelname)s|{severity}|{serverIPAddress}|{timer}|{server}|{IPAddress}||{unused}\ + |{processKey}|{customField1}|{customField2}|{customField3}|{customField4}|%(message)s" + (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter + metricsFormat: + format: "%(mdc)s" + datefmt: "%Y-%m-%dT%H:%M:%S" + mdcfmt: "{entryTimestamp}+00:00|%(asctime)s.%(msecs)03d+00:00|{requestID}|{serviceInstanceID}\ + |%(threadName)s|{server}|{serviceName}|{partnerName}|{targetEntity}|{targetServiceName}|{statusCode}|{responseCode}|{responseDescription}\ + |{instanceUUID}|%(levelname)s|{severity}|{serverIPAddress}|{timer}|{server}|{IPAddress}||{unused}\ + |{processKey}|{TargetVirtualEntity}|{customField1}|{customField2}|{customField3}|{customField4}|%(message)s" + (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter + mdcFormat: + format: "%(asctime)s.%(msecs)03d+00:00|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s" + mdcfmt: "{requestID} {invocationID} {serviceName} {serverIPAddress}" + (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter + diff --git a/kubernetes/oof/resources/config/org.onap.oof.crt b/kubernetes/oof/resources/config/org.onap.oof.crt deleted file mode 100644 index 68f474b44f..0000000000 --- a/kubernetes/oof/resources/config/org.onap.oof.crt +++ /dev/null @@ -1,89 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFEDCCA/igAwIBAgIILW/fiLbps5cwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE -BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp -bnRlcm1lZGlhdGVDQV85MB4XDTIwMDQwNDE4NDMxNloXDTIxMDQwNDE4NDMxNlow -XjERMA8GA1UEAwwIb29mLm9uYXAxHTAbBgNVBAsMFG9vZkBvb2Yub25hcC5vcmc6 -REVWMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv9ebvHIAgYYtJZDvxwDLR -UlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+CLYpRbLQ -IlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8MS2XrnxB -HpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCKGUfEjKb+ -LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaHKfVxm1ZH -hvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2guGQUGsib -AgMBAAGjggHnMIIB4zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB -Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze -81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ -MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUkjCndmbyBIsg2xtiFYgeONQa8Ysw -ggEtBgNVHREEggEkMIIBIIEfbWFyay5kLm1hbmFnZXJAcGVvcGxlLm9zYWFmLmNv -bYIIb29mLm9uYXCCCWNtc28tb25hcIIcY21zby5hcGkuc2ltcGxlZGVtby5vbmFw -Lm9yZ4IJY21zby5vbmFwgghvb2YtY21zb4ISb29mLWNtc28tb3B0aW1pemVyghJv -b2YtY21zby10aWNrZXRtZ3SCEW9vZi1jbXNvLXRvcG9sb2d5ggtvb2YtaGFzLWFw -aYIQb29mLWhhcy1hcGkub25hcIIIb29mLW9uYXCCCm9vZi1vcHRlbmeCD29vZi1v -cHRlbmcub25hcIIIb29mLW9zZGaCDW9vZi1vc2RmLm9uYXCCG29vZi5hcGkuc2lt -cGxlZGVtby5vbmFwLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAHoAD6tRvFPAtUfkU -FsTO2p7lftMld0CzeAWfEln9vBXwr0ZGdNTP2TWJAcenIE1cwJavyQuDc3sZ4Z20 -/pOz1/oic9gnlVFe46/KRcwVUVXBU1EJlXB2UPU/v4MNrkWUcgqzEcxfKmBWl/My -7OlQFc7zAeqZw6XtnaLzMipaXg98M7sWnfS4t116wfwmHIkP2RY7dAp1XAbzOW+X -koFvfuj6MljxEzy8oc90SxhQHWNhWH73FxW0MuP+qf6x5PRciXIq6NJOrkG91Z0L -mksGtWU58Y7uP9DzcxaOB4cv3UpK4rx//IUnAN4/aDxLq566A5qj21ftMhHlCFg5 -GsHFjQ== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB -RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN -MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG -A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL -neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d -o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3 -nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV -v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO -15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw -gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV -M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/ -BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B -AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q -ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl -u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+ -+pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/ -QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht -8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX -kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3 -aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky -uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w -tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep -BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV -BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx -NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK -DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC -ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 -XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn -H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM -pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 -NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg -2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY -wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd -ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM -P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 -aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY -PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G -A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ -UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN -BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz -L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 -7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx -c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf -jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 -RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h -PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF -CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ -Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A -cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR -ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX -dYY= ------END CERTIFICATE----- - - diff --git a/kubernetes/oof/resources/config/org.onap.oof.key b/kubernetes/oof/resources/config/org.onap.oof.key deleted file mode 100644 index a83edd1f86..0000000000 --- a/kubernetes/oof/resources/config/org.onap.oof.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCv9ebvHIAgYYtJ -ZDvxwDLRUlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+ -CLYpRbLQIlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8 -MS2XrnxBHpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCK -GUfEjKb+LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaH -KfVxm1ZHhvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2g -uGQUGsibAgMBAAECggEAZFnZWoTmjZET3sdLaJQ0ZyyKwuFnURqyO5m6YuWTaj4Q -MFLBRJplneAQmOEGcdo5PsKcHDYM5185D6foO6GEWS86Dgqqm3TjAX0kUeRZY63V -SpyBCWWsaH+vOKeL/T5UAF5PZky6kDFGlo11cwwP0ROdcuxflkck0DopoG7vMQE0 -XvOWDn9z7WLu6hph7RnweW5Wou3VG2WSlE8i7gngAExxRFs2RxUr3UHooUX0pLOY -Qk/ofsWB6AhMD02BAIgKEWZK33+uTHUchbm3zA1sAx8vXoA5G9uSh/E+YnXbt3D0 -0wrHIJy+BW3f4WfGc7tE3HpsnLsnUwBV48DvG/zAAQKBgQD4HshYjEkT4WAVnzbe -FaivRh67sFqHvkpSA4gmNdot1Q4MeZ1I5u2lKBntbxyk72m/zA/7qw2h1PT2r430 -XA2/cV+YHCiTbPqfm0Lj+w0ht+RmF3VQB1uHWjsVvybPIeuwVLZ3hgu2Tl2oDCKd -8bKLpvj4fwZRxbp3G5VjuQztiwKBgQC1jHYVaUHkekshHG0HFPBKAEU8urSeKzoD -Y7SyrDLQwx3rqhY3v0VZntjnT47JEThECunl5Aun0YJyMs12Ex0zI7ciC9WIgbHx -Qhs/46uhKPuiEHzBsET6CX7wDBJMBIN6HrNMsSdCTmWZu6LGJSlHasEXnmKsTngF -nYdBeQATMQKBgGMvOvtaqOPPli9OhApnMhVOvH5e0vGsed0rGEPeByeHIaSPAPbh -iWIaE7M8VYEBS46mLkV2bW6hyILMTry+B6jd007lArtcNxuSXzzvYKJ39k9xVS32 -ovoKcdARp5vpfWPxmTdSWGA6F2pT34qv0aXNy3zamlYZ6p4uYpuIn8hdAoGAKL5h -MeTxeMlJWyD6BwDX/IObBkoQhv7EgkY6I28p6FghuuXtHo26jqZrn13neZB3xC1+ -2K0ZQIxwbhigq8MWZoe5bdaiEYSp3q8rVmdN+VktP+3bUcyxbjv7VPwgjxbkOt/w -9WE8olDd1Gab3UQxw2ld9GMDWhAyN3BnDnaNYcECgYBFyc/maooUp2x1SEh3UisY -vkpzYvUyHGiq2/gwm1htz8HQO75RuNY/YtxN1m9jrMArPBy6OgQ/Wk3Zi6S8HqYY -ENTUUsIVr33nJT3rOWWJ2qdAmo6kAWt/J3LPNV01MWZ2cU4DcEDF1ZVkGFVgI0ZC -h+G1ZXD4PyjI6KWhRC3JuA== ------END PRIVATE KEY-----
\ No newline at end of file diff --git a/kubernetes/oof/resources/config/osdf_config.yaml b/kubernetes/oof/resources/config/osdf_config.yaml index b544c42e7a..5c9aa2bb64 100755 --- a/kubernetes/oof/resources/config/osdf_config.yaml +++ b/kubernetes/oof/resources/config/osdf_config.yaml @@ -48,5 +48,20 @@ configDbUrl: {{ .Values.config.configDbUrl }} configDbGetCellListUrl: {{ .Values.config.configDbGetCellListUrl }} configDbGetNbrListUrl: {{ .Values.config.configDbGetNbrListUrl }} +# AAI api +aaiUrl: {{ .Values.config.aaiUrl }} +aaiGetLinksUrl: {{ .Values.config.aaiGetLinksUrl }} +aaiServiceInstanceUrl : {{ .Values.config.aaiServiceInstanceUrl }} +aaiGetControllersUrl: {{ .Values.config.aaiGetControllersUrl }} +controllerQueryUrl: {{ .Values.config.controllerQueryUrl }} +aaiGetInterDomainLinksUrl: {{ .Values.config.aaiGetInterDomainLinksUrl }} + +#DES api +desUrl: {{ .Values.config.desUrl }} +desApiPath: {{ .Values.config.desApiPath }} +desHeaders: + Accept: application/json + Content-Type: application/json + #key appkey: '' diff --git a/kubernetes/oof/templates/deployment.yaml b/kubernetes/oof/templates/deployment.yaml index 750c3d1e04..76d1a62604 100644 --- a/kubernetes/oof/templates/deployment.yaml +++ b/kubernetes/oof/templates/deployment.yaml @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T,VMware +# Modifications Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -67,7 +68,7 @@ spec: image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.global.curlImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-osdf-sms-readiness - +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -90,6 +91,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -99,15 +101,12 @@ spec: - mountPath: /opt/app/ssl_cert/aaf_root_ca.cer name: {{ include "common.fullname" . }}-config subPath: aaf_root_ca.cer - - mountPath: /opt/app/ssl_cert/org.onap.oof.crt - name: {{ include "common.fullname" . }}-config - subPath: org.onap.oof.crt - - mountPath: /opt/app/ssl_cert/org.onap.oof.key - name: {{ include "common.fullname" . }}-config - subPath: org.onap.oof.key - mountPath: /opt/osdf/config/common_config.yaml name: {{ include "common.fullname" . }}-config subPath: common_config.yaml + - mountPath: /opt/osdf/config/log.yml + name: {{ include "common.fullname" . }}-config + subPath: log.yml resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -120,6 +119,7 @@ spec: {{- end }} volumes: + {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime @@ -133,9 +133,7 @@ spec: path: aaf_root_ca.cer - key: common_config.yaml path: common_config.yaml - - key: org.onap.oof.crt - path: org.onap.oof.crt - - key: org.onap.oof.key - path: org.onap.oof.key + - key: log.yml + path: log.yml imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml index e7660ada01..0dc035494b 100644 --- a/kubernetes/oof/values.yaml +++ b/kubernetes/oof/values.yaml @@ -26,7 +26,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/optf-osdf:2.0.4 +image: onap/optf-osdf:3.0.0 pullPolicy: Always # flag to enable debugging - application support required @@ -78,12 +78,41 @@ config: configDbUrl: http://config.db.url:8080 configDbGetCellListUrl: 'SDNCConfigDBAPI/getCellList' configDbGetNbrListUrl: 'SDNCConfigDBAPI/getNbrList' + #aai api + aaiUrl: https://aai:8443 + aaiGetLinksUrl: /aai/v16/network/logical-links + aaiServiceInstanceUrl : /aai/v20/nodes/service-instances/service-instance/ + aaiGetControllersUrl: /aai/v19/external-system/esr-thirdparty-sdnc-list + controllerQueryUrl: /aai/v19/query?format=resource + aaiGetInterDomainLinksUrl: /aai/v19/network/logical-links?link-type=inter-domain&operational-status=up + #des api + desUrl: https://des.url:9000 + desApiPath: /datalake/v1/exposure/ + # default number of instances replicaCount: 1 nodeSelector: {} affinity: {} # Resource Limit flavor -By Default using small flavor: small + +#sub-charts configuration +certInitializer: + nameOverride: oof-osdf-cert-initializer + fqdn: "oof.onap" + app_ns: "org.osaaf.aaf" + fqi: "oof@oof.onap.org" + fqi_namespace: org.onap.oof + public_fqdn: "oof.onap.org" + aafDeployFqi: "deployer@people.osaaf.org" + aafDeployPass: demo123456! + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + appMountPath: /opt/osdf/osaaf + aaf_add_config: > + chmod 444 {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key; + # Segregation for Different environment (Small and Large) resources: small: @@ -125,3 +154,10 @@ ingress: port: 8698 config: ssl: "redirect" + +#component overrides + +oof-cmso: + enabled: true +oof-has: + enabled: true diff --git a/kubernetes/platform/.gitignore b/kubernetes/platform/.gitignore new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/kubernetes/platform/.gitignore diff --git a/kubernetes/sdc/charts/sdc-wfd-be/.helmignore b/kubernetes/platform/.helmignore index f0c1319444..c13e3c8fbb 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/.helmignore +++ b/kubernetes/platform/.helmignore @@ -18,4 +18,4 @@ # Various IDEs .project .idea/ -*.tmproj +*.tmproj
\ No newline at end of file diff --git a/kubernetes/portal/components/portal-zookeeper/Chart.yaml b/kubernetes/platform/Chart.yaml index 8a81b5763f..000f3b3fda 100644 --- a/kubernetes/portal/components/portal-zookeeper/Chart.yaml +++ b/kubernetes/platform/Chart.yaml @@ -1,5 +1,6 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Copyright © 2018 ZTE +# Modifications Copyright © 2018 AT&T, Amdocs, Bell Canada +# Modifications Copyright © 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,6 +15,6 @@ # limitations under the License. apiVersion: v1 -description: Zookeeper for ONAP Portal -name: portal-zookeeper +description: ONAP platform components +name: platform version: 6.0.0 diff --git a/kubernetes/platform/Makefile b/kubernetes/platform/Makefile new file mode 100644 index 0000000000..d3fa8b70d1 --- /dev/null +++ b/kubernetes/platform/Makefile @@ -0,0 +1,55 @@ +# Copyright © 2020 Samsung Electronics, Orange, Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/platform/components/Makefile b/kubernetes/platform/components/Makefile new file mode 100644 index 0000000000..cf69fa68be --- /dev/null +++ b/kubernetes/platform/components/Makefile @@ -0,0 +1,56 @@ +# Copyright © 2020 Samsung Electronics +# Modifications Copyright © 2020 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/.helmignore b/kubernetes/platform/components/oom-cert-service/.helmignore index f0c1319444..50af031725 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/.helmignore +++ b/kubernetes/platform/components/oom-cert-service/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +.vscode/ diff --git a/kubernetes/aaf/components/aaf-cert-service/Chart.yaml b/kubernetes/platform/components/oom-cert-service/Chart.yaml index 525b2ac4b6..dd99988868 100644 --- a/kubernetes/aaf/components/aaf-cert-service/Chart.yaml +++ b/kubernetes/platform/components/oom-cert-service/Chart.yaml @@ -13,6 +13,6 @@ # limitations under the License. apiVersion: v1 -description: ONAP AAF Cert Service -name: aaf-cert-service -version: 6.0.0 +description: ONAP Cert Service +name: oom-cert-service +version: 6.0.0
\ No newline at end of file diff --git a/kubernetes/platform/components/oom-cert-service/Makefile b/kubernetes/platform/components/oom-cert-service/Makefile new file mode 100644 index 0000000000..c4723dfdd1 --- /dev/null +++ b/kubernetes/platform/components/oom-cert-service/Makefile @@ -0,0 +1,148 @@ +CERTS_DIR = resources +CURRENT_DIR := ${CURDIR} +DOCKER_CONTAINER = generate-certs +DOCKER_EXEC = docker exec ${DOCKER_CONTAINER} + +all: start_docker \ + clear_all \ + root_generate_keys \ + root_create_certificate \ + root_self_sign_certificate \ + client_generate_keys \ + client_generate_csr \ + client_sign_certificate_by_root \ + client_import_root_certificate \ + client_convert_certificate_to_jks \ + server_generate_keys \ + server_generate_csr \ + server_sign_certificate_by_root \ + server_import_root_certificate \ + server_convert_certificate_to_jks \ + server_convert_certificate_to_p12 \ + clear_unused_files \ + stop_docker + +.PHONY: all + +# Starts docker container for generating certificates - deletes first, if already running +start_docker: + @make stop_docker + docker run -d --rm --name ${DOCKER_CONTAINER} --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/certs -w /certs docker.io/openjdk:11-jre-slim tail -f /dev/null + +# Stops docker container for generating certificates. 'true' is used to return 0 status code, if container is already deleted +stop_docker: + docker rm ${DOCKER_CONTAINER} -f 1>/dev/null || true + +#Clear all files related to certificates +clear_all: + @make clear_existing_certificates + @make clear_unused_files + +#Clear certificates +clear_existing_certificates: + @echo "Clear certificates" + ${DOCKER_EXEC} rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12 + @echo "#####done#####" + +#Generate root private and public keys +root_generate_keys: + @echo "Generate root private and public keys" + ${DOCKER_EXEC} keytool -genkeypair -v -alias root -keyalg RSA -keysize 4096 -validity 3650 -keystore root-keystore.jks \ + -dname "CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL" -keypass secret \ + -storepass secret -ext BasicConstraints:critical="ca:true" + @echo "#####done#####" + +#Export public key as certificate +root_create_certificate: + @echo "(Export public key as certificate)" + ${DOCKER_EXEC} keytool -exportcert -alias root -keystore root-keystore.jks -storepass secret -file root.crt -rfc + @echo "#####done#####" + +#Self-signed root (import root certificate into truststore) +root_self_sign_certificate: + @echo "(Self-signed root (import root certificate into truststore))" + ${DOCKER_EXEC} keytool -importcert -alias root -keystore truststore.jks -file root.crt -storepass secret -noprompt + @echo "#####done#####" + +#Generate certService's client private and public keys +client_generate_keys: + @echo "Generate certService's client private and public keys" + ${DOCKER_EXEC} keytool -genkeypair -v -alias certServiceClient -keyalg RSA -keysize 2048 -validity 365 \ + -keystore certServiceClient-keystore.jks -storetype JKS \ + -dname "CN=certServiceClient.com,OU=certServiceClient company,O=certServiceClient org,L=Wroclaw,ST=Dolny Slask,C=PL" \ + -keypass secret -storepass secret + @echo "####done####" + +#Generate certificate signing request for certService's client +client_generate_csr: + @echo "Generate certificate signing request for certService's client" + ${DOCKER_EXEC} keytool -certreq -keystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -file certServiceClient.csr + @echo "####done####" + +#Sign certService's client certificate by root CA +client_sign_certificate_by_root: + @echo "Sign certService's client certificate by root CA" + ${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceClient.csr \ + -outfile certServiceClientByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" + @echo "####done####" + +#Import root certificate into client +client_import_root_certificate: + @echo "Import root certificate into intermediate" + ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceClientByRoot.crt" + @echo "####done####" + +#Import signed certificate into certService's client +client_convert_certificate_to_jks: + @echo "Import signed certificate into certService's client" + ${DOCKER_EXEC} keytool -importcert -file certServiceClientByRoot.crt -destkeystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -noprompt + @echo "####done####" + +#Generate certService private and public keys +server_generate_keys: + @echo "Generate certService private and public keys" + ${DOCKER_EXEC} keytool -genkeypair -v -alias oom-cert-service -keyalg RSA -keysize 2048 -validity 365 \ + -keystore certServiceServer-keystore.jks -storetype JKS \ + -dname "CN=oom-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \ + -keypass secret -storepass secret -ext BasicConstraints:critical="ca:false" + @echo "####done####" + +#Generate certificate signing request for certService +server_generate_csr: + @echo "Generate certificate signing request for certService" + ${DOCKER_EXEC} keytool -certreq -keystore certServiceServer-keystore.jks -alias oom-cert-service -storepass secret -file certServiceServer.csr + @echo "####done####" + +#Sign certService certificate by root CA +server_sign_certificate_by_root: + @echo "Sign certService certificate by root CA" + ${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \ + -outfile certServiceServerByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" \ + -ext SubjectAlternativeName:="DNS:oom-cert-service,DNS:localhost" + @echo "####done####" + +#Import root certificate into server +server_import_root_certificate: + @echo "Import root certificate into intermediate(server)" + ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceServerByRoot.crt" + @echo "####done####" + +#Import signed certificate into certService +server_convert_certificate_to_jks: + @echo "Import signed certificate into certService" + ${DOCKER_EXEC} keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias oom-cert-service \ + -storepass secret -noprompt + @echo "####done####" + +#Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12) +server_convert_certificate_to_p12: + @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)" + ${DOCKER_EXEC} keytool -importkeystore -srckeystore certServiceServer-keystore.jks -srcstorepass secret \ + -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret + @echo "#####done#####" + +#Clear unused certificates +clear_unused_files: + @echo "Clear unused certificates" + ${DOCKER_EXEC} rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr + @echo "#####done#####" diff --git a/kubernetes/aaf/components/aaf-cert-service/requirements.yaml b/kubernetes/platform/components/oom-cert-service/requirements.yaml index 6afaa06e8a..6afaa06e8a 100644 --- a/kubernetes/aaf/components/aaf-cert-service/requirements.yaml +++ b/kubernetes/platform/components/oom-cert-service/requirements.yaml diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/default/cmpServers.json b/kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json index 358f2a82c7..358f2a82c7 100644 --- a/kubernetes/aaf/components/aaf-cert-service/resources/default/cmpServers.json +++ b/kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/test/cmpServers.json b/kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json index 06e1087f60..06e1087f60 100644 --- a/kubernetes/aaf/components/aaf-cert-service/resources/test/cmpServers.json +++ b/kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json diff --git a/kubernetes/aaf/components/aaf-cert-service/templates/deployment.yaml b/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml index 666e83c5f8..a6ce2825ec 100644 --- a/kubernetes/aaf/components/aaf-cert-service/templates/deployment.yaml +++ b/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml @@ -1,4 +1,4 @@ -# Copyright © 2020, Nokia +{{/*# Copyright © 2020, Nokia # Modifications Copyright © 2020, Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,7 +11,7 @@ # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and -# limitations under the License. +# limitations under the License.*/}} {{- if .Values.global.cmpv2Enabled }} apiVersion: apps/v1 diff --git a/kubernetes/aaf/components/aaf-cert-service/templates/secret.yaml b/kubernetes/platform/components/oom-cert-service/templates/secret.yaml index ac92f56487..280922a014 100644 --- a/kubernetes/aaf/components/aaf-cert-service/templates/secret.yaml +++ b/kubernetes/platform/components/oom-cert-service/templates/secret.yaml @@ -1,4 +1,4 @@ -# Copyright © 2020, Nokia +{{/*# Copyright © 2020, Nokia # Modifications Copyright © 2020, Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,7 +11,7 @@ # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and -# limitations under the License. +# limitations under the License.*/}} {{- if .Values.global.cmpv2Enabled }} {{ include "common.secretFast" . }} @@ -31,7 +31,7 @@ data: apiVersion: v1 kind: Secret metadata: - name: {{ .Values.global.aaf.certServiceClient.secret.name | default .Values.tls.client.secret.defaultName }} + name: {{ .Values.global.certService.certServiceClient.secret.name | default .Values.tls.client.secret.defaultName }} type: Opaque data: certServiceClient-keystore.jks: diff --git a/kubernetes/aaf/components/aaf-cert-service/templates/service.yaml b/kubernetes/platform/components/oom-cert-service/templates/service.yaml index 60e2afa41d..5ae6b36dad 100644 --- a/kubernetes/aaf/components/aaf-cert-service/templates/service.yaml +++ b/kubernetes/platform/components/oom-cert-service/templates/service.yaml @@ -1,4 +1,4 @@ -# Copyright © 2020, Nokia +{{/*# Copyright © 2020, Nokia # Modifications Copyright © 2020, Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,7 +11,7 @@ # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and -# limitations under the License. +# limitations under the License.*/}} {{- if .Values.global.cmpv2Enabled }} {{ include "common.service" . }} {{ end -}}
\ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml index 9345edf9c3..3ab9895037 100644 --- a/kubernetes/aaf/components/aaf-cert-service/values.yaml +++ b/kubernetes/platform/components/oom-cert-service/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2020, Nokia # Modifications Copyright © 2020, Nordix Foundation, Orange +# Modifications Copyright © 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -46,7 +47,7 @@ service: # Deployment configuration repository: nexus3.onap.org:10001 -image: onap/org.onap.aaf.certservice.aaf-certservice-api:1.2.0 +image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0 pullPolicy: Always replicaCount: 1 @@ -81,21 +82,21 @@ resources: # Application configuration cmpServers: secret: - name: aaf-cert-service-secret + name: oom-cert-service-secret volume: - name: aaf-cert-service-volume - mountPath: /etc/onap/aaf/certservice + name: oom-cert-service-volume + mountPath: /etc/onap/oom/certservice tls: server: secret: - name: aaf-cert-service-server-tls-secret + name: oom-cert-service-server-tls-secret volume: - name: aaf-cert-service-server-tls-volume - mountPath: /etc/onap/aaf/certservice/certs/ + name: oom-cert-service-server-tls-volume + mountPath: /etc/onap/oom/certservice/certs/ client: secret: - defaultName: aaf-cert-service-client-tls-secret + defaultName: oom-cert-service-client-tls-secret envs: keystore: @@ -116,9 +117,10 @@ credentials: #truststorePasswordExternalSecret: # Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled cmp: - #clientIakExternalSecret: + # Used only if cmpv2 testing is enabled + clientIakExternalSecret: '{{ include "common.release" . }}-ejbca-client-iak' #clientRvExternalSecret: - #raIakExternalSecret: + raIakExternalSecret: '{{ include "common.release" . }}-ejbca-ra-iak' #raRvExternalSecret: client: {} # iak: mypassword diff --git a/kubernetes/clamp/charts/clamp-backend/requirements.yaml b/kubernetes/platform/requirements.yaml index d3c442d32e..648197898d 100644 --- a/kubernetes/clamp/charts/clamp-backend/requirements.yaml +++ b/kubernetes/platform/requirements.yaml @@ -1,5 +1,7 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2020 Orange +# Modifications Copyright © 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,9 +16,6 @@ # limitations under the License. dependencies: - - name: common + - name: oom-cert-service version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local' + repository: 'file://components/oom-cert-service'
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/values.yaml b/kubernetes/platform/values.yaml index ec5dc98893..687fb6151e 100644 --- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/values.yaml +++ b/kubernetes/platform/values.yaml @@ -1,4 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 AT&T +# Modifications Copyright © 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,27 +17,44 @@ ################################################################# # Global configuration defaults. ################################################################# + global: nodePortPrefix: 302 - readinessImage: onap/oom/readiness:3.0.1 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + # Use Local + #pullPolicy: IfNotPresent + #repository: "nexus3.onap.org:10003" + + cmpv2Enabled: true + addTestingComponents: false + + certService: + certServiceClient: + secret: + name: oom-cert-service-client-tls-secret ################################################################# # Application configuration defaults. ################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/dcae-tosca-app:1.3.3 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -config: - javaOptions: -XX:MaxPermSize=256m -Xmx1024m - cassandraSslEnabled: "false" +flavor: small # default number of instances replicaCount: 1 @@ -45,45 +64,16 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 10 + initialDelaySeconds: 350 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container - enabled: false + enabled: true readiness: - initialDelaySeconds: 10 + initialDelaySeconds: 150 periodSeconds: 10 -service: - type: ClusterIP - name: sdc-dcae-tosca-lab - portName: sdc-dcae-tosca-lab-8085 - externalPort: 8085 - internalPort: 8085 - portName2: sdc-dcae-tosca-lab-8445 - externalPort2: 8445 - internalPort2: 8445 +persistence: {} -ingress: - enabled: false - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 1 - memory: 4Gi - requests: - cpu: 10m - memory: 1Gi - large: - limits: - cpu: 2 - memory: 8Gi - requests: - cpu: 20m - memory: 2Gi - unlimited: {} +resources: {} diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml index 79fed0c79c..e149aa596a 100755 --- a/kubernetes/policy/components/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml @@ -52,7 +52,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-apex-pdp:2.4.0 +image: onap/policy-apex-pdp:2.4.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-api/resources/config/config.json b/kubernetes/policy/components/policy-api/resources/config/config.json index 8db1f5a99f..cdc477c3e1 100755 --- a/kubernetes/policy/components/policy-api/resources/config/config.json +++ b/kubernetes/policy/components/policy-api/resources/config/config.json @@ -35,7 +35,7 @@ "persistenceUnit": "PolicyMariaDb" }, "preloadPolicyTypes": [ - "policytypes/onap.policies.monitoring.cdap.tca.hi.lo.app.yaml", + "policytypes/onap.policies.monitoring.tcagen2.yaml", "policytypes/onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml", "policytypes/onap.policies.Optimization.yaml", "policytypes/onap.policies.optimization.Resource.yaml", @@ -53,9 +53,10 @@ "policytypes/onap.policies.controlloop.guard.common.Blacklist.yaml", "policytypes/onap.policies.controlloop.guard.common.FrequencyLimiter.yaml", "policytypes/onap.policies.controlloop.guard.common.MinMax.yaml", + "policytypes/onap.policies.controlloop.guard.common.Filter.yaml", "policytypes/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.yaml", - "policytypes/onap.policies.controlloop.Operational.yaml", "policytypes/onap.policies.Naming.yaml", + "policytypes/onap.policies.Match.yaml", "policytypes/onap.policies.native.Drools.yaml", "policytypes/onap.policies.native.Xacml.yaml", "policytypes/onap.policies.native.Apex.yaml", diff --git a/kubernetes/policy/components/policy-api/templates/deployment.yaml b/kubernetes/policy/components/policy-api/templates/deployment.yaml index f4360063be..5774344fd3 100755 --- a/kubernetes/policy/components/policy-api/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-api/templates/deployment.yaml @@ -64,7 +64,6 @@ spec: {{- if .Values.global.aafEnabled }} command: ["bash","-c"] args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ - cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\ /opt/app/policy/api/bin/policy-api.sh /opt/app/policy/api/etc/mounted/config.json"] {{- else }} command: ["/opt/app/policy/api/bin/policy-api.sh"] diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml index e6f68cba99..a94031ac95 100755 --- a/kubernetes/policy/components/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@ -84,7 +84,7 @@ certInitializer: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-api:2.3.0 +image: onap/policy-api:2.3.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-distribution/templates/deployment.yaml b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml index add085f94d..414d617f77 100755 --- a/kubernetes/policy/components/policy-distribution/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml @@ -76,7 +76,6 @@ spec: {{- if .Values.global.aafEnabled }} command: ["bash","-c"] args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ - cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\ /opt/app/policy/distribution/bin/policy-dist.sh /opt/app/policy/distribution/etc/mounted/config.json"] {{- else }} command: ["/opt/app/policy/distribution/bin/policy-dist.sh"] diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml index e437de06aa..9d20941773 100755 --- a/kubernetes/policy/components/policy-distribution/values.yaml +++ b/kubernetes/policy/components/policy-distribution/values.yaml @@ -70,7 +70,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-distribution:2.4.0 +image: onap/policy-distribution:2.4.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf index 184ae9aee7..a0f5ceb777 100755 --- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf @@ -57,6 +57,7 @@ PDPD_CONFIGURATION_PARTITION_KEY= POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP POLICY_PDP_PAP_GROUP=defaultGroup +POLICY_PDP_PAP_POLICYTYPES=onap.policies.controlloop.operational.common.Drools # Symmetric Key for encoded sensitive data diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf b/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf index bb2b90c1a7..17efdbc44e 100755 --- a/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf @@ -16,7 +16,10 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +{{- if not .Values.global.aafEnabled }} KEYSTORE_PASSWD={{.Values.keystore.password}} +{{- end }} + TRUSTSTORE_PASSWD={{.Values.truststore.password}} TELEMETRY_USER={{.Values.telemetry.user}} diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/secrets.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/secrets.yaml index 7fb84b5ddc..29f2ef2215 100755 --- a/kubernetes/policy/components/policy-drools-pdp/templates/secrets.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/secrets.yaml @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} --- apiVersion: v1 kind: Secret diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml index eb1ef4203a..1498d273b2 100755 --- a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml @@ -74,6 +74,7 @@ spec: command: ["bash","-c"] args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \ source {{ .Values.certInitializer.credsPath }}/.ci; fi;\ + cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\ /opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"] ports: - containerPort: {{ .Values.service.externalPort }} @@ -94,9 +95,9 @@ spec: - name: REPLICAS value: "{{ .Values.replicaCount }}" - name: SQL_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} - name: SQL_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml index 8a8e3c23a4..5e8c8be179 100755 --- a/kubernetes/policy/components/policy-drools-pdp/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -39,7 +39,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pdpd-cl:1.7.0 +image: onap/policy-pdpd-cl:1.7.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml index 57812d4add..f07ed4a7ba 100755 --- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml @@ -78,7 +78,6 @@ spec: {{- if .Values.global.aafEnabled }} command: ["bash","-c"] args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ - cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\ /opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/config.json"] {{- else }} command: ["/opt/app/policy/pap/bin/policy-pap.sh"] diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index 34e322ce76..008fefd1a9 100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -98,7 +98,7 @@ certInitializer: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pap:2.3.0 +image: onap/policy-pap:2.3.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml index fe8c74d4cc..40f0fab1b5 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml @@ -86,7 +86,6 @@ spec: {{- if .Values.global.aafEnabled }} command: ["bash","-c"] args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ - cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\ /opt/app/policy/pdpx/bin/policy-pdpx.sh /opt/app/policy/pdpx/etc/mounted/config.json"] {{- else }} command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"] @@ -120,8 +119,6 @@ spec: readOnly: true - mountPath: /opt/app/policy/pdpx/etc/mounted name: pdpxconfig-processed - emptyDir: - medium: Memory resources: {{ include "common.resources" . }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index e7984fb9cc..81196e1236 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -89,7 +89,7 @@ certInitializer: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-xacml-pdp:2.3.0 +image: onap/policy-xacml-pdp:2.3.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml index aea18a604e..463877b96a 100755 --- a/kubernetes/policy/templates/job.yaml +++ b/kubernetes/policy/templates/job.yaml @@ -65,6 +65,8 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: MYSQL_PORT value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}" + resources: +{{ include "common.resources" . }} restartPolicy: Never volumes: - name: {{ include "common.fullname" . }}-config diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index b337383485..714f9d928c 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -69,7 +69,7 @@ policy-distribution: enabled: true db: *dbSecretsHook policy-nexus: - enabled: true + enabled: false ################################################################# # DB configuration defaults. @@ -122,3 +122,23 @@ mariadb-galera: [mysqld] lower_case_table_names = 1 +# Resource Limit flavor -By Default using small +# Segregation for Different environment (small, large, or unlimited) +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} + diff --git a/kubernetes/pomba/charts/pomba-search-data/resources/config/log/logback.xml b/kubernetes/pomba/charts/pomba-search-data/resources/config/log/logback.xml index bfca544fe0..f84d1bbbb0 100644 --- a/kubernetes/pomba/charts/pomba-search-data/resources/config/log/logback.xml +++ b/kubernetes/pomba/charts/pomba-search-data/resources/config/log/logback.xml @@ -163,6 +163,7 @@ <root> <appender-ref ref="asyncEELF" /> + <appender-ref ref="STDOUT" /> <!-- <appender-ref ref="asyncEELFDebug" /> --> </root> diff --git a/kubernetes/portal/Makefile b/kubernetes/portal/Makefile index 8af301d7ae..248fb056ab 100644 --- a/kubernetes/portal/Makefile +++ b/kubernetes/portal/Makefile @@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts docker HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -39,7 +40,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/portal/components/Makefile b/kubernetes/portal/components/Makefile index 2fc0cbe4ab..02371366f6 100644 --- a/kubernetes/portal/components/Makefile +++ b/kubernetes/portal/components/Makefile @@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -39,7 +40,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/key.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/key.properties new file mode 100644 index 0000000000..368cbe75b8 --- /dev/null +++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/key.properties @@ -0,0 +1,2 @@ +# Encrypted Properties +cipher.enc.key = ${CIPHER_ENC_KEY} diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml index 99fe917de5..ece708914e 100644 --- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml +++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml @@ -40,6 +40,8 @@ <!-- specify the component name -->
<property name="componentName" value="onapportal"></property>
+ <!-- specify the application name -->
+ <property name="application_name" value="Portal"></property>
<!-- specify the base path of the log directory -->
<property name="logDirPrefix" value="/var/log/onap"></property>
@@ -67,7 +69,7 @@ value="%X{MetricsLogBeginTimestamp}|%X{MetricsLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVisualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />
<property name="errorLoggerPattern"
- value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ClassName}|%X{AlertSeverity}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />
+ value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{AlertSeverity}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />
<property name="defaultLoggerPattern"
value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ClassName}| %msg%n" />
@@ -274,15 +276,15 @@ <appender-ref ref="asyncEELFServer" /> </logger> <logger name="com.att.eelf.policy"
level="info" additivity="false"> <appender-ref ref="asyncEELFPolicy" /> </logger> -->
- <logger name="com.att.eelf.audit" level="info" additivity="false">
+ <logger name="EELFAudit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
- <logger name="com.att.eelf.metrics" level="info" additivity="false">
+ <logger name="EELFMetrics" level="info" additivity="false">
<appender-ref ref="asyncEELFMetrics" />
</logger>
- <logger name="com.att.eelf.error" level="info" additivity="false">
+ <logger name="EELFError" level="info" additivity="false">
<appender-ref ref="asyncEELFError" />
</logger>
@@ -292,6 +294,7 @@ <root level="INFO">
<appender-ref ref="asyncEELF" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties index 6981fb05bc..e0724c6d06 100644 --- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties +++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties @@ -27,8 +27,7 @@ music.serialize.compress = true #By default it's eventual music.atomic.get = false -music.atomic.put = true +music.atomic.put = false cassandra.host={{.Values.cassandra.service.name}} -zookeeper.host={{.Values.zookeeper.service.name}} -cassandra.user={{.Values.cassandra.config.cassandraUsername}} -cassandra.password={{.Values.cassandra.config.cassandraPassword}} +cassandra.user=${CASSA_USER} +cassandra.password=${CASSA_PASSWORD} diff --git a/kubernetes/portal/components/portal-app/templates/deployment.yaml b/kubernetes/portal/components/portal-app/templates/deployment.yaml index 6964715ef1..0be1fdc91f 100644 --- a/kubernetes/portal/components/portal-app/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-app/templates/deployment.yaml @@ -49,6 +49,23 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-portal-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/bin/sh"] + args: [ "-c", "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"] + env: + - name: CASSA_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "login") | indent 12 }} + - name: CASSA_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }} + - name: CIPHER_ENC_KEY + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }} + volumeMounts: + - mountPath: /config-input + name: properties-onapportal-scrubbed + - mountPath: /config + name: properties-onapportal {{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} @@ -103,6 +120,9 @@ spec: mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/portal.properties" subPath: portal.properties - name: properties-onapportal + mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/key.properties" + subPath: key.properties + - name: properties-onapportal mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/music.properties" subPath: music.properties - name: properties-onapportal @@ -114,6 +134,8 @@ spec: - name: properties-onapportal mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/web.xml" subPath: web.xml + - name: properties-onapportal + mountPath: "{{ .Values.global.env.tomcatDir }}/temp" - name: var-log-onap mountPath: /var/log/onap resources: @@ -122,7 +144,7 @@ spec: nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} {{- end -}} - {{- if .Values.affinity }} +{{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} @@ -143,6 +165,9 @@ spec: hostPath: path: /etc/localtime - name: properties-onapportal + emptyDir: + medium: Memory + - name: properties-onapportal-scrubbed configMap: name: {{ include "common.fullname" . }}-onapportal defaultMode: 0755 diff --git a/kubernetes/portal/components/portal-app/values.yaml b/kubernetes/portal/components/portal-app/values.yaml index bf02948a7a..55a7ccca38 100644 --- a/kubernetes/portal/components/portal-app/values.yaml +++ b/kubernetes/portal/components/portal-app/values.yaml @@ -23,9 +23,27 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + envsubstImage: dibi/envsubst #AAF service aafEnabled: true +################################################################ +# Secrets metaconfig +################################################################# + +secrets: + - uid: portal-cass + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.cassandra.config.cassandraExternalSecret) . }}' + login: '{{ .Values.cassandra.config.cassandraUsername }}' + password: '{{ .Values.cassandra.config.cassandraPassword }}' + passwordPolicy: required + - uid: cipher-enc-key + type: password + externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}' + password: '{{ .Values.config.cipherEncKey }}' + passwordPolicy: required + ################################################################# # Application configuration defaults. ################################################################# @@ -35,6 +53,11 @@ repository: nexus3.onap.org:10001 image: onap/portal-app:3.2.3 pullPolicy: Always +# application configuration +config: + # cipherEncKeyExternalSecret: some secret + cipherEncKey: AGLDdG4D04BKm2IxIWEr8o==! + #AAF local config aafURL: https://aaf-service:8100/authz/ @@ -104,11 +127,9 @@ cassandra: service: name: portal-cassandra config: + # cassandraExternalSecret: some secret cassandraUsername: root cassandraPassword: Aa123456 -zookeeper: - service: - name: portal-zookeeper messageRouter: service: name: message-router diff --git a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml index 5b4bf0c0e7..16b8971339 100644 --- a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml @@ -64,9 +64,9 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: CASSUSER - value: "{{ .Values.config.cassandraUsername }}" + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12}} - name: CASSPASS - value: "{{ .Values.config.cassandraPassword }}" + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12}} - name: JVM_OPTS value: "{{ .Values.config.cassandraJvmOpts }}" - name: POD_IP diff --git a/kubernetes/portal/components/portal-cassandra/templates/secrets.yaml b/kubernetes/portal/components/portal-cassandra/templates/secrets.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/portal/components/portal-cassandra/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/portal/components/portal-cassandra/values.yaml b/kubernetes/portal/components/portal-cassandra/values.yaml index 65fcdbe84a..eb6fc12274 100644 --- a/kubernetes/portal/components/portal-cassandra/values.yaml +++ b/kubernetes/portal/components/portal-cassandra/values.yaml @@ -26,10 +26,21 @@ repository: nexus3.onap.org:10001 image: onap/music/cassandra_music:3.0.0 pullPolicy: Always +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: 'db-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.cassandraExternalSecret) . }}' + login: '{{ .Values.config.cassandraUsername }}' + password: '{{ .Values.config.cassandraPassword }}' + # application configuration config: cassandraUsername: root cassandraPassword: Aa123456 +# cassandraCredsExternalSecret: some secret cassandraJvmOpts: -Xmx2536m -Xms2536m # default number of instances diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql index 7502e9322a..1e2806759f 100644 --- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql +++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql @@ -23,7 +23,7 @@ while the OOM K8s version has these service split up. */ -- app_url is the FE, app_rest_endpoint is the BE --portal-sdk => TODO: doesn't open a node port yet -update fn_app set app_url = 'https://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'https://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App'; +update fn_app set app_url = 'https://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'https://portal-sdk:8443/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App'; --dmaap-bc => the dmaap-bc doesn't open a node port.. update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl'; --sdc-be => 8443:30204 @@ -74,6 +74,9 @@ update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS -- aai sparky update fn_app set app_username='aaiui', app_password='4LK69amiIFtuzcl6Gsv97Tt7MLhzo03aoOx7dTvdjKQ=', ueb_key='ueb_key_7' where app_id = 7; +-- Disabled Policy APP +UPDATE fn_app fa SET fa.enabled = 'N' WHERE app_name = 'Policy'; + /* Replace spaces with underscores for role names to match AAF role names diff --git a/kubernetes/portal/components/portal-mariadb/templates/job.yaml b/kubernetes/portal/components/portal-mariadb/templates/job.yaml index e8a6e0fb12..b05b9208cc 100644 --- a/kubernetes/portal/components/portal-mariadb/templates/job.yaml +++ b/kubernetes/portal/components/portal-mariadb/templates/job.yaml @@ -72,7 +72,9 @@ spec: value: "{{ .Values.service.internalPort }}" - name: DB_PASS valueFrom: - secretKeyRef: {name: {{ include "common.fullname" . }}, key: db-root-password} + secretKeyRef: + name: {{ include "common.fullname" . }} + key: db-root-password command: - /bin/sh - -x diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/key.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/key.properties new file mode 100644 index 0000000000..0025a58e46 --- /dev/null +++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/key.properties @@ -0,0 +1,40 @@ +### +# ============LICENSE_START========================================== +# ONAP Portal SDK +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# +### + +# Properties read by the ECOMP Framework library (epsdk-fw) +cipher.enc.key = ${CIPHER_ENC_KEY} diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml index 85e1eed648..e1fee17381 100644 --- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml +++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml @@ -41,6 +41,8 @@ <!--<jmxConfigurator /> -->
<!-- specify the component name -->
<property name="componentName" value="onapsdk"></property>
+ <!-- specify the application name -->
+ <property name="application_name" value="PortalSDK"></property>
<!-- specify the base path of the log directory -->
<property name="logDirPrefix" value="/var/log/onap"></property>
<!-- The directories where logs are written -->
@@ -60,7 +62,7 @@ <!-- 1610 Logging Fields Format Revisions -->
<property name="auditLoggerPattern" value="%X{AuditLogBeginTimestamp}|%X{AuditLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />
<property name="metricsLoggerPattern" value="%X{MetricsLogBeginTimestamp}|%X{MetricsLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVisualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />
- <property name="errorLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ClassName}|%X{AlertSeverity}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />
+ <property name="errorLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{AlertSeverity}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />
<property name="defaultLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ClassName}| %msg%n" />
<!-- use %class so library logging calls yield their class name -->
<property name="applicationLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%class{36}| %msg%n" />
@@ -204,19 +206,20 @@ <logger name="org.onap.eelf" level="info" additivity="false">
<appender-ref ref="asyncEELF" />
</logger>
- <logger name="org.onap.eelf.audit" level="info" additivity="false">
+ <logger name="EELFAudit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
<logger name="org.onap.eelf.debug" level="debug" additivity="false">
<appender-ref ref="asyncEELFDebug" />
</logger>
- <logger name="org.onap.eelf.error" level="info" additivity="false">
+ <logger name="EELFError" level="info" additivity="false">
<appender-ref ref="asyncEELFError" />
</logger>
- <logger name="org.onap.eelf.metrics" level="info" additivity="false">
+ <logger name="EELFMetrics" level="info" additivity="false">
<appender-ref ref="asyncEELFMetrics" />
</logger>
<root level="DEBUG">
<appender-ref ref="asyncEELF" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties index 8881cc2f2d..a4c0acc9d0 100644 --- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties +++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties @@ -27,9 +27,8 @@ music.serialize.compress = true #By default it's eventual music.atomic.get = false -music.atomic.put = true +music.atomic.put = false cassandra.host={{.Values.cassandra.service.name}} -zookeeper.host={{.Values.zookeeper.service.name}} -cassandra.user={{.Values.cassandra.config.cassandraUsername}} -cassandra.password={{.Values.cassandra.config.cassandraPassword}} +cassandra.user=${CASSA_USER} +cassandra.password=${CASSA_PASSWORD} diff --git a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml index 104c2df34a..f79098fade 100644 --- a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml @@ -49,6 +49,23 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-portalsdk-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/bin/sh"] + args: [ "-c", "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"] + env: + - name: CASSA_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "login") | indent 12 }} + - name: CASSA_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }} + - name: CIPHER_ENC_KEY + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }} + volumeMounts: + - mountPath: /config-input + name: properties-onapportalsdk-scrubbed + - mountPath: /config + name: properties-onapportalsdk {{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} @@ -100,6 +117,9 @@ spec: mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/portal.properties" subPath: portal.properties - name: properties-onapportalsdk + mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/key.properties" + subPath: key.properties + - name: properties-onapportalsdk mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/music.properties" subPath: music.properties - name: properties-onapportalsdk @@ -135,6 +155,9 @@ spec: hostPath: path: /etc/localtime - name: properties-onapportalsdk + emptyDir: + medium: Memory + - name: properties-onapportalsdk-scrubbed configMap: name: {{ include "common.fullname" . }}-onapportalsdk defaultMode: 0755 diff --git a/kubernetes/portal/components/portal-sdk/values.yaml b/kubernetes/portal/components/portal-sdk/values.yaml index e36ae32abb..c0f1b58c9a 100644 --- a/kubernetes/portal/components/portal-sdk/values.yaml +++ b/kubernetes/portal/components/portal-sdk/values.yaml @@ -24,9 +24,27 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 persistence: {} + envsubstImage: dibi/envsubst #AAF service aafEnabled: true +################################################################ +# Secrets metaconfig +################################################################# + +secrets: + - uid: portal-cass + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.cassandra.config.cassandraExternalSecret) . }}' + login: '{{ .Values.cassandra.config.cassandraUsername }}' + password: '{{ .Values.cassandra.config.cassandraPassword }}' + passwordPolicy: required + - uid: cipher-enc-key + type: password + externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}' + password: '{{ .Values.config.cipherEncKey }}' + passwordPolicy: required + ################################################################# # Application configuration defaults. ################################################################# @@ -36,6 +54,12 @@ repository: nexus3.onap.org:10001 image: onap/portal-sdk:3.2.0 pullPolicy: Always +# application configuration +config: + # cipherEncKeyExternalSecret: some secret + cipherEncKey: AGLDdG4D04BKm2IxIWEr8o== + + #AAF local config aafURL: https://aaf-service:8100/authz/ certInitializer: @@ -98,11 +122,9 @@ cassandra: service: name: portal-cassandra config: + # cassandraExternalSecret: some secret cassandraUsername: root cassandraPassword: Aa123456 -zookeeper: - service: - name: portal-zookeeper messageRouter: service: name: message-router diff --git a/kubernetes/portal/components/portal-zookeeper/templates/NOTES.txt b/kubernetes/portal/components/portal-zookeeper/templates/NOTES.txt deleted file mode 100644 index ee7a285cc0..0000000000 --- a/kubernetes/portal/components/portal-zookeeper/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/portal/components/portal-zookeeper/templates/deployment.yaml b/kubernetes/portal/components/portal-zookeeper/templates/deployment.yaml deleted file mode 100644 index fbde3c32e1..0000000000 --- a/kubernetes/portal/components/portal-zookeeper/templates/deployment.yaml +++ /dev/null @@ -1,74 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - containers: - - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/portal/components/portal-zookeeper/templates/service.yaml b/kubernetes/portal/components/portal-zookeeper/templates/service.yaml deleted file mode 100644 index aca4b063b8..0000000000 --- a/kubernetes/portal/components/portal-zookeeper/templates/service.yaml +++ /dev/null @@ -1,39 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.externalPort }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - {{- end}} - name: {{ .Values.service.portName }} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/portal/components/portal-zookeeper/values.yaml b/kubernetes/portal/components/portal-zookeeper/values.yaml deleted file mode 100644 index 6037d246cf..0000000000 --- a/kubernetes/portal/components/portal-zookeeper/values.yaml +++ /dev/null @@ -1,77 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Default values for mariadb. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -global: # global defaults - nodePortPrefix: 302 - persistence: {} - - -# application image -repository: nexus3.onap.org:10001 -image: zookeeper:3.4 -pullPolicy: Always - - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: ClusterIP - name: portal-zookeeper - portName: portal-zk - externalPort: 2181 - internalPort: 2181 - -ingress: - enabled: false - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 100m - memory: 200Mi - requests: - cpu: 1m - memory: 80Mi - large: - limits: - cpu: 1 - memory: 1Gi - requests: - cpu: 500m - memory: 600Mi - unlimited: {} diff --git a/kubernetes/portal/requirements.yaml b/kubernetes/portal/requirements.yaml index f89bbd6a2b..969a326ba5 100644 --- a/kubernetes/portal/requirements.yaml +++ b/kubernetes/portal/requirements.yaml @@ -32,6 +32,3 @@ dependencies: - name: portal-widget version: ~6.x-0 repository: 'file://components/portal-widget' - - name: portal-zookeeper - version: ~6.x-0 - repository: 'file://components/portal-zookeeper' diff --git a/kubernetes/portal/templates/secrets.yaml b/kubernetes/portal/templates/secrets.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/portal/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/portal/values.yaml b/kubernetes/portal/values.yaml index 1015c86654..2a760cdd98 100644 --- a/kubernetes/portal/values.yaml +++ b/kubernetes/portal/values.yaml @@ -21,9 +21,25 @@ global: portalFEPort: "30225" # application's front end hostname. Must be resolvable on the client side environment portalHostName: "portal.api.simpledemo.onap.org" + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: portal-cass + name: &dbSecretName '{{ include "common.release" . }}-portal-cass-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.casandraCredsExternalSecret) . }}' + login: '{{ .Values.config.cassandraUsername }}' + password: '{{ .Values.config.cassandraPassword }}' + config: logstashServiceName: log-ls logstashPort: 5044 + cassandraUsername: root +# cassandraPassword: Aa123456 +# casandraCredsExternalSecret: some secret + portal-mariadb: nameOverride: portal-db mariadb: @@ -36,13 +52,17 @@ cassandra: service: name: portal-cassandra config: - cassandraUsername: root - cassandraPassword: Aa123456 -zookeeper: - service: - name: portal-zookeeper + cassandraExternalSecret: *dbSecretName +portal-app: + cassandra: + config: + cassandraExternalSecret: *dbSecretName +portal-sdk: + cassandra: + config: + cassandraExternalSecret: *dbSecretName messageRouter: service: name: message-router ingress: - enabled: false
\ No newline at end of file + enabled: false diff --git a/kubernetes/robot b/kubernetes/robot -Subproject b093c77b4faa2c4f0bfc67e481f724b6d67c722 +Subproject 0611262fbb68714cfdb922f13ffb009b58a43f7 diff --git a/kubernetes/sdc/Makefile b/kubernetes/sdc/Makefile new file mode 100644 index 0000000000..3dab31fad0 --- /dev/null +++ b/kubernetes/sdc/Makefile @@ -0,0 +1,57 @@ +# Copyright © 2020 Samsung Electronics, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +HELM_VER := $(shell helm version --template "{{.Version}}") + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif + + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/sdc/charts/sdc-dcae-be/Chart.yaml b/kubernetes/sdc/charts/sdc-dcae-be/Chart.yaml deleted file mode 100644 index ca6e48d03d..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-be/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP SDC DCAE Backend client of TOSCALAB and SDC -name: sdc-dcae-be -version: 6.0.0 diff --git a/kubernetes/sdc/charts/sdc-dcae-be/resources/config/logging/logback.xml b/kubernetes/sdc/charts/sdc-dcae-be/resources/config/logging/logback.xml deleted file mode 100644 index 8d1e5cd4ea..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-be/resources/config/logging/logback.xml +++ /dev/null @@ -1,205 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?>
-<!--
-================================================================================
-Copyright (C) 2018 AT&T Intellectual Property
-================================================================================
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-================================================================================
--->
-
-<configuration scan="true" scanPeriod="3 seconds">
- <property name="logDir" value="/var/log/onap" />
- <property name="componentName" scope="system" value="sdc"></property>
- <property name="subComponentName" scope="system" value="dcae-be"></property>
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
- <property file="${config.home}/dcae-be/configuration.yaml" />
- <property name="enable-all-log" scope="context" value="false" />
- <!-- log file names -->
- <property name="errorLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
- <property name="transactionLogName" value="transaction" />
- <property name="allLogName" value="all" />
- <property name="queueSize" value="256" />
- <property name="maxFileSize" value="50MB" />
- <property name="maxHistory" value="30" />
- <property name="totalSizeCap" value="10GB" />
- <property name="pattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
- <!-- All log -->
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>
- <then>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ALL_ROLLING">
- <file>${logDirectory}/${allLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${allLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ALL">
- <appender-ref ref="ALL_ROLLING" />
- </appender>
- </then>
- </if>
- <!-- Error log -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ERROR_ROLLING">
- <file>${logDirectory}/${errorLogName}.log</file>
- <!-- Audit messages filter - deny audit messages -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>AUDIT_MARKER</marker>
- </evaluator>
- <onMismatch>NEUTRAL</onMismatch>
- <onMatch>DENY</onMatch>
- </filter>
- <!-- Transaction messages filter - deny Transaction messages -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>TRANSACTION_MARKER</marker>
- </evaluator>
- <onMismatch>NEUTRAL</onMismatch>
- <onMatch>DENY</onMatch>
- </filter>
- <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- Debug log -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="DEBUG_ROLLING">
- <file>${logDirectory}/${debugLogName}.log</file>
- <!-- No need to deny audit messages - they are INFO only, will be denied
- anyway -->
- <!-- Transaction messages filter - deny Transaction messages, there are
- some DEBUG level messages among them -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>TRANSACTION_MARKER</marker>
- </evaluator>
- <onMismatch>NEUTRAL</onMismatch>
- <onMatch>DENY</onMatch>
- </filter>
- <!-- accept DEBUG and TRACE level -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator">
- <expression>e.level.toInt() <= DEBUG.toInt()</expression>
- </evaluator>
- <OnMismatch>DENY</OnMismatch>
- <OnMatch>NEUTRAL</OnMatch>
- </filter>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- Audit log -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="AUDIT_ROLLING">
- <file>${logDirectory}/${auditLogName}.log</file>
- <!-- Audit messages filter - accept audit messages -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>AUDIT_MARKER</marker>
- </evaluator>
- <onMismatch>DENY</onMismatch>
- <onMatch>ACCEPT</onMatch>
- </filter>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- SdncTransaction log -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="TRANSACTION_ROLLING">
- <file>${logDirectory}/${transactionLogName}.log</file>
- <!-- Transaction messages filter - accept audit messages -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>TRANSACTION_MARKER</marker>
- </evaluator>
- <onMismatch>DENY</onMismatch>
- <onMatch>ACCEPT</onMatch>
- </filter>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${transactionLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- Asynchronicity Configurations -->
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_DEBUG">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="DEBUG_ROLLING" />
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_TRANSACTION">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="TRANSACTION_ROLLING" />
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ERROR">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="ERROR_ROLLING" />
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="AUDIT_ROLLING" />
- </appender>
- <root level="INFO">
- <appender-ref ref="ASYNC_ERROR" />
- <appender-ref ref="ASYNC_DEBUG" />
- <appender-ref ref="ASYNC_AUDIT" />
- <appender-ref ref="ASYNC_TRANSACTION" />
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>
- <then>
- <appender-ref ref="ALL_ROLLING" />
- </then>
- </if>
- </root>
- <logger level="INFO" name="org.openecomp.sdc" />
-</configuration>
diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/NOTES.txt b/kubernetes/sdc/charts/sdc-dcae-be/templates/NOTES.txt deleted file mode 100644 index 41f9706fec..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-be/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/configmap.yaml b/kubernetes/sdc/charts/sdc-dcae-be/templates/configmap.yaml deleted file mode 100644 index 5c6af2085a..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-be/templates/configmap.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-logging-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml deleted file mode 100644 index a8e9403ef4..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml +++ /dev/null @@ -1,187 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - name: {{ include "common.name" . }}-readiness - command: - - /app/ready.py - args: - - --container-name - - "sdc-be" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - name: {{ include "common.name" . }}-job-completion - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-sdc-be-config-backend - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: {{ include "common.name" . }}-update-config - image: "{{ .Values.global.envsubstImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - sh - args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" - env: - - name: KEYSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: keystore_password - - name: TRUSTSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: truststore_password - volumeMounts: - - name: {{ include "common.fullname" . }}-environments - mountPath: /config-input/ - - name: sdc-environments-output - mountPath: /config-output/ - containers: - - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - - containerPort: {{ .Values.service.internalPort2 }} - {{ if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort2 }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end }} - readinessProbe: - httpGet: - path: /dcae/conf/composition - port: {{ .Values.service.internalPort2 }} - scheme: HTTPS - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: ENVNAME - value: {{ .Values.global.env.name }} - - name: JAVA_OPTIONS - value: {{ .Values.config.javaOptions }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - volumeMounts: - - name: sdc-environments-output - mountPath: /var/lib/jetty/chef-solo/environments/ - - name: sdc-cert - mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12 - subPath: org.onap.sdc.p12 - - name: sdc-cert - mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks - subPath: org.onap.sdc.trust.jks - - name: {{ include "common.fullname" . }}-localtime - mountPath: /etc/localtime - readOnly: true - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/lib/jetty/logs - - name: {{ include "common.fullname" . }}-logback - mountPath: /tmp/logback.xml - subPath: logback.xml - lifecycle: - postStart: - exec: - command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/dcae-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - - # side car containers - - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - volumes: - - name: {{ include "common.fullname" . }}-localtime - hostPath: - path: /etc/localtime - - name: sdc-cert - secret: - secretName: sdc-cert - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ include "common.release" . }}-sdc-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} - - name: {{ include "common.fullname" . }}-logback - configMap: - name : {{ include "common.fullname" . }}-logging-configmap - - name: {{ include "common.fullname" . }}-environments - configMap: - name: {{ include "common.release" . }}-sdc-environments-configmap - defaultMode: 0755 - - name: sdc-environments-output - emptyDir: { medium: "Memory" } - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/job.yaml b/kubernetes/sdc/charts/sdc-dcae-be/templates/job.yaml deleted file mode 100644 index 5be29eee97..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-be/templates/job.yaml +++ /dev/null @@ -1,70 +0,0 @@ -# Copyright © 2017 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "common.fullname" . }}-tools - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-job - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - backoffLimit: 20 - template: - metadata: - labels: - app: {{ include "common.name" . }}-job - release: {{ include "common.release" . }} - spec: - restartPolicy: Never - initContainers: - - name: {{ include "common.name" . }}-init-readiness - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /app/ready.py - args: - - --container-name - - {{ include "common.name" . }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - containers: - - name: {{ include "common.name" . }}-job - image: {{ include "common.repository" . }}/{{ .Values.backendInitImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-environments - mountPath: /var/lib/jetty/chef-solo/environments - env: - - name: ENVNAME - value: {{ .Values.global.env.name }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - volumes: - - name: {{ include "common.fullname" . }}-environments - configMap: - name: {{ include "common.release" . }}-sdc-environments-configmap - defaultMode: 0755 - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" - restartPolicy: Never diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/service.yaml b/kubernetes/sdc/charts/sdc-dcae-be/templates/service.yaml deleted file mode 100644 index 71edaf5734..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-be/templates/service.yaml +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "sdc-dcae-be", - "version": "v1", - "url": "/dcae", - "protocol": "REST", - "port": "{{ .Values.service.internalPort2 }}", - "visualRange": "1" - } - ]' -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - - port: {{ .Values.service.internalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName2 }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName2 }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml b/kubernetes/sdc/charts/sdc-dcae-be/values.yaml deleted file mode 100644 index ece8ed5426..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml +++ /dev/null @@ -1,96 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - readinessImage: onap/oom/readiness:3.0.1 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/dcae-be:1.3.4 -pullPolicy: Always -backendInitImage: onap/dcae-tools:1.3.4 - -# flag to enable debugging - application support required -debugEnabled: false - -config: - javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-be/logback-spring.xml - cassandraSslEnabled: "false" - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 240 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: false - -readiness: - initialDelaySeconds: 240 - periodSeconds: 10 - -service: - type: ClusterIP - name: sdc-dcae-be - portName: sdc-dcae-be-8082 - externalPort: 8082 - internalPort: 8082 - portName2: sdc-dcae-be-8444 - externalPort2: 8444 - internalPort2: 8444 - -ingress: - enabled: false - service: - - baseaddr: "sdc.dcae.plugin" - name: "sdc-dcae-be" - port: 8282 - config: - ssl: "none" - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 1 - memory: 4Gi - requests: - cpu: 10m - memory: 1Gi - large: - limits: - cpu: 2 - memory: 8Gi - requests: - cpu: 20m - memory: 2Gi - unlimited: {} diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/Chart.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/Chart.yaml deleted file mode 100644 index ae38135e2e..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-dt/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP DCAE desiner composition tool for creating customized templates -name: sdc-dcae-dt -version: 6.0.0 diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/resources/config/logging/logback.xml b/kubernetes/sdc/charts/sdc-dcae-dt/resources/config/logging/logback.xml deleted file mode 100644 index 89fd30159c..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-dt/resources/config/logging/logback.xml +++ /dev/null @@ -1,205 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?>
-<!--
-================================================================================
-Copyright (C) 2018 AT&T Intellectual Property
-================================================================================
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-================================================================================
--->
-
-<configuration scan="true" scanPeriod="3 seconds">
- <property name="logDir" value="/var/log/onap" />
- <property name="componentName" scope="system" value="sdc"></property>
- <property name="subComponentName" scope="system" value="dcae-dt"></property>
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
- <property file="${config.home}/dcae-dt/configuration.yaml" />
- <property name="enable-all-log" scope="context" value="false" />
- <!-- log file names -->
- <property name="errorLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
- <property name="transactionLogName" value="transaction" />
- <property name="allLogName" value="all" />
- <property name="queueSize" value="256" />
- <property name="maxFileSize" value="50MB" />
- <property name="maxHistory" value="30" />
- <property name="totalSizeCap" value="10GB" />
- <property name="pattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
- <!-- All log -->
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>
- <then>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ALL_ROLLING">
- <file>${logDirectory}/${allLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${allLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ALL">
- <appender-ref ref="ALL_ROLLING" />
- </appender>
- </then>
- </if>
- <!-- Error log -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ERROR_ROLLING">
- <file>${logDirectory}/${errorLogName}.log</file>
- <!-- Audit messages filter - deny audit messages -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>AUDIT_MARKER</marker>
- </evaluator>
- <onMismatch>NEUTRAL</onMismatch>
- <onMatch>DENY</onMatch>
- </filter>
- <!-- Transaction messages filter - deny Transaction messages -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>TRANSACTION_MARKER</marker>
- </evaluator>
- <onMismatch>NEUTRAL</onMismatch>
- <onMatch>DENY</onMatch>
- </filter>
- <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- Debug log -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="DEBUG_ROLLING">
- <file>${logDirectory}/${debugLogName}.log</file>
- <!-- No need to deny audit messages - they are INFO only, will be denied
- anyway -->
- <!-- Transaction messages filter - deny Transaction messages, there are
- some DEBUG level messages among them -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>TRANSACTION_MARKER</marker>
- </evaluator>
- <onMismatch>NEUTRAL</onMismatch>
- <onMatch>DENY</onMatch>
- </filter>
- <!-- accept DEBUG and TRACE level -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator">
- <expression>e.level.toInt() <= DEBUG.toInt()</expression>
- </evaluator>
- <OnMismatch>DENY</OnMismatch>
- <OnMatch>NEUTRAL</OnMatch>
- </filter>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- Audit log -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="AUDIT_ROLLING">
- <file>${logDirectory}/${auditLogName}.log</file>
- <!-- Audit messages filter - accept audit messages -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>AUDIT_MARKER</marker>
- </evaluator>
- <onMismatch>DENY</onMismatch>
- <onMatch>ACCEPT</onMatch>
- </filter>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- SdncTransaction log -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="TRANSACTION_ROLLING">
- <file>${logDirectory}/${transactionLogName}.log</file>
- <!-- Transaction messages filter - accept audit messages -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>TRANSACTION_MARKER</marker>
- </evaluator>
- <onMismatch>DENY</onMismatch>
- <onMatch>ACCEPT</onMatch>
- </filter>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${transactionLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- Asynchronicity Configurations -->
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_DEBUG">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="DEBUG_ROLLING" />
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_TRANSACTION">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="TRANSACTION_ROLLING" />
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ERROR">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="ERROR_ROLLING" />
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="AUDIT_ROLLING" />
- </appender>
- <root level="INFO">
- <appender-ref ref="ASYNC_ERROR" />
- <appender-ref ref="ASYNC_DEBUG" />
- <appender-ref ref="ASYNC_AUDIT" />
- <appender-ref ref="ASYNC_TRANSACTION" />
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>
- <then>
- <appender-ref ref="ALL_ROLLING" />
- </then>
- </if>
- </root>
- <logger level="INFO" name="org.openecomp.sdc" />
-</configuration>
diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/NOTES.txt b/kubernetes/sdc/charts/sdc-dcae-dt/templates/NOTES.txt deleted file mode 100644 index 0063bb6c80..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.fullname" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/configmap.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/templates/configmap.yaml deleted file mode 100644 index 257803fd91..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/configmap.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-logging-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }} diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml deleted file mode 100644 index e3f1b5da1e..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml +++ /dev/null @@ -1,182 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - name: {{ include "common.name" . }}-readiness - command: - - /app/ready.py - args: - - --container-name - - sdc-dcae-be - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - name: {{ include "common.name" . }}-job-completion - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-sdc-dcae-be-tools - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: {{ include "common.name" . }}-update-config - image: "{{ .Values.global.envsubstImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - sh - args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" - env: - - name: KEYSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: keystore_password - - name: TRUSTSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: truststore_password - volumeMounts: - - name: {{ include "common.fullname" . }}-environments - mountPath: /config-input/ - - name: sdc-environments-output - mountPath: /config-output/ - containers: - - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - {{ if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end }} - readinessProbe: - httpGet: - path: /dcae/healthCheckOld - port: {{ .Values.service.internalPort }} - scheme: HTTPS - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: ENVNAME - value: {{ .Values.global.env.name }} - - name: JAVA_OPTIONS - value: {{ .Values.config.javaOptions }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - volumeMounts: - - name: sdc-environments-output - mountPath: /var/lib/jetty/chef-solo/environments/ - - name: sdc-cert - mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.p12 - subPath: org.onap.sdc.p12 - - name: sdc-cert - mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.trust.jks - subPath: org.onap.sdc.trust.jks - - name: {{ include "common.fullname" . }}-localtime - mountPath: /etc/localtime - readOnly: true - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/lib/jetty/logs - - name: {{ include "common.fullname" . }}-logback - mountPath: /tmp/logback.xml - subPath: logback.xml - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - - # side car containers - - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - volumes: - - name: {{ include "common.fullname" . }}-localtime - hostPath: - path: /etc/localtime - - name: sdc-cert - secret: - secretName: sdc-cert - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ include "common.release" . }}-sdc-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} - - name: {{ include "common.fullname" . }}-logback - configMap: - name : {{ include "common.fullname" . }}-logging-configmap - - name: {{ include "common.fullname" . }}-environments - configMap: - name: {{ include "common.release" . }}-sdc-environments-configmap - defaultMode: 0755 - - name: sdc-environments-output - emptyDir: { medium: "Memory" } - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/service.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/templates/service.yaml deleted file mode 100644 index 88445c1d56..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/service.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "sdc-dcae-dt", - "version": "v1", - "url": "/dcae", - "protocol": "UI", - "port": "{{ .Values.service.internalPort }}", - "visualRange": "0|1" - } - ]' -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml deleted file mode 100644 index 96ba894fbf..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml +++ /dev/null @@ -1,85 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - readinessImage: onap/oom/readiness:3.0.1 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/dcae-dt:1.3.4 -pullPolicy: IfNotPresent -config: - javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-dt/logback-spring.xml - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - enabled: false - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: NodePort - name: sdc-dcae-dt - portName: dcae-dt - nodePort: "66" - internalPort: 9446 - -ingress: - enabled: false - service: - - baseaddr: "dcaedt" - name: "sdc-dcae-dt" - port: 9446 - config: - ssl: "redirect" - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 1 - memory: 4Gi - requests: - cpu: 10m - memory: 1Gi - large: - limits: - cpu: 2 - memory: 8Gi - requests: - cpu: 20m - memory: 2Gi - unlimited: {} diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/Chart.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/Chart.yaml deleted file mode 100644 index 7eb7782cac..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-fe/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2013 Amdocs, AT&T,Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP SDC DCAE UI for service monitoring and MC create and configure -name: sdc-dcae-fe -version: 6.0.0 diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/resources/config/logging/logback.xml b/kubernetes/sdc/charts/sdc-dcae-fe/resources/config/logging/logback.xml deleted file mode 100644 index 8dbf347dc7..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-fe/resources/config/logging/logback.xml +++ /dev/null @@ -1,204 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?>
-<!--
-================================================================================
-Copyright (C) 2018 AT&T Intellectual Property
-================================================================================
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-================================================================================
--->
-<configuration scan="true" scanPeriod="3 seconds">
- <property name="logDir" value="/var/log/onap" />
- <property name="componentName" scope="system" value="sdc"></property>
- <property name="subComponentName" scope="system" value="dcae-fe"></property>
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
- <property file="${config.home}/dcae-fe/configuration.yaml" />
- <property name="enable-all-log" scope="context" value="false" />
- <!-- log file names -->
- <property name="errorLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
- <property name="transactionLogName" value="transaction" />
- <property name="allLogName" value="all" />
- <property name="queueSize" value="256" />
- <property name="maxFileSize" value="50MB" />
- <property name="maxHistory" value="30" />
- <property name="totalSizeCap" value="10GB" />
- <property name="pattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
- <!-- All log -->
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>
- <then>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ALL_ROLLING">
- <file>${logDirectory}/${allLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${allLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ALL">
- <appender-ref ref="ALL_ROLLING" />
- </appender>
- </then>
- </if>
- <!-- Error log -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ERROR_ROLLING">
- <file>${logDirectory}/${errorLogName}.log</file>
- <!-- Audit messages filter - deny audit messages -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>AUDIT_MARKER</marker>
- </evaluator>
- <onMismatch>NEUTRAL</onMismatch>
- <onMatch>DENY</onMatch>
- </filter>
- <!-- Transaction messages filter - deny Transaction messages -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>TRANSACTION_MARKER</marker>
- </evaluator>
- <onMismatch>NEUTRAL</onMismatch>
- <onMatch>DENY</onMatch>
- </filter>
- <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- Debug log -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="DEBUG_ROLLING">
- <file>${logDirectory}/${debugLogName}.log</file>
- <!-- No need to deny audit messages - they are INFO only, will be denied
- anyway -->
- <!-- Transaction messages filter - deny Transaction messages, there are
- some DEBUG level messages among them -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>TRANSACTION_MARKER</marker>
- </evaluator>
- <onMismatch>NEUTRAL</onMismatch>
- <onMatch>DENY</onMatch>
- </filter>
- <!-- accept DEBUG and TRACE level -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator">
- <expression>e.level.toInt() <= DEBUG.toInt()</expression>
- </evaluator>
- <OnMismatch>DENY</OnMismatch>
- <OnMatch>NEUTRAL</OnMatch>
- </filter>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- Audit log -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="AUDIT_ROLLING">
- <file>${logDirectory}/${auditLogName}.log</file>
- <!-- Audit messages filter - accept audit messages -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>AUDIT_MARKER</marker>
- </evaluator>
- <onMismatch>DENY</onMismatch>
- <onMatch>ACCEPT</onMatch>
- </filter>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- SdncTransaction log -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="TRANSACTION_ROLLING">
- <file>${logDirectory}/${transactionLogName}.log</file>
- <!-- Transaction messages filter - accept audit messages -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>TRANSACTION_MARKER</marker>
- </evaluator>
- <onMismatch>DENY</onMismatch>
- <onMatch>ACCEPT</onMatch>
- </filter>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${transactionLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- Asynchronicity Configurations -->
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_DEBUG">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="DEBUG_ROLLING" />
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_TRANSACTION">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="TRANSACTION_ROLLING" />
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ERROR">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="ERROR_ROLLING" />
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="AUDIT_ROLLING" />
- </appender>
- <root level="INFO">
- <appender-ref ref="ASYNC_ERROR" />
- <appender-ref ref="ASYNC_DEBUG" />
- <appender-ref ref="ASYNC_AUDIT" />
- <appender-ref ref="ASYNC_TRANSACTION" />
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>
- <then>
- <appender-ref ref="ALL_ROLLING" />
- </then>
- </if>
- </root>
- <logger level="INFO" name="org.openecomp.sdc" />
-</configuration>
diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/NOTES.txt b/kubernetes/sdc/charts/sdc-dcae-fe/templates/NOTES.txt deleted file mode 100644 index 0063bb6c80..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.fullname" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/configmap.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/templates/configmap.yaml deleted file mode 100644 index 257803fd91..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/configmap.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-logging-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }} diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml deleted file mode 100644 index 4f3f700084..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml +++ /dev/null @@ -1,186 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - name: {{ include "common.name" . }}-readiness - command: - - /app/ready.py - args: - - --container-name - - sdc-dcae-be - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - name: {{ include "common.name" . }}-job-completion - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-sdc-dcae-be-tools - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: {{ include "common.name" . }}-update-config - image: "{{ .Values.global.envsubstImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - sh - args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" - env: - - name: KEYSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: keystore_password - - name: TRUSTSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: truststore_password - volumeMounts: - - name: {{ include "common.fullname" . }}-environments - mountPath: /config-input/ - - name: sdc-environments-output - mountPath: /config-output/ - containers: - - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - {{ if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end }} - readinessProbe: - httpGet: - path: /dcaed/healthCheck - port: {{ .Values.service.internalPort }} - scheme: HTTPS - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: ENVNAME - value: {{ .Values.global.env.name }} - - name: JAVA_OPTIONS - value: {{ .Values.config.javaOptions }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - volumeMounts: - - name: sdc-environments-output - mountPath: /var/lib/jetty/chef-solo/environments/ - - name: sdc-cert - mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12 - subPath: org.onap.sdc.p12 - - name: sdc-cert - mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks - subPath: org.onap.sdc.trust.jks - - name: {{ include "common.fullname" . }}-localtime - mountPath: /etc/localtime - readOnly: true - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/lib/jetty/logs - - name: {{ include "common.fullname" . }}-logback - mountPath: /tmp/logback.xml - subPath: logback.xml - lifecycle: - postStart: - exec: - command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/dcae-fe/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - - # side car containers - - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - volumes: - - name: {{ include "common.fullname" . }}-localtime - hostPath: - path: /etc/localtime - - name: sdc-cert - secret: - secretName: sdc-cert - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ include "common.release" . }}-sdc-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} - - name: {{ include "common.fullname" . }}-logback - configMap: - name : {{ include "common.fullname" . }}-logging-configmap - - name: {{ include "common.fullname" . }}-environments - configMap: - name: {{ include "common.release" . }}-sdc-environments-configmap - defaultMode: 0755 - - name: sdc-environments-output - emptyDir: { medium: "Memory" } - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/service.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/templates/service.yaml deleted file mode 100644 index e1f541b6b1..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/service.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "dcae-gui", - "version": "v1", - "url": "/dcae", - "protocol": "UI", - "port": "{{ .Values.service.internalPort }}", - "visualRange": "0|1" - } - ]' -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml deleted file mode 100644 index f4a9dfb08f..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml +++ /dev/null @@ -1,89 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - readinessImage: onap/oom/readiness:3.0.1 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/dcae-fe:1.3.4 -pullPolicy: Always -config: - javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-fe/logback-spring.xml - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: false - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - #Example service definition with external, internal and node ports. - #Services may use any combination of ports depending on the 'type' of - #service being defined. - type: NodePort - name: sdc-dcae-fe - portName: dcae-fe - nodePort: "64" - internalPort: 9444 - -ingress: - enabled: false - service: - - baseaddr: "dcaedt" - name: "sdc-dcae-fe" - port: 9444 - config: - ssl: "redirect" -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 1 - memory: 4Gi - requests: - cpu: 10m - memory: 1Gi - large: - limits: - cpu: 2 - memory: 8Gi - requests: - cpu: 20m - memory: 2Gi - unlimited: {} diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/.helmignore b/kubernetes/sdc/charts/sdc-dcae-tosca-lab/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/Chart.yaml b/kubernetes/sdc/charts/sdc-dcae-tosca-lab/Chart.yaml deleted file mode 100644 index f851518a4e..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Tosca model for component monitoring and descriptors deployment -name: sdc-dcae-tosca-lab -version: 6.0.0 diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/NOTES.txt b/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/NOTES.txt deleted file mode 100644 index 41f9706fec..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/deployment.yaml deleted file mode 100644 index 0c886a0b08..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/deployment.yaml +++ /dev/null @@ -1,127 +0,0 @@ -# Copyright © 2017 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - name: {{ include "common.name" . }}-readiness - command: - - /app/ready.py - args: - - --container-name - - "sdc-dcae-be" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - containers: - - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - - containerPort: {{ .Values.service.internalPort2 }} - {{ if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort2 }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end }} - readinessProbe: - httpGet: - path: /healthcheck - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: ENVNAME - value: {{ .Values.global.env.name }} - - name: JAVA_OPTIONS - value: {{ .Values.config.javaOptions }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - volumeMounts: - - name: {{ include "common.fullname" . }}-environments - mountPath: /var/lib/jetty/chef-solo/environments/ - - name: {{ include "common.fullname" . }}-localtime - mountPath: /etc/localtime - readOnly: true - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - # side car containers - - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - volumes: - - name: {{ include "common.fullname" . }}-localtime - hostPath: - path: /etc/localtime - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ include "common.release" . }}-sdc-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} - - name: {{ include "common.fullname" . }}-environments - configMap: - name: {{ include "common.release" . }}-sdc-environments-configmap - defaultMode: 0755 - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/service.yaml b/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/service.yaml deleted file mode 100644 index 04661b9ea1..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/service.yaml +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "dcae-be", - "version": "v1", - "url": "/dcae", - "protocol": "REST", - "port": "{{ .Values.service.internalPort2 }}", - "visualRange": "1" - } - ]' -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - - port: {{ .Values.service.internalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName2 }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName2 }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/sdc/charts/sdc-fe/resources/config/plugins/plugins-configuration.yaml b/kubernetes/sdc/charts/sdc-fe/resources/config/plugins/plugins-configuration.yaml deleted file mode 100644 index f9a3b17e03..0000000000 --- a/kubernetes/sdc/charts/sdc-fe/resources/config/plugins/plugins-configuration.yaml +++ /dev/null @@ -1,28 +0,0 @@ -pluginsList: - - pluginId: DCAED - pluginDiscoveryUrl: "{{ .Values.config.plugins.dcae_discovery_url }}" - pluginSourceUrl: "{{ .Values.config.plugins.dcae_source_url }}" - pluginStateUrl: "dcaed" - pluginDisplayOptions: - context: - displayName: "Monitoring" - displayContext: ["SERVICE"] - displayRoles: ["DESIGNER"] - - pluginId: DCAE-DS - pluginDiscoveryUrl: "{{ .Values.config.plugins.dcae_dt_discovery_url }}" - pluginSourceUrl: "{{ .Values.config.plugins.dcae_dt_source_url }}" - pluginStateUrl: "dcae-ds" - pluginDisplayOptions: - tab: - displayName: "DCAE-DS" - displayRoles: ["DESIGNER"] - - pluginId: WORKFLOW - pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url }}" - pluginSourceUrl: "{{ .Values.config.plugins.workflow_source_url }}" - pluginStateUrl: "workflowDesigner" - pluginDisplayOptions: - tab: - displayName: "WORKFLOW" - displayRoles: ["DESIGNER", "TESTER"] - -connectionTimeout: 1000
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/.helmignore b/kubernetes/sdc/charts/sdc-onboarding-be/.helmignore deleted file mode 100644 index daebc7da77..0000000000 --- a/kubernetes/sdc/charts/sdc-onboarding-be/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/pv.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/templates/pv.yaml deleted file mode 100644 index bc110c3b0f..0000000000 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/pv.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{/* -# ================================================================================ -# Copyright (C) 2019, Nordix Foundation. All rights reserved. -# ================================================================================ -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{- if and .Values.persistence.enabled (not .Values.cert.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) -}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.cert.persistence.size}} - accessModes: - - {{ .Values.cert.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.cert.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" . }}-data" - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.cert.persistence.mountSubPath }} -{{- end -}} -{{- end -}} diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/pvc.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/templates/pvc.yaml deleted file mode 100644 index 006d736b63..0000000000 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/pvc.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{/* -# ================================================================================ -# Copyright (C) 2019, Nordix Foundation. All rights reserved. -# ================================================================================ -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{- if and .Values.cert.persistence.enabled (not .Values.cert.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-cert - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.cert.persistence.annotations }} - annotations: -{{ toYaml .Values.cert.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.cert.persistence.accessMode }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.cert.persistence.size }} -{{- end -}} diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/ingress.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/ingress.yaml deleted file mode 100644 index 8f87c68f1e..0000000000 --- a/kubernetes/sdc/charts/sdc-wfd-be/templates/ingress.yaml +++ /dev/null @@ -1 +0,0 @@ -{{ include "common.ingress" . }} diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/ingress.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/ingress.yaml deleted file mode 100644 index 8f87c68f1e..0000000000 --- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/ingress.yaml +++ /dev/null @@ -1 +0,0 @@ -{{ include "common.ingress" . }} diff --git a/kubernetes/sdc/components/Makefile b/kubernetes/sdc/components/Makefile new file mode 100644 index 0000000000..0d5b9e0c1f --- /dev/null +++ b/kubernetes/sdc/components/Makefile @@ -0,0 +1,55 @@ +# Copyright © 2020 Samsung Electronics, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/portal/components/portal-zookeeper/.helmignore b/kubernetes/sdc/components/sdc-be/.helmignore index daebc7da77..daebc7da77 100644 --- a/kubernetes/portal/components/portal-zookeeper/.helmignore +++ b/kubernetes/sdc/components/sdc-be/.helmignore diff --git a/kubernetes/sdc/charts/sdc-be/Chart.yaml b/kubernetes/sdc/components/sdc-be/Chart.yaml index 3189bebf01..3189bebf01 100644 --- a/kubernetes/sdc/charts/sdc-be/Chart.yaml +++ b/kubernetes/sdc/components/sdc-be/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-be/requirements.yaml b/kubernetes/sdc/components/sdc-be/requirements.yaml new file mode 100644 index 0000000000..b1d52ae32a --- /dev/null +++ b/kubernetes/sdc/components/sdc-be/requirements.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-be/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-be/resources/config/logging/logback.xml index 0f044d7646..0f044d7646 100644 --- a/kubernetes/sdc/charts/sdc-be/resources/config/logging/logback.xml +++ b/kubernetes/sdc/components/sdc-be/resources/config/logging/logback.xml diff --git a/kubernetes/sdc/charts/sdc-be/templates/NOTES.txt b/kubernetes/sdc/components/sdc-be/templates/NOTES.txt index 3a5553b84f..3a5553b84f 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/NOTES.txt +++ b/kubernetes/sdc/components/sdc-be/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-be/templates/configmap.yaml b/kubernetes/sdc/components/sdc-be/templates/configmap.yaml index ea5009914a..ea5009914a 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/configmap.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/configmap.yaml diff --git a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml index 78f2912021..e2329d7ca5 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml @@ -22,7 +22,7 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - name: {{ include "common.name" . }}-readiness command: - /app/ready.py @@ -51,34 +51,46 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{- if .Values.global.aafEnabled }} - name: {{ include "common.name" . }}-update-config image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - sh args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" - env: - - name: KEYSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: keystore_password - - name: TRUSTSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: truststore_password - volumeMounts: + - "-c" + - | + export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export KEYSTORE_PASS=$cadi_keystore_password_p12 + export KEYMANAGER_PASS=$cadi_keystore_password_p12 + export TRUSTSTORE_PASS=$cadi_truststore_password + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output + cd /config-input && \ + for PFILE in `find . -not -type d | grep -v -F ..` + do + envsubst <${PFILE} >/config-output/${PFILE} + chmod 0755 /config-output/${PFILE} + done + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - name: {{ include "common.fullname" . }}-environments mountPath: /config-input/ - name: sdc-environments-output mountPath: /config-output/ + {{- end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - "-c" + - | + sed -i '/trustStorePassword/d' ${JETTY_BASE}/startup.sh + ${JETTY_BASE}/startup.sh + {{- end }} ports: {{ include "common.containerPorts" . | nindent 10 }} {{ if eq .Values.liveness.enabled true }} livenessProbe: @@ -100,7 +112,7 @@ spec: resources: {{ include "common.resources" . | nindent 12 }} env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} - name: cassandra_ssl_enabled @@ -112,10 +124,10 @@ spec: volumeMounts: - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime @@ -142,13 +154,10 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime - - name: sdc-cert - secret: - secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap diff --git a/kubernetes/sdc/charts/sdc-be/templates/ingress.yaml b/kubernetes/sdc/components/sdc-be/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/ingress.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/ingress.yaml diff --git a/kubernetes/sdc/charts/sdc-be/templates/job.yaml b/kubernetes/sdc/components/sdc-be/templates/job.yaml index 8a5f2fae18..f1bdabb59c 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/job.yaml @@ -51,12 +51,12 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-environments - mountPath: /home/sdc/chef-solo/environments/ + mountPath: /home/onap/chef-solo/environments/ - name: sdc-logs mountPath: /var/lib/jetty/logs env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: HOST_IP valueFrom: fieldRef: diff --git a/kubernetes/sdc/charts/sdc-be/templates/service.yaml b/kubernetes/sdc/components/sdc-be/templates/service.yaml index a0d0f5b438..a0d0f5b438 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/service.yaml diff --git a/kubernetes/sdc/charts/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml index a2f1f0c93c..c71bb755eb 100644 --- a/kubernetes/sdc/charts/sdc-be/values.yaml +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -21,19 +21,58 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + aafEnabled: true + cassandra: + #This flag allows SDC to instantiate its own cluster, serviceName + #should be sdc-cs if this flag is enabled + localCluster: false + #The cassandra service name to connect to (default: shared cassandra service) + serviceName: cassandra + #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled + #to match with its own cluster replica + replicaCount: 3 + clusterName: cassandra + dataCenter: Pod ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-backend:1.6.7 -backendInitImage: onap/sdc-backend-init:1.6.7 +image: onap/sdc-backend-all-plugins:1.7.1 +backendInitImage: onap/sdc-backend-init:1.7.1 pullPolicy: Always # flag to enable debugging - application support required debugEnabled: false +#environment file +env: + name: AUTO + +certInitializer: + nameOverride: sdc-be-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: sdc + fqi: sdc@sdc.onap.org + public_fqdn: sdc.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + addconfig: true + keystoreFile: "org.onap.sdc.p12" + truststoreFile: "org.onap.sdc.trust.jks" + permission_user: 352070 + permission_group: 35953 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop + +################################################################# +# SDC Config part +################################################################# config: javaOptions: "-Xmx1536m -Xms1536m" cassandraSslEnabled: "false" diff --git a/kubernetes/sdc/charts/sdc-be/.helmignore b/kubernetes/sdc/components/sdc-cs/.helmignore index daebc7da77..daebc7da77 100644 --- a/kubernetes/sdc/charts/sdc-be/.helmignore +++ b/kubernetes/sdc/components/sdc-cs/.helmignore diff --git a/kubernetes/sdc/charts/sdc-cs/Chart.yaml b/kubernetes/sdc/components/sdc-cs/Chart.yaml index 973ca4512e..973ca4512e 100644 --- a/kubernetes/sdc/charts/sdc-cs/Chart.yaml +++ b/kubernetes/sdc/components/sdc-cs/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-cs/requirements.yaml b/kubernetes/sdc/components/sdc-cs/requirements.yaml new file mode 100644 index 0000000000..5969143629 --- /dev/null +++ b/kubernetes/sdc/components/sdc-cs/requirements.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-cs/templates/NOTES.txt b/kubernetes/sdc/components/sdc-cs/templates/NOTES.txt index 3a5553b84f..3a5553b84f 100644 --- a/kubernetes/sdc/charts/sdc-cs/templates/NOTES.txt +++ b/kubernetes/sdc/components/sdc-cs/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-cs/templates/job.yaml b/kubernetes/sdc/components/sdc-cs/templates/job.yaml index ff32a87588..0c98d67be4 100644 --- a/kubernetes/sdc/charts/sdc-cs/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-cs/templates/job.yaml @@ -62,7 +62,7 @@ spec: mountPath: /home/sdc/chef-solo/cache env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: RELEASE value: {{ .Values.config.release }} - name: SDC_USER diff --git a/kubernetes/sdc/charts/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml index 5cf3065a09..4cf6e4d5f3 100644 --- a/kubernetes/sdc/charts/sdc-cs/values.yaml +++ b/kubernetes/sdc/components/sdc-cs/values.yaml @@ -21,14 +21,25 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + cassandra: + #This flag allows SDC to instantiate its own cluster, serviceName + #should be sdc-cs if this flag is enabled + localCluster: false + #The cassandra service name to connect to (default: shared cassandra service) + serviceName: cassandra + #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled + #to match with its own cluster replica + replicaCount: 3 + clusterName: cassandra + dataCenter: Pod ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-cassandra:1.6.7 -cassandraInitImage: onap/sdc-cassandra-init:1.6.7 +image: onap/sdc-cassandra:1.7.1 +cassandraInitImage: onap/sdc-cassandra-init:1.7.1 pullPolicy: Always @@ -37,6 +48,10 @@ config: maxHeapSize: "1536M" heapNewSize: "512M" +#environment file +env: + name: AUTO + # default number of instances replicaCount: 1 diff --git a/kubernetes/sdc/charts/sdc-cs/.helmignore b/kubernetes/sdc/components/sdc-fe/.helmignore index daebc7da77..daebc7da77 100644 --- a/kubernetes/sdc/charts/sdc-cs/.helmignore +++ b/kubernetes/sdc/components/sdc-fe/.helmignore diff --git a/kubernetes/sdc/charts/sdc-fe/Chart.yaml b/kubernetes/sdc/components/sdc-fe/Chart.yaml index 4794092b6c..4794092b6c 100644 --- a/kubernetes/sdc/charts/sdc-fe/Chart.yaml +++ b/kubernetes/sdc/components/sdc-fe/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-fe/requirements.yaml b/kubernetes/sdc/components/sdc-fe/requirements.yaml new file mode 100644 index 0000000000..b1d52ae32a --- /dev/null +++ b/kubernetes/sdc/components/sdc-fe/requirements.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-fe/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-fe/resources/config/logging/logback.xml index 1000982b6e..1000982b6e 100644 --- a/kubernetes/sdc/charts/sdc-fe/resources/config/logging/logback.xml +++ b/kubernetes/sdc/components/sdc-fe/resources/config/logging/logback.xml diff --git a/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml b/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml new file mode 100644 index 0000000000..9dc317b2b5 --- /dev/null +++ b/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml @@ -0,0 +1,11 @@ +pluginsList: + - pluginId: WORKFLOW + pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url }}" + pluginSourceUrl: "{{ .Values.config.plugins.workflow_source_url }}" + pluginStateUrl: "workflowDesigner" + pluginDisplayOptions: + tab: + displayName: "WORKFLOW" + displayRoles: ["DESIGNER", "TESTER"] + +connectionTimeout: 1000
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-fe/templates/NOTES.txt b/kubernetes/sdc/components/sdc-fe/templates/NOTES.txt index 6319bfb6a3..6319bfb6a3 100644 --- a/kubernetes/sdc/charts/sdc-fe/templates/NOTES.txt +++ b/kubernetes/sdc/components/sdc-fe/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-fe/templates/configmap.yaml b/kubernetes/sdc/components/sdc-fe/templates/configmap.yaml index ba24fd705b..ba24fd705b 100644 --- a/kubernetes/sdc/charts/sdc-fe/templates/configmap.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/configmap.yaml diff --git a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml index 8b3d4e7e44..0571f4bb5d 100644 --- a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml @@ -34,7 +34,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - name: {{ include "common.name" . }}-job-completion image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" @@ -49,34 +49,46 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{- if .Values.global.aafEnabled }} - name: {{ include "common.name" . }}-update-config image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - sh + - sh args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" - env: - - name: KEYSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: keystore_password - - name: TRUSTSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: truststore_password - volumeMounts: + - "-c" + - | + export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export KEYSTORE_PASS=$cadi_keystore_password_p12 + export KEYMANAGER_PASS=$cadi_keystore_password_p12 + export TRUSTSTORE_PASS=$cadi_truststore_password + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output + cd /config-input && \ + for PFILE in `find . -not -type d | grep -v -F ..` + do + envsubst <${PFILE} >/config-output/${PFILE} + chmod 0755 /config-output/${PFILE} + done + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: {{ include "common.fullname" . }}-environments mountPath: /config-input/ - name: sdc-environments-output mountPath: /config-output/ + {{- end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - "-c" + - | + sed -i '/trustStorePassword/d' ${JETTY_BASE}/startup.sh + ${JETTY_BASE}/startup.sh + {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} @@ -98,7 +110,7 @@ spec: {{ include "common.resources" . | indent 12 }} env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: HOST_IP valueFrom: fieldRef: @@ -108,10 +120,10 @@ spec: volumeMounts: - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime @@ -141,13 +153,10 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime - - name: sdc-cert - secret: - secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/ingress.yaml b/kubernetes/sdc/components/sdc-fe/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/ingress.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/ingress.yaml diff --git a/kubernetes/sdc/charts/sdc-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-fe/templates/service.yaml index 2133990b60..efcde572a3 100644 --- a/kubernetes/sdc/charts/sdc-fe/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/service.yaml @@ -37,7 +37,7 @@ metadata: spec: type: {{ .Values.service.type }} ports: - {{ if not .Values.global.security.disableHttp }} + {{ if not .Values.security.disableHttp }} # setting http port only if enabled {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} diff --git a/kubernetes/sdc/charts/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml index 63c8ce7e72..6501698388 100644 --- a/kubernetes/sdc/charts/sdc-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-fe/values.yaml @@ -21,13 +21,37 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + aafEnabled: true + +################################################################# +# AAF Part +################################################################# +certInitializer: + nameOverride: sdc-fe-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: sdc + fqi: sdc@sdc.onap.org + public_fqdn: sdc.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + addconfig: true + keystoreFile: "org.onap.sdc.p12" + truststoreFile: "org.onap.sdc.trust.jks" + permission_user: 352070 + permission_group: 35953 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-frontend:1.6.7 +image: onap/sdc-frontend:1.7.1 pullPolicy: Always config: @@ -40,6 +64,13 @@ config: workflow_discovery_url: "https://sdc-wfd-fe:8443/workflows" workflow_source_url: "https://sdc.workflow.plugin.simpledemo.onap.org:30256/workflows/" +#environment file +env: + name: AUTO + +security: + disableHttp: true + # default number of instances replicaCount: 1 diff --git a/kubernetes/sdc/charts/sdc-fe/.helmignore b/kubernetes/sdc/components/sdc-onboarding-be/.helmignore index daebc7da77..daebc7da77 100644 --- a/kubernetes/sdc/charts/sdc-fe/.helmignore +++ b/kubernetes/sdc/components/sdc-onboarding-be/.helmignore diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/Chart.yaml b/kubernetes/sdc/components/sdc-onboarding-be/Chart.yaml index dadcc730d0..dadcc730d0 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/Chart.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-onboarding-be/requirements.yaml b/kubernetes/sdc/components/sdc-onboarding-be/requirements.yaml new file mode 100644 index 0000000000..aad984e8d9 --- /dev/null +++ b/kubernetes/sdc/components/sdc-onboarding-be/requirements.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-onboarding-be/resources/config/logging/logback.xml index 515076fe30..515076fe30 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/resources/config/logging/logback.xml +++ b/kubernetes/sdc/components/sdc-onboarding-be/resources/config/logging/logback.xml diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/NOTES.txt b/kubernetes/sdc/components/sdc-onboarding-be/templates/NOTES.txt index edfb08642a..edfb08642a 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/NOTES.txt +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/configmap.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/configmap.yaml index ea5009914a..ea5009914a 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/configmap.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/configmap.yaml diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml index f2baa1fd90..6f1e2a9b61 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml @@ -34,7 +34,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - name: {{ include "common.name" . }}-job-completion image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" @@ -49,43 +49,33 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{- if .Values.global.aafEnabled }} - name: {{ include "common.name" . }}-update-config image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - sh + - sh args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" - env: - - name: KEYSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: keystore_password - - name: TRUSTSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: truststore_password - volumeMounts: + - "-c" + - | + export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export KEYSTORE_PASS=$cadi_keystore_password_p12 + export KEYMANAGER_PASS=$cadi_keystore_password_p12 + export TRUSTSTORE_PASS=$cadi_truststore_password + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output + cd /config-input && \ + for PFILE in `find . -not -type d | grep -v -F ..` + do + envsubst <${PFILE} >/config-output/${PFILE} + chmod 0755 /config-output/${PFILE} + done + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: {{ include "common.fullname" . }}-environments mountPath: /config-input/ - name: sdc-environments-output mountPath: /config-output/ - - name: volume-permissions - image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /bin/sh - - -c - - | - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert - securityContext: - runAsUser: 0 - volumeMounts: - - name: {{ include "common.fullname" . }}-cert-storage - mountPath: "/onboard/cert" + {{- end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -113,11 +103,11 @@ spec: {{ include "common.resources" . | indent 12 }} env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} - name: SDC_CLUSTER_NAME - value: "SDC-CS-{{ .Values.global.env.name }}" + value: "SDC-CS-{{ .Values.env.name }}" - name: cassandra_ssl_enabled value: {{ .Values.config.cassandraSslEnabled | quote }} - name: HOST_IP @@ -135,10 +125,10 @@ spec: volumeMounts: - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime @@ -149,8 +139,6 @@ spec: - name: {{ include "common.fullname" . }}-logback mountPath: /tmp/logback.xml subPath: logback.xml - - name: {{ include "common.fullname" . }}-cert-storage - mountPath: "{{ .Values.cert.certDir }}" lifecycle: postStart: exec: @@ -167,13 +155,10 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime - - name: sdc-cert - secret: - secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap @@ -190,8 +175,5 @@ spec: emptyDir: { medium: "Memory" } - name: {{ include "common.fullname" . }}-logs emptyDir: {} - - name: {{ include "common.fullname" . }}-cert-storage - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }}-cert imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/job.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml index 39758bc943..936c7c41b5 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml @@ -56,7 +56,7 @@ spec: mountPath: /home/sdc/chef-solo/environments/ env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: HOST_IP valueFrom: fieldRef: diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/service.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml index ad6650aa86..ad6650aa86 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml index f42b500376..ff10a64b5a 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml @@ -21,14 +21,50 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + aafEnabled: true + persistence: {} + cassandra: + #This flag allows SDC to instantiate its own cluster, serviceName + #should be sdc-cs if this flag is enabled + localCluster: false + #The cassandra service name to connect to (default: shared cassandra service) + serviceName: cassandra + #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled + #to match with its own cluster replica + replicaCount: 3 + clusterName: cassandra + dataCenter: Pod + +################################################################# +# AAF Part +################################################################# +certInitializer: + nameOverride: sdc-onboarding-be-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: sdc + fqi: sdc@sdc.onap.org + public_fqdn: sdc.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + addconfig: true + keystoreFile: "org.onap.sdc.p12" + truststoreFile: "org.onap.sdc.trust.jks" + permission_user: 352070 + permission_group: 35953 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-onboard-backend:1.6.7 -onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.7 +image: onap/sdc-onboard-backend:1.7.1 +onboardingInitImage: onap/sdc-onboard-cassandra-init:1.7.1 pullPolicy: Always # flag to enable debugging - application support required @@ -38,6 +74,10 @@ config: javaOptions: "-Xmx1g -Xms1g" cassandraSslEnabled: "false" +#environment file +env: + name: AUTO + # default number of instances replicaCount: 1 diff --git a/kubernetes/sdc/charts/sdc-dcae-be/.helmignore b/kubernetes/sdc/components/sdc-wfd-be/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/sdc/charts/sdc-dcae-be/.helmignore +++ b/kubernetes/sdc/components/sdc-wfd-be/.helmignore diff --git a/kubernetes/sdc/charts/sdc-wfd-be/Chart.yaml b/kubernetes/sdc/components/sdc-wfd-be/Chart.yaml index 7201db2fee..7201db2fee 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/Chart.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-wfd-be/requirements.yaml b/kubernetes/sdc/components/sdc-wfd-be/requirements.yaml new file mode 100644 index 0000000000..b1d52ae32a --- /dev/null +++ b/kubernetes/sdc/components/sdc-wfd-be/requirements.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/NOTES.txt b/kubernetes/sdc/components/sdc-wfd-be/templates/NOTES.txt index a3c79b12a4..a3c79b12a4 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/templates/NOTES.txt +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/_helper.tpl b/kubernetes/sdc/components/sdc-wfd-be/templates/_helper.tpl index 298a2cd673..298a2cd673 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/templates/_helper.tpl +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/_helper.tpl diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml index 92fe5f22af..b188cdae98 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml @@ -34,7 +34,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} {{- if .Values.initJob.enabled }} - name: {{ include "common.name" . }}-job-completion image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" @@ -55,6 +55,20 @@ spec: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - "-c" + - | + export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export SERVER_SSL_KEY_PASSWORD=$cadi_keystore_password_p12 + export KEYMANAGER_PASS=$cadi_keystore_password_p12 + export SERVER_SSL_TRUST_PASSWORD=$cadi_truststore_password + export SERVER_SSL_KEYSTORE_PATH={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} + export SERVER_SSL_TRUSTSTORE_PATH={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} + ./startup.sh + {{- end }} ports: - containerPort: {{ template "wfd-be.internalPort" . }} # disable liveness probe when breakpoints set in debugger @@ -106,28 +120,9 @@ spec: value: "{{ .Values.config.serverSSLEnabled }}" - name: SERVER_SSL_KEYSTORE_TYPE value: "{{ .Values.config.serverSSLKeyStoreType }}" - - name: SERVER_SSL_KEYSTORE_PATH - value: "{{ .Values.config.serverSSLKeyStorePath }}" - - name: SERVER_SSL_KEY_PASSWORD - valueFrom: - secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: keystore_password} - name: SERVER_SSL_TRUSTSTORE_TYPE value: "{{ .Values.config.serverSSLTrustStoreType }}" - - name: SERVER_SSL_TRUSTSTORE_PATH - value: "{{ .Values.config.serverSSLTrustStorePath }}" - - name: SERVER_SSL_TRUST_PASSWORD - valueFrom: - secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: truststore_password} - volumeMounts: - - name: sdc-cert - mountPath: /keystore - subPath: org.onap.sdc.p12 - - name: sdc-cert - mountPath: /truststore - subPath: org.onap.sdc.trust.jks - volumes: - - name: sdc-cert - secret: - secretName: sdc-cert + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/ingress.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/ingress.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml index 9235cb441c..9235cb441c 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/service.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml index d9ea066ab3..d9ea066ab3 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/components/sdc-wfd-be/values.yaml index 4ab95048ca..6147b064ce 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/values.yaml @@ -21,14 +21,49 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + aafEnabled: true + cassandra: + #This flag allows SDC to instantiate its own cluster, serviceName + #should be sdc-cs if this flag is enabled + localCluster: false + #The cassandra service name to connect to (default: shared cassandra service) + serviceName: cassandra + #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled + #to match with its own cluster replica + replicaCount: 3 + clusterName: cassandra + dataCenter: Pod + +################################################################# +# AAF Part +################################################################# +certInitializer: + nameOverride: sdc-wfd-be-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: sdc + fqi: sdc@sdc.onap.org + public_fqdn: sdc.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + addconfig: true + keystoreFile: "org.onap.sdc.p12" + truststoreFile: "org.onap.sdc.trust.jks" + permission_user: 352070 + permission_group: 35953 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/workflow-backend:1.6.4 -configInitImage: onap/workflow-init:1.6.4 +image: onap/sdc-workflow-backend:1.7.0 +configInitImage: onap/sdc-workflow-init:1.7.0 pullPolicy: Always initJob: @@ -38,22 +73,19 @@ config: javaOptions: "-Xmx1536m -Xms1536m" cassandraAuthenticationEnabled: true cassandraClientPort: 9042 - sdcProtocol: HTTPS sdcEndpoint: sdc-be:8443 sdcExternalUser: workflow - serverSSLEnabled: true - serverSSLKeyStoreType: jks - serverSSLKeyStorePath: /home/sdc/etc/keystore - serverSSLTrustStoreType: jks - serverSSLTrustStorePath: /home/sdc/etc/truststore - cassandraSSLEnabled: false cassandraTrustStorePath: /home/sdc/etc/truststore +# environment file +env: + name: AUTO + # default number of instances replicaCount: 1 @@ -82,7 +114,6 @@ service: externalPort2: 8443 nodePort: "57" # only one node port. set to http or https port depending on isHttpsEnabled property - ingress: enabled: false service: @@ -91,7 +122,7 @@ ingress: port: 8443 config: ssl: "redirect" - + resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/.helmignore b/kubernetes/sdc/components/sdc-wfd-fe/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/sdc/charts/sdc-dcae-fe/.helmignore +++ b/kubernetes/sdc/components/sdc-wfd-fe/.helmignore diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/Chart.yaml b/kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml index d5ef0a4db7..d5ef0a4db7 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/Chart.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml b/kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml new file mode 100644 index 0000000000..b1d52ae32a --- /dev/null +++ b/kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/NOTES.txt b/kubernetes/sdc/components/sdc-wfd-fe/templates/NOTES.txt index a3c79b12a4..a3c79b12a4 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/NOTES.txt +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/_helper.tpl b/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl index 546bab7ddf..546bab7ddf 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/_helper.tpl +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml index 061b765f9a..ad10480a3f 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml @@ -33,7 +33,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - name: {{ include "common.name" . }}-readiness command: - /app/ready.py @@ -48,10 +48,39 @@ spec: fieldPath: metadata.namespace image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + - name: {{ include "common.fullname" . }}-move-cert + command: + - /bin/sh + args: + - -c + - | + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /sdc-certs/{{ .Values.certInitializer.keystoreFile }} + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /sdc-certs/{{ .Values.certInitializer.truststoreFile }} + cp {{ .Values.certInitializer.credsPath }}/mycreds.prop /sdc-certs/mycreds.prop + image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + - name: sdc-certs + mountPath: /sdc-certs + {{- end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - "-c" + - | + export $(grep '^c' /sdc-certs/mycreds.prop | xargs -0) + export KEYSTORE_PASS=$cadi_keystore_password_p12 + export TRUSTSTORE_PASS=$cadi_truststore_password + export KEYSTORE_PATH=/etc/{{ .Values.certInitializer.keystoreFile }} + export TRUSTSTORE_PATH=/etc/{{ .Values.certInitializer.truststoreFile }} + ./startup.sh + {{- end }} ports: - containerPort: {{ template "wfd-fe.internalPort" . }} {{ if .Values.liveness.enabled }} @@ -68,7 +97,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} - name: BACKEND @@ -76,16 +105,6 @@ spec: - name: IS_HTTPS value: "{{ .Values.config.isHttpsEnabled}}" {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }} - - name: KEYSTORE_PASS - valueFrom: - secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: keystore_password} - - name: TRUSTSTORE_PASS - valueFrom: - secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: truststore_password} - - name: TRUSTSTORE_PATH - value: "{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }}" - - name: KEYSTORE_PATH - value: "{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }}" - name: TRUST_ALL value: "{{ .Values.config.isTrustAll}}" {{ end }} @@ -93,12 +112,17 @@ spec: - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true - - name: sdc-cert - mountPath: /var/lib/jetty/etc/org.onap.sdc.p12 - subPath: org.onap.sdc.p12 - - name: sdc-cert - mountPath: /var/lib/jetty/etc/org.onap.sdc.trust.jks - subPath: org.onap.sdc.trust.jks + {{- if .Values.global.aafEnabled }} + - name: sdc-certs + mountPath: /sdc-certs + subpath: mycreds.prop + - name: sdc-certs + mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.keystoreFile }} + subPath: {{ .Values.certInitializer.keystoreFile }} + - name: sdc-certs + mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.truststoreFile }} + subPath: {{ .Values.certInitializer.truststoreFile }} + {{ end }} resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -121,13 +145,15 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime - - name: sdc-cert - secret: - secretName: sdc-cert + {{- if .Values.global.aafEnabled }} + - name: sdc-certs + emptyDir: + medium: "Memory" + {{- end }} - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap diff --git a/kubernetes/sdc/charts/sdc-fe/templates/ingress.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/sdc/charts/sdc-fe/templates/ingress.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/ingress.yaml diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml index 96e1c0aee4..96e1c0aee4 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml index 1e6e3fe018..56804924ca 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml @@ -21,13 +21,37 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + aafEnabled: true + +################################################################# +# AAF Part +################################################################# +certInitializer: + nameOverride: sdc-wfd-fe-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: sdc + fqi: sdc@sdc.onap.org + public_fqdn: sdc.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + addconfig: true + keystoreFile: "org.onap.sdc.p12" + truststoreFile: "org.onap.sdc.trust.jks" + permission_user: 352070 + permission_group: 35953 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/workflow-frontend:1.6.4 +image: onap/sdc-workflow-frontend:1.7.0 pullPolicy: Always # flag to enable debugging - application support required @@ -40,11 +64,13 @@ config: # following flag decides whether to check the certificate on the outgoing proxy request or whether to trust all parties isTrustAll: true # https relevant settings. Change in case you have other trust files then default ones. + +#environment file +env: + name: AUTO + security: isDefaultStore: false - truststoreFilename: "org.onap.sdc.trust.jks" - keystoreFilename: "org.onap.sdc.p12" - storePath: "etc" # default number of instances replicaCount: 1 diff --git a/kubernetes/sdc/requirements.yaml b/kubernetes/sdc/requirements.yaml index 2ce7b9dc24..1b7cd0ebb1 100644 --- a/kubernetes/sdc/requirements.yaml +++ b/kubernetes/sdc/requirements.yaml @@ -14,15 +14,23 @@ # limitations under the License. dependencies: - - name: common + - name: sdc-be version: ~6.x-0 - repository: '@local' - - - name: cassandra + repository: 'file://components/sdc-be' + - name: sdc-cs version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local' - condition: global.cassandra.localCluster - + repository: 'file://components/sdc-cs' + - name: sdc-fe + version: ~6.x-0 + repository: 'file://components/sdc-fe' + - name: sdc-onboarding-be + version: ~6.x-0 + repository: 'file://components/sdc-onboarding-be' + - name: sdc-wfd-be + version: ~6.x-0 + repository: 'file://components/sdc-wfd-be' + condition: sdc-wfd.enabled + - name: sdc-wfd-fe + version: ~6.x-0 + repository: 'file://components/sdc-wfd-fe' + condition: sdc-wfd.enabled
\ No newline at end of file diff --git a/kubernetes/sdc/resources/cert/org.onap.sdc.p12 b/kubernetes/sdc/resources/cert/org.onap.sdc.p12 Binary files differdeleted file mode 100644 index 446856071b..0000000000 --- a/kubernetes/sdc/resources/cert/org.onap.sdc.p12 +++ /dev/null diff --git a/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks b/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks Binary files differdeleted file mode 100644 index e6686cc08c..0000000000 --- a/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks +++ /dev/null diff --git a/kubernetes/sdc/resources/config/environments/AUTO.json b/kubernetes/sdc/resources/config/environments/AUTO.json index 2bd165b723..79428f73c6 100755 --- a/kubernetes/sdc/resources/config/environments/AUTO.json +++ b/kubernetes/sdc/resources/config/environments/AUTO.json @@ -1,6 +1,6 @@ { - "name": "{{ .Values.global.env.name }}", - "description": "OpenSource-{{ .Values.global.env.name }}", + "name": "{{ .Values.env.name }}", + "description": "OpenSource-{{ .Values.env.name }}", "cookbook_versions": { "Deploy-SDandC": "= 1.0.0" }, @@ -12,9 +12,6 @@ "CS_VIP": "{{.Values.global.cassandra.serviceName}}.{{include "common.namespace" .}}", "BE_VIP": "sdc-be.{{include "common.namespace" .}}", "ONBOARDING_BE_VIP": "sdc-onboarding-be.{{include "common.namespace" .}}", - "DCAE_BE_VIP": "sdc-dcae-be.{{include "common.namespace" .}}", - "DCAE_FE_VIP": "sdc-dcae-fe.{{include "common.namespace" .}}", - "DCAE_TOSCA_LAB_VIP": "sdc-dcae-tosca-lab.{{include "common.namespace" .}}", "FE_VIP": "sdc-fe.{{include "common.namespace" .}}", "interfaces": { "application": "eth0", @@ -107,7 +104,8 @@ }, "jetty": { "keystore_pwd": "${KEYSTORE_PASS}", - "truststore_pwd": "${TRUSTSTORE_PASS}" + "truststore_pwd": "${TRUSTSTORE_PASS}", + "keymanager_pwd": "${KEYMANAGER_PASS}" } } } diff --git a/kubernetes/sdc/templates/secrets.yaml b/kubernetes/sdc/templates/secrets.yaml index 6187104ce6..dd61412d40 100644 --- a/kubernetes/sdc/templates/secrets.yaml +++ b/kubernetes/sdc/templates/secrets.yaml @@ -36,17 +36,3 @@ data: keystore_password: "{{ .Values.global.secrets.keystore_password }}" # workflow wf_external_user_password: "{{ .Values.global.secrets.wf_external_user_password }}" ---- -apiVersion: v1 -kind: Secret -metadata: - name: sdc-cert - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/cert/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml index 2694b5de80..4cd0597e10 100644 --- a/kubernetes/sdc/values.yaml +++ b/kubernetes/sdc/values.yaml @@ -15,8 +15,6 @@ global: persistence: {} - env: - name: AUTO secrets: sdc_user: YXNkY191c2Vy sdc_password: QWExMjM0JV4h @@ -30,6 +28,7 @@ global: ubuntuInitImage: ubuntu-init:1.0.0 busyboxRepository: registry.hub.docker.com busyboxImage: library/busybox:latest + aafEnabled: true cassandra: #This flag allows SDC to instantiate its own cluster, serviceName #should be sdc-cs if this flag is enabled @@ -44,6 +43,11 @@ global: security: disableHttp: true envsubstImage: dibi/envsubst + +# Environment file +env: + name: AUTO + config: logstashServiceName: log-ls logstashPort: 5044 @@ -60,3 +64,7 @@ cassandra: persistence: mountSubPath: sdc/sdc-cs/CS enabled: true + +# dependency / sub-chart configuration +sdc-wfd: + enabled: true
\ No newline at end of file diff --git a/kubernetes/sdnc/Makefile b/kubernetes/sdnc/Makefile index e4b5dda95d..1518f3c3c6 100644 --- a/kubernetes/sdnc/Makefile +++ b/kubernetes/sdnc/Makefile @@ -20,6 +20,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -40,7 +41,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/sdnc/components/Makefile b/kubernetes/sdnc/components/Makefile index 4e737638a6..c38171c1e5 100644 --- a/kubernetes/sdnc/components/Makefile +++ b/kubernetes/sdnc/components/Makefile @@ -20,6 +20,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -40,7 +41,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties new file mode 100644 index 0000000000..f114a9c65b --- /dev/null +++ b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties @@ -0,0 +1,35 @@ +TransportType=HTTPNOAUTH +Latitude =50.000000 +Longitude =-100.000000 +Version =1.0 +ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events +Environment =TEST +Partner = +routeOffer=MR1 +SubContextPath =/ +Protocol =http +MethodType =GET +username =UNUSED +password =UNUSED +contenttype =application/json +authKey=UNUSED +authDate=UNUSED +host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} +topic=RAN-Slice-Mgmt +group=users +id=sdnc1 +timeout=15000 +limit=1000 +filter= +AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler +AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler +AFT_DME2_REQ_TRACE_ON=true +AFT_ENVIRONMENT=AFTUAT +AFT_DME2_EP_CONN_TIMEOUT=15000 +AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000 +AFT_DME2_EP_READ_TIMEOUT_MS=50000 +sessionstickinessrequired=NO +DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt +sdnc.odl.user=${ODL_USER} +sdnc.odl.password=${ODL_PASSWORD} +sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations diff --git a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml index 4c288b2a6f..e3dfa869ee 100644 --- a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml @@ -104,6 +104,9 @@ spec: - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-oofpcipoc.properties name: properties subPath: dmaap-consumer-oofpcipoc.properties + - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-RANSlice.properties + name: properties + subPath: dmaap-consumer-RANSlice.properties resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/sdnc/components/dmaap-listener/values.yaml b/kubernetes/sdnc/components/dmaap-listener/values.yaml index 1a70926f4f..4c8ff3992a 100644 --- a/kubernetes/sdnc/components/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/values.yaml @@ -55,7 +55,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-dmaap-listener-image:1.8.4 +image: onap/sdnc-dmaap-listener-image:2.0.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml index 7eb32b10e5..654867fcc8 100644 --- a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml @@ -55,7 +55,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ansible-server-image:1.8.4 +image: onap/sdnc-ansible-server-image:2.0.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-web/values.yaml b/kubernetes/sdnc/components/sdnc-web/values.yaml index bcf3cff752..9eb8495da6 100644 --- a/kubernetes/sdnc/components/sdnc-web/values.yaml +++ b/kubernetes/sdnc/components/sdnc-web/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: "onap/sdnc-web-image:1.8.3" +image: "onap/sdnc-web-image:2.0.1" pullPolicy: Always config: diff --git a/kubernetes/sdnc/components/ueb-listener/values.yaml b/kubernetes/sdnc/components/ueb-listener/values.yaml index a8b7c13550..ad5cbda4f3 100644 --- a/kubernetes/sdnc/components/ueb-listener/values.yaml +++ b/kubernetes/sdnc/components/ueb-listener/values.yaml @@ -61,7 +61,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ueb-listener-image:1.8.4 +image: onap/sdnc-ueb-listener-image:2.0.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/resources/config/bin/startODL.oom.sh b/kubernetes/sdnc/resources/config/bin/startODL.oom.sh new file mode 100644 index 0000000000..721f3407d5 --- /dev/null +++ b/kubernetes/sdnc/resources/config/bin/startODL.oom.sh @@ -0,0 +1,322 @@ +#!/bin/bash + +### +# ============LICENSE_START======================================================= +# SDNC +# ================================================================================ +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Update by Copyright (C) 2020 highstreet technologies GmbH. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +### + +# Install SDN-C platform components if not already installed and start container + +# List of used constants, that are provided during container initialization + +ODL_HOME=${ODL_HOME:-/opt/opendaylight/current} +ODL_FEATURES_BOOT_FILE=$ODL_HOME/etc/org.apache.karaf.features.cfg +# +ODL_REMOVEIDMDB=${ODL_REMOVEIDMDB:-false} + +#ODL_CERT_DIR +ODL_ADMIN_USERNAME=${ODL_ADMIN_USERNAME:-admin} +if $ODL_REMOVEIDMDB ; then + echo "Remove odl idmdb" + rm $ODL_HOME/data/idmlight.db.mv.db + ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD:-admin} +else + ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD:-Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U} +fi + +export ODL_ADMIN_PASSWORD ODL_ADMIN_USERNAME + +SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc} +SDNC_BIN=${SDNC_BIN:-/opt/onap/sdnc/bin} +CCSDK_HOME=${CCSDK_HOME:-/opt/onap/ccsdk} + +#- ODL Cluster +ENABLE_ODL_CLUSTER=${ENABLE_ODL_CLUSTER:-false} +#SDNC_REPLICAS + +#- ODL GEO cluster +GEO_ENABLED=${GEO_ENABLED:-false} +#IS_PRIMARY_CLUSTER +#MY_ODL_CLUSTER +#PEER_ODL_CLUSTER + +#- AAF +SDNC_AAF_ENABLED=${SDNC_AAF_ENABLED:-false} + +#- SDN-R +SDNRWT=${SDNRWT:-false} +SDNRWT_BOOTFEATURES=${SDNRWT_BOOTFEATURES:-sdnr-wt-feature-aggregator} +SDNRDM=${SDNRDM:-false} +# Add devicemanager base and specific repositories +SDNRDM_BASE_REPO=${SDNRDM_BASE_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-feature-aggregator-devicemanager-base/$CCSDKFEATUREVERSION/xml/features} +SDNRDM_ONF_REPO=${SDNRDM_ONF_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-devicemanager-onf-feature/$CCSDKFEATUREVERSION/xml/features} +SDNRDM_ORAN_REPO=${SDNRDM_ORAN_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-devicemanager-oran-feature/$CCSDKFEATUREVERSION/xml/features} +SDNRDM_GRAN_REPO=${SDNRDM_GRAN_REPO:-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-devicemanager-gran-feature/$CCSDKFEATUREVERSION/xml/features} +# Add devicemanager features +SDNRDM_SDM_LIST=${SDNRDM_SDM_LIST:-sdnr-wt-devicemanager-onf-feature, sdnr-wt-devicemanager-oran-feature, sdnr-wt-devicemanager-gran-feature} +SDNRDM_BOOTFEATURES=${SDNRDM_BOOTFEATURES:-sdnr-wt-feature-aggregator-devicemanager-base, ${SDNRDM_SDM_LIST}} +SDNRINIT=${SDNRINIT:-false} +SDNRONLY=${SDNRONLY:-false} +SDNRDBURL=${SDNRDBURL:-http://sdnrdb:9200} +#SDNRDBUSERNAME +#SDNRDBPASSWORD +#SDNRDBPARAMETER +SDNRDBCOMMAND=${SDNRDBCOMMAND:--c init -db $SDNRDBURL -dbu $SDNRDBUSERNAME -dbp $SDNRDBPASSWORD $SDNRDBPARAMETER} + +SDNR_NORTHBOUND=${SDNR_NORTHBOUND:-false} +SDNR_NORTHBOUND_BOOTFEATURES=${SDNR_NORTHBOUND_BOOTFEATURES:-sdnr-northbound-all} + +# Functions + +# Test if repository exists, like this mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-devicemanager-oran-feature/0.7.2/xml/features +# $1 repository +function isRepoExisting() { + REPO=$(echo $1 | sed -E "s#mvn:(.*)/xml/features\$#\1#") + OIFS="$IFS" + IFS='/' parts=($REPO) + IFS="$OIFS" + path="$ODL_HOME/system/"${parts[0]//./\/}"/"${parts[1]}"/"${parts[2]} + [ -d "$path" ] +} + +# Add features repository to karaf featuresRepositories configuration +# $1 repositories to be added +function addRepository() { + CFG=$ODL_FEATURES_BOOT_FILE + ORIG=$CFG.orig + if isRepoExisting "$1" ; then + echo "Add repository: $1" + sed -i "\|featuresRepositories|s|$|, $1|" $CFG + else + echo "Repo does not exist: $1" + fi +} + +# Append features to karaf boot feature configuration +# $1 additional feature to be added +# $2 repositories to be added (optional) +function addToFeatureBoot() { + CFG=$ODL_FEATURES_BOOT_FILE + ORIG=$CFG.orig + if [ -n "$2" ] ; then + addRepository $2 + fi + echo "Add boot feature: $1" + sed -i "\|featuresBoot *=|s|$|,$1|" $CFG +} + +# Append features to karaf boot feature configuration +# $1 search pattern +# $2 replacement +function replaceFeatureBoot() { + CFG=$ODL_FEATURES_BOOT_FILE + echo "Replace boot feature $1 with: $2" + sed -i "/featuresBoot/ s/$1/$2/g" $CFG +} + +# Remove all sdnc specific features +function cleanupFeatureBoot() { + echo "Remove northbound bootfeatures " + sed -i "/featuresBoot/ s/,ccsdk-sli-core-all.*$//g" $ODL_FEATURES_BOOT_FILE +} + +function initialize_sdnr() { + echo "SDN-R Database Initialization" + INITCMD="$JAVA_HOME/bin/java -jar " + INITCMD+="$ODL_HOME/system/org/onap/ccsdk/features/sdnr/wt/sdnr-wt-data-provider-setup/$CCSDKFEATUREVERSION/sdnr-dmt.jar " + INITCMD+="$SDNRDBCOMMAND" + echo "Execute: $INITCMD" + n=0 + until [ $n -ge 5 ] ; do + $INITCMD && break + n=$[$n+1] + sleep 15 + done + return $? +} + +function install_sdnrwt_features() { + # Repository setup provided via sdnc dockerfile + if $SDNRWT; then + addRepository $SDNRDM_BASE_REPO + addRepository $SDNRDM_ONF_REPO + addRepository $SDNRDM_ORAN_REPO + addRepository $SDNRDM_GRAN_REPO + + if $SDNRONLY; then + cleanupFeatureBoot + fi + if $SDNRDM; then + addToFeatureBoot "$SDNRDM_BOOTFEATURES" + else + addToFeatureBoot "$SDNRWT_BOOTFEATURES" + fi + fi +} + + +function install_sdnr_northbound_features() { + # Repository setup provided via sdnc dockerfile + addToFeatureBoot "$SDNR_NORTHBOUND_BOOTFEATURES" +} + +# Reconfigure ODL from default single node configuration to cluster + +function enable_odl_cluster(){ + if [ -z $SDNC_REPLICAS ]; then + echo "SDNC_REPLICAS is not configured in Env field" + exit + fi + + # ODL NETCONF setup + echo "Installing Opendaylight cluster features for mdsal and netconf" + + #Be sure to remove feature odl-netconf-connector-all from list + replaceFeatureBoot "odl-netconf-connector-all," + #Activate cluster + replaceFeatureBoot odl-netconf-topology odl-netconf-clustered-topology + replaceFeatureBoot odl-mdsal-all odl-mdsal-all,odl-mdsal-clustering + addToFeatureBoot odl-jolokia + + # ODL Cluster or Geo cluster configuration + + echo "Update cluster information statically" + fqdn=$(hostname -f) + echo "Get current fqdn ${fqdn}" + + # Extract node index using first digit after "-" + # Example 2 from "sdnr-2.logo.ost.das.r32.com" + node_index=($(echo ${fqdn} | sed -r 's/.*-([0-9]).*/\1/g')) + + if $GEO_ENABLED; then + echo "This is a Geo cluster" + + if [ -z $IS_PRIMARY_CLUSTER ] || [ -z $MY_ODL_CLUSTER ] || [ -z $PEER_ODL_CLUSTER ]; then + echo "IS_PRIMARY_CLUSTER, MY_ODL_CLUSTER and PEER_ODL_CLUSTER must all be configured in Env field" + return + fi + + member_offset=1 + if $IS_PRIMARY_CLUSTER; then + PRIMARY_NODE=${MY_ODL_CLUSTER} + SECONDARY_NODE=${PEER_ODL_CLUSTER} + else + PRIMARY_NODE=${PEER_ODL_CLUSTER} + SECONDARY_NODE=${MY_ODL_CLUSTER} + member_offset=4 + fi + + node_list="${PRIMARY_NODE} ${SECONDARY_NODE}" + $SDNC_BIN/configure_geo_cluster.sh $((node_index+member_offset)) ${node_list} + else + echo "This is a local cluster" + for ((i=0;i<${SDNC_REPLICAS};i++)); do + #assemble node list by replaceing node-index in hostname with "i" + node_name=$(echo ${fqdn} | sed -r "s/-[0-9]/-$i/g") + node_list="${node_list} $node_name" + done + echo "Node index: $((node_index+1)) list: ${node_list[@]}" + $ODL_HOME/bin/configure_cluster.sh $((node_index+1)) ${node_list} + fi +} + +# ----------------------- +# Main script starts here + +echo "Image path=${IMAGEPATH}" +echo "Image names=${IMAGENAMES}" +echo "Settings:" +echo " USER=$(whoami)" +echo " SDNC_BIN=$SDNC_BIN" +echo " SDNC_HOME=$SDNC_HOME" +echo " ODL_CERT_DIR=$ODL_CERT_DIR" +echo " CCSDKFEATUREVERSION=$CCSDKFEATUREVERSION" +echo " ENABLE_ODL_CLUSTER=$ENABLE_ODL_CLUSTER" +echo " ODL_REMOVEIDMDB=$ODL_REMOVEIDMDB" +echo " SDNC_REPLICAS=$SDNC_REPLICAS" +echo " SDNRWT=$SDNRWT" +echo " SDNRDM=$SDNRDM" +echo " SDNRONLY=$SDNRONLY" +echo " SDNRINIT=$SDNRINIT" +echo " SDNRDBURL=$SDNRDBURL" +echo " SDNRDBUSERNAME=$SDNRDBUSERNAME" +echo " SDNRDBPASSWORD=$SDNRDBPASSWORD" +echo " GEO_ENABLED=$GEO_ENABLED" +echo " IS_PRIMARY_CLUSTER=$IS_PRIMARY_CLUSTER" +echo " MY_ODL_CLUSTER=$MY_ODL_CLUSTER" +echo " PEER_ODL_CLUSTER=$PEER_ODL_CLUSTER" +echo " AAF_ENABLED=$SDNC_AAF_ENABLED" + +if $SDNC_AAF_ENABLED; then + export SDNC_AAF_STORE_DIR=/opt/app/osaaf/local + export SDNC_AAF_CONFIG_DIR=/opt/app/osaaf/local + export SDNC_KEYPASS=`cat /opt/app/osaaf/local/.pass` + export SDNC_KEYSTORE=org.onap.sdnc.p12 + sed -i '/cadi_prop_files/d' $ODL_HOME/etc/system.properties + echo "cadi_prop_files=$SDNC_AAF_CONFIG_DIR/org.onap.sdnc.props" >> $ODL_HOME/etc/system.properties + + sed -i '/org.ops4j.pax.web.ssl.keystore/d' $ODL_HOME/etc/custom.properties + sed -i '/org.ops4j.pax.web.ssl.password/d' $ODL_HOME/etc/custom.properties + sed -i '/org.ops4j.pax.web.ssl.keypassword/d' $ODL_HOME/etc/custom.properties + echo org.ops4j.pax.web.ssl.keystore=$SDNC_AAF_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties + echo org.ops4j.pax.web.ssl.password=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties + echo org.ops4j.pax.web.ssl.keypassword=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties +fi + +if $SDNRINIT ; then + #One time intialization action + initialize_sdnr + init_result=$? + echo "Result of init script: $init_result" + if $SDNRWT ; then + echo "Proceed to initialize sdnr" + else + exit $init_result + fi +fi + +if [ ! -f ${SDNC_HOME}/.installed ] +then + echo "Installing SDN-C keyStore" + /bin/bash ${SDNC_HOME}/bin/addSdncKeyStore.sh + + if $ENABLE_ODL_CLUSTER ; then enable_odl_cluster ; fi + + if $SDNRWT ; then install_sdnrwt_features ; fi + + if $SDNR_NORTHBOUND ; then install_sdnr_northbound_features ; fi + + echo "Installed at `date`" > ${SDNC_HOME}/.installed +fi + +# Odl configuration done +ODL_FEATURES_BOOT=$(sed -n "/featuresBoot =/p" $ODL_FEATURES_BOOT_FILE) +export ODL_FEATURES_BOOT + +if [ -z "$ODL_CERT_DIR" ] ; then + echo "No certs provided. Skip installation." +else + echo "Start background cert installer" + nohup python ${SDNC_BIN}/installCerts.oom.py & +fi + +echo "Startup opendaylight" +echo $ODL_FEATURES_BOOT +exec ${ODL_HOME}/bin/karaf server diff --git a/kubernetes/sdnc/resources/config/bin/startODL.sh b/kubernetes/sdnc/resources/config/bin/startODL.sh index 6aa796a163..a83fc92890 100755 --- a/kubernetes/sdnc/resources/config/bin/startODL.sh +++ b/kubernetes/sdnc/resources/config/bin/startODL.sh @@ -162,6 +162,7 @@ then fi cp /opt/opendaylight/current/certs/* /tmp +cp /var/custom-certs/* /tmp nohup python ${SDNC_BIN}/installCerts.py & diff --git a/kubernetes/sdnc/resources/config/conf/setenv b/kubernetes/sdnc/resources/config/conf/setenv index 7476e6849a..52c9ff76b4 100644 --- a/kubernetes/sdnc/resources/config/conf/setenv +++ b/kubernetes/sdnc/resources/config/conf/setenv @@ -54,8 +54,8 @@ if [ "x$JAVA_MAX_MEM" = "x" ]; then export JAVA_MAX_MEM="2048m" fi -EXTRA_JAVA_OPTS: "-XX:+UseG1GC -XX:MaxGCPauseMillis={{.Values.config.odl.javaOptions.maxGCPauseMillis}} \ - -XX:ParallelGCThreads={{.Values.config.odl.javaOptions.parallelGCThreads}} -XX:+ParallelRefProcEnabled \ - -XX:+UseStringDeduplication -XX:+PrintGC -XX:+PrintGCDateStamps -XX:+PrintGCDetails \ - -XX:+PrintGCTimeStamps -XX:+UseGCLogFileRotation \ - -XX:NumberOfGCLogFiles={{.Values.config.odl.javaOptions.numberGGLogFiles}} -Xloggc:/var/log/onap/sdnc/gc-%t.log" +EXTRA_JAVA_OPTS=${EXTRA_JAVA_OPTS:-"-XX:+UseG1GC \ + -XX:MaxGCPauseMillis={{.Values.config.odl.javaOptions.maxGCPauseMillis}} \ + -XX:ParallelGCThreads={{.Values.config.odl.javaOptions.parallelGCThreads}} \ + -XX:+ParallelRefProcEnabled \ + -XX:+UseStringDeduplication {{.Values.config.odl.javaOptions.gcLogOptions}}"} diff --git a/kubernetes/sdnc/templates/service.yaml b/kubernetes/sdnc/templates/service.yaml index b434c4025f..e3be4bc46a 100644 --- a/kubernetes/sdnc/templates/service.yaml +++ b/kubernetes/sdnc/templates/service.yaml @@ -49,9 +49,9 @@ spec: targetPort: {{ .Values.service.internalPort4 }} {{ end }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }} - {{ if .Values.config.sdnr.enabled }} - Session Affinity: ClientIP - {{ end }} + {{ if .Values.config.sdnr.enabled }} + sessionAffinity: ClientIP + {{ end }} selector: app.kubernetes.io/name: {{ include "common.name" . }} app.kubernetes.io/instance: {{ include "common.release" . }} diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index d765197f13..8eec50e9ab 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2020 Samsung Electronics, highstreet technologies GmbH +# Copyright © 2020 Samsung Electronics # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -94,6 +94,48 @@ spec: {{ end -}} {{ include "common.certInitializer.initContainer" . | indent 6 }} + {{ if .Values.global.cmpv2Enabled }} + - name: certs-init + image: "{{ .Values.global.repository }}/{{ .Values.global.platform.certServiceClient.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: REQUEST_URL + value: {{ .Values.global.platform.certServiceClient.envVariables.requestURL }} + - name: REQUEST_TIMEOUT + value: "30000" + - name: OUTPUT_PATH + value: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }} + - name: CA_NAME + value: {{ .Values.global.platform.certServiceClient.envVariables.caName }} + - name: COMMON_NAME + value: {{ .Values.global.platform.certServiceClient.envVariables.common_name }} + - name: ORGANIZATION + value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Organization }} + - name: ORGANIZATION_UNIT + value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2OrganizationalUnit }} + - name: LOCATION + value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Location }} + - name: STATE + value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2State }} + - name: COUNTRY + value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Country }} + - name: KEYSTORE_PATH + value: {{ .Values.global.platform.certServiceClient.envVariables.keystorePath }} + - name: KEYSTORE_PASSWORD + value: {{ .Values.global.platform.certServiceClient.envVariables.keystorePassword }} + - name: TRUSTSTORE_PATH + value: {{ .Values.global.platform.certServiceClient.envVariables.truststorePath }} + - name: TRUSTSTORE_PASSWORD + value: {{ .Values.global.platform.certServiceClient.envVariables.truststorePassword }} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }} + name: certs + - mountPath: {{ .Values.global.platform.certServiceClient.secret.mountPath }} + name: certservice-tls-volume + {{ end }} + - name: {{ include "common.name" . }}-chown image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} command: @@ -160,6 +202,8 @@ spec: value: {{ include "common.mariadbService" . }} - name: JAVA_HOME value: "{{ .Values.config.javaHome}}" + - name: JAVA_OPTS + value: "-Xms{{.Values.config.odl.javaOptions.minMemory}} -Xmx{{.Values.config.odl.javaOptions.maxMemory}}" - name: KARAF_CONSOLE_LOG_LEVEL value: "{{ include "common.log.level" . }}" - name: SDNRWT @@ -189,6 +233,9 @@ spec: - mountPath: {{ .Values.config.binDir }}/startODL.sh name: bin subPath: startODL.sh + - mountPath: {{ .Values.config.binDir }}/startODL.oom.sh + name: bin + subPath: startODL.oom.sh - mountPath: {{ .Values.config.binDir }}/installSdncDb.sh name: bin subPath: installSdncDb.sh @@ -235,6 +282,8 @@ spec: - mountPath: {{ .Values.config.odl.etcDir }}/mountpoint-state-provider.properties name: properties subPath: mountpoint-state-provider.properties + - mountPath: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }} + name: certs resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -285,6 +334,12 @@ spec: - name: properties emptyDir: medium: Memory + - name: certs + emptyDir: + medium: Memory + - name: certservice-tls-volume + secret: + secretName: {{ .Values.global.platform.certServiceClient.secret.name }} {{ if not .Values.persistence.enabled }} - name: {{ include "common.fullname" . }}-data emptyDir: {} diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index be4adf4bcd..52a21ea370 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -35,6 +35,31 @@ global: service: mariadb-galera internalPort: 3306 nameOverride: mariadb-galera + # Enabling CMPv2 + cmpv2Enabled: true + platform: + certServiceClient: + image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.0.0 + secret: + name: oom-cert-service-client-tls-secret + mountPath: /etc/onap/oom/certservice/certs/ + envVariables: + # Certificate related + cert_path: /var/custom-certs + cmpv2Organization: "Linux-Foundation" + cmpv2OrganizationalUnit: "ONAP" + cmpv2Location: "San-Francisco" + cmpv2Country: "US" + # Client configuration related + caName: "RA" + common_name: "sdnc.simpledemo.onap.org" + requestURL: "https://oom-cert-service:8443/v1/certificate/" + requestTimeout: "30000" + keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks" + outputType: "P12" + keystorePassword: "secret" + truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks" + truststorePassword: "secret" ################################################################# # Secrets metaconfig @@ -110,7 +135,7 @@ secrets: # application images repository: nexus3.onap.org:10001 pullPolicy: Always -image: onap/sdnc-image:1.8.4 +image: onap/sdnc-image:2.0.1 busyboxRepository: docker.io busyboxImage: busybox:1.30 @@ -160,11 +185,12 @@ config: logstashPort: 5044 ansibleServiceName: sdnc-ansible-server ansiblePort: 8000 - javaHome: /usr/lib/jvm/java-1.8-openjdk + javaHome: /opt/java/openjdk odl: etcDir: /opt/opendaylight/etc binDir: /opt/opendaylight/bin + gcLogDir: /opt/opendaylight/data/log salConfigDir: /opt/opendaylight/system/org/opendaylight/controller/sal-clustering-config salConfigVersion: 1.9.1 akka: @@ -184,7 +210,12 @@ config: javaOptions: maxGCPauseMillis: 100 parallelGCThreads : 3 - numberGGLogFiles: 10 + numberGCLogFiles: 10 + minMemory: 512m + maxMemory: 2048m + gcLogOptions: "" + # Next line enables gc logging + # gcLogOptions: "-Xlog:gc=trace:file={{.Values.config.odl.gcLogDir}}/gc-%t.log}:time,level,tags:filecount={{.Values.config.odl.javaOptions.numberGCLogFiles}}" # enables sdnr functionality sdnr: enabled: true @@ -283,6 +314,8 @@ sdnc-ansible-server: dgbuilder: enabled: true nameOverride: sdnc-dgbuilder + certInitializer: + nameOverride: sdnc-dgbuilder-cert-initializer config: db: dbName: *sdncDbName @@ -404,6 +437,22 @@ persistence: mountSubPath: sdnc/mdsal mdsalPath: /opt/opendaylight/current/daexim +certpersistence: + enabled: true + + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 50Mi + mountPath: /dockerdata-nfs + mountSubPath: sdnc/certs + certPath: /opt/app/osaaf + ##storageClass: "manual" + ingress: enabled: false service: diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/Chart.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/Chart.yaml deleted file mode 100644 index c4fb9a49d5..0000000000 --- a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2020 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP SO ETSI NFVO NS LCM -name: so-etsi-nfvo-ns-lcm -version: 6.0.0 diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml deleted file mode 100644 index 13d72d891b..0000000000 --- a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright © 2020 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -aai: - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}} - version: v19 - endpoint: https://aai.{{ include "common.namespace" . }}:8443 -spring: - security: - usercredentials: - - username: ${ETSI_NFVO_USERNAME} - password: ${ETSI_NFVO_PASSWORD} - role: ETSI-NFVO-Client -server: - port: {{ .Values.containerPort }} - tomcat: - max-threads: 50 -mso: - key: {{ .Values.mso.key }} -so: - adapters: - sol003-adapter: - url: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1 - auth: {{ .Values.so.sol003.adapter.auth }} -etsi-catalog-manager: - base: - {{- if .Values.global.msbEnabled }} - endpoint: https://msb-iag:443/api - http: - client: - ssl: - trust-store: ${TRUSTSTORE} - trust-store-password: ${TRUSTSTORE_PASSWORD} - {{- else }} - endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api - {{- end }} diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/configmap.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/configmap.yaml deleted file mode 100644 index 3b2e50cd0c..0000000000 --- a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/configmap.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright © 2020 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: - LOG_PATH: {{ index .Values.logPath }} - APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-app-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/deployment.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/deployment.yaml deleted file mode 100644 index 0d16ded26d..0000000000 --- a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/deployment.yaml +++ /dev/null @@ -1,92 +0,0 @@ -# Copyright © 2020 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ index .Values.replicaCount }} - minReadySeconds: {{ index .Values.minReadySeconds }} - strategy: - type: {{ index .Values.updateStrategy.type }} - rollingUpdate: - maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} - maxSurge: {{ index .Values.updateStrategy.maxSurge }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }} - containers: - - name: {{ include "common.name" . }} - command: - - sh - args: - - -c - - export ETSI_NFVO_PASSWORD=`htpasswd -bnBC 10 "" $ETSI_NFVO_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`; ./start-app.sh - image: {{ include "common.repository" . }}/{{ .Values.image }} - resources: {{ include "common.resources" . | nindent 12 }} - env: - - name: TRUSTSTORE - value: {{ .Values.global.client.certs.truststore }} - - name: TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: trustStorePassword - {{- if eq .Values.global.security.aaf.enabled true }} - - name: KEYSTORE - value: {{ .Values.global.client.certs.keystore }} - - name: KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: keyStorePassword - {{- end }} - - name: ETSI_NFVO_USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "login") | indent 14 }} - - name: ETSI_NFVO_PASSWORD_INPUT - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "password") | indent 14 }} - envFrom: - - configMapRef: - name: {{ include "common.fullname" . }}-configmap - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 12 }} - - name: logs - mountPath: /app/logs - - name: config - mountPath: /app/config - readOnly: true - - name: {{ include "common.fullname" . }}-truststore - mountPath: /app/client - readonly: true - livenessProbe: - tcpSocket: - port: {{ index .Values.livenessProbe.port }} - initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} - periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} - successThreshold: {{ index .Values.livenessProbe.successThreshold}} - failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} - ports: {{ include "common.containerPorts" . | nindent 12 }} - volumes: {{ include "so.certificate.volumes" . | nindent 8 }} - - name: logs - emptyDir: {} - - name: config - configMap: - name: {{ include "common.fullname" . }}-app-configmap - - name: {{ include "common.fullname" . }}-truststore - secret: - secretName: {{ include "common.release" . }}-so-truststore-secret - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/service.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/service.yaml deleted file mode 100644 index a1290de24b..0000000000 --- a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright © 2020 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.service" . }} diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/values.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/values.yaml deleted file mode 100644 index 20f5de8a60..0000000000 --- a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/values.yaml +++ /dev/null @@ -1,105 +0,0 @@ -# Copyright © 2020 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefixExt: 304 - repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - persistence: - mountPath: /dockerdata-nfs - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: "so-onap-certs" - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' - - uid: etsi-nfvo-nslcm-creds - name: '{{ include "common.release" . }}-so-etsi-nfvo-nslcm-creds' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.etsi.nfvo.nslcm.credsExternalSecret) . }}' - login: '{{ .Values.etsi.nfvo.nslcm.username }}' - password: '{{ .Values.etsi.nfvo.nslcm.password }}' - -################################################################# -# Application configuration defaults. -################################################################# -repository: nexus3.onap.org:10001 -image: onap/so/so-etsi-nfvo-ns-lcm:1.7.1 -pullPolicy: Always - -etsi: - nfvo: - nslcm: - username: so-etsi-nfvo-ns-lcm -replicaCount: 1 -minReadySeconds: 10 -containerPort: 9095 -logPath: ./logs/so-etsi-nfvo-ns-lcm/ -app: so-etsi-nfvo-ns-lcm -service: - type: ClusterIP - name: so-etsi-nfvo-ns-lcm - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" - ports: - - name: nfvo-nslcm-port - port: 9095 -updateStrategy: - type: RollingUpdate - maxUnavailable: 1 - maxSurge: 1 -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - memory: 4Gi - cpu: 2000m - requests: - memory: 1Gi - cpu: 500m - large: - limits: - memory: 8Gi - cpu: 4000m - requests: - memory: 2Gi - cpu: 1000m - unlimited: {} -livenessProbe: - port: 9095 - initialDelaySeconds: 600 - periodSeconds: 60 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 3 -ingress: - enabled: false - service: - - baseaddr: "soetsinfvonslcm" - name: "so-etsi-nfvo-ns-lcm" - port: 9095 - config: - ssl: "redirect" -nodeSelector: {} -tolerations: [] -affinity: {} diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/resources/config/overrides/override.yaml index 88d805d81e..89b6ada3fd 100755 --- a/kubernetes/so/charts/so-ve-vnfm-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/resources/config/overrides/override.yaml @@ -13,7 +13,7 @@ # limitations under the License. server: - port: {{ (index .Values.service.ports 0).port }} + port: {{ include "common.getPort" (dict "global" . "name" "http") }} vevnfmadapter: endpoint: https://msb-iag:30283/api/{{ include "common.servicename" . }}/v1 diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml index d244f7abf5..0620a0b052 100755 --- a/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml @@ -50,7 +50,7 @@ service: "version": "v1", "url": "/", "protocol": "REST", - "port": "{{ (index .Values.service.ports 0).port }}", + "port": "{{ include "common.getPort" (dict "global" . "name" "http") }}", "visualRange": "1" } ]{{ end }} diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml index 2dbfa4ea4a..ee84d60905 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml @@ -72,7 +72,7 @@ spec: readOnly: true - name: {{ include "common.fullname" . }}-truststore mountPath: /app/client - readonly: true + readOnly: true livenessProbe: tcpSocket: port: {{ index .Values.livenessProbe.port }} diff --git a/kubernetes/so/templates/secret.yaml b/kubernetes/so/templates/secret.yaml index bdcecddfa3..5e9a62f00d 100644 --- a/kubernetes/so/templates/secret.yaml +++ b/kubernetes/so/templates/secret.yaml @@ -13,4 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 8d037868a2..328f4f296e 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -449,17 +449,6 @@ so-vnfm-adapter: apiEnforcement: org.onap.so.vnfmAdapterPerm noAuthn: /manage/health -so-etsi-nfvo-ns-lcm: - certSecret: *so-certs - aai: - auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 - mso: - key: 07a7159d3bf51a0e53be7a8f89699be7 - so: - sol003: - adapter: - auth: Basic dm5mbTpwYXNzd29yZDEk - so-mariadb: db: rootPasswordExternalSecretLocalDb: *dbRootPassSecretName diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml index c6987f14ee..a9c92ef7b3 100644 --- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml @@ -56,12 +56,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MSB_PROTO - value: "{{ .Values.global.config.msbprotocol }}" + - name: MSB_HOST + value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: REG_TO_MSB_WHEN_START value: "{{ .Values.global.config.reg_to_msb_when_start }}" volumeMounts: diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml index 21118603f5..96736f6c66 100644 --- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml +++ b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml @@ -28,7 +28,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/gvnfmdriver:1.3.9 +image: onap/vfc/gvnfmdriver:1.4.0 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml index 9b085f8a36..544834d199 100644 --- a/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml @@ -76,12 +76,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MSB_PROTO - value: "{{ .Values.global.config.msbprotocol }}" + - name: MSB_HOST + value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" - name: MYSQL_ROOT_USER diff --git a/kubernetes/vfc/charts/vfc-nslcm/values.yaml b/kubernetes/vfc/charts/vfc-nslcm/values.yaml index 547874145f..7d37810020 100644 --- a/kubernetes/vfc/charts/vfc-nslcm/values.yaml +++ b/kubernetes/vfc/charts/vfc-nslcm/values.yaml @@ -38,7 +38,7 @@ secrets: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/nslcm:1.3.9 +image: onap/vfc/nslcm:1.4.0 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml index 9eee5c7f81..8b32fa4e6e 100644 --- a/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml @@ -53,11 +53,6 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - - name: REG_TO_MSB_WHEN_START - value: "{{ .Values.global.config.reg_to_msb_when_start }}" resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/vfc/charts/vfc-redis/values.yaml b/kubernetes/vfc/charts/vfc-redis/values.yaml index 80924a897a..2761d05999 100644 --- a/kubernetes/vfc/charts/vfc-redis/values.yaml +++ b/kubernetes/vfc/charts/vfc-redis/values.yaml @@ -28,7 +28,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/db:1.3.3 +image: onap/vfc/db:1.3.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml index d61dc9ddfa..7fd74b93f0 100644 --- a/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml @@ -76,12 +76,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MSB_PROTO - value: "{{ .Values.global.config.msbprotocol }}" + - name: MSB_HOST + value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" - name: MYSQL_ROOT_USER diff --git a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml b/kubernetes/vfc/charts/vfc-vnflcm/values.yaml index 89847ca158..fafef0c5f0 100644 --- a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml +++ b/kubernetes/vfc/charts/vfc-vnflcm/values.yaml @@ -38,7 +38,7 @@ secrets: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/vnflcm:1.3.9 +image: onap/vfc/vnflcm:1.4.0 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml index 3eede1904d..bd0b377f79 100644 --- a/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml @@ -76,12 +76,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MSB_PROTO - value: "{{ .Values.global.config.msbprotocol }}" + - name: MSB_HOST + value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" - name: REDIS_HOST diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml b/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml index 6fbc0338e5..67b087fcd0 100644 --- a/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml +++ b/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml @@ -38,7 +38,7 @@ secrets: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/vnfmgr:1.3.8 +image: onap/vfc/vnfmgr:1.3.9 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml index 32c7cd2348..9f2a4c739b 100644 --- a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml @@ -76,12 +76,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MSB_PROTO - value: "{{ .Values.global.config.msbprotocol }}" + - name: MSB_HOST + value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" - name: REDIS_HOST diff --git a/kubernetes/vfc/charts/vfc-vnfres/values.yaml b/kubernetes/vfc/charts/vfc-vnfres/values.yaml index 82b74e08f6..1b6fc792a1 100644 --- a/kubernetes/vfc/charts/vfc-vnfres/values.yaml +++ b/kubernetes/vfc/charts/vfc-vnfres/values.yaml @@ -38,7 +38,7 @@ secrets: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/vnfres:1.3.7 +image: onap/vfc/vnfres:1.3.8 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml index bcae4acf52..32e4133a16 100644 --- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml @@ -72,12 +72,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MSB_PROTO - value: "{{ .Values.global.config.msbprotocol }}" + - name: MSB_HOST + value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: REG_TO_MSB_WHEN_START value: "{{ .Values.global.config.reg_to_msb_when_start }}" volumeMounts: diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml index 18cd207051..7ebd3a5c0e 100644 --- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml +++ b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml @@ -28,7 +28,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/ztevnfmdriver:1.3.6 +image: onap/vfc/ztevnfmdriver:1.3.7 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vnfsdk/templates/deployment.yaml b/kubernetes/vnfsdk/templates/deployment.yaml index 06ce21274e..60edcffbbf 100644 --- a/kubernetes/vnfsdk/templates/deployment.yaml +++ b/kubernetes/vnfsdk/templates/deployment.yaml @@ -73,7 +73,7 @@ spec: name: {{ include "common.name" . }} resources: {{ include "common.resources" . | indent 12 }} - volumes: + volumeMounts: - mountPath: /service/webapps/ROOT/WEB-INF/classes/mybatis/configuration/configuration.xml name: init-data subPath: configuration.xml |