diff options
29 files changed, 485 insertions, 88 deletions
diff --git a/kubernetes/common/common/templates/_mariadb.tpl b/kubernetes/common/common/templates/_mariadb.tpl index cd7142fd73..15fb5a4225 100644 --- a/kubernetes/common/common/templates/_mariadb.tpl +++ b/kubernetes/common/common/templates/_mariadb.tpl @@ -41,7 +41,7 @@ */}} {{- define "common.mariadbSecret" -}} {{- if .Values.global.mariadbGalera.localCluster -}} - {{ printf "%s-%s" (include "common.fullname" .) (index .Values "mariadb-galera" "nameOverride") -}} + {{ printf "%s-%s-db-user-credentials" (include "common.fullname" .) (index .Values "mariadb-galera" "nameOverride") -}} {{- else -}} {{ printf "%s-%s" (.Release.Name) (index .Values "mariadb-init" "nameOverride") -}} {{- end -}} @@ -52,7 +52,7 @@ */}} {{- define "common.mariadbSecretParam" -}} {{- if .Values.global.mariadbGalera.localCluster -}} - {{ printf "user-password" -}} + {{ printf "password" -}} {{- else -}} {{ printf "db-user-password" -}} {{- end -}} diff --git a/kubernetes/common/common/templates/_secret.yaml b/kubernetes/common/common/templates/_secret.yaml new file mode 100644 index 0000000000..523d7880f0 --- /dev/null +++ b/kubernetes/common/common/templates/_secret.yaml @@ -0,0 +1,276 @@ +{{/* +# Copyright © 2019 AT&T, Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* + For internal use only! + + Generates a secret header with given name and desired labels. + + The template takes two arguments: + - .global: environment (.) + - .name: name of the secret + + Example call: + {{ include "common.secret._header" (dict "global" . "name" "myFancyName") }} +*/}} +{{- define "common.secret._header" -}} +{{- $global := .global }} +{{- $name := .name }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $name }} + namespace: {{ include "common.namespace" $global }} + labels: + app: {{ include "common.name" $global }} + chart: {{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }} + release: {{ $global.Release.Name }} + heritage: {{ $global.Release.Service }} +type: Opaque +{{- end -}} + +{{/* + For internal use only! + + Pick a value based on "user input" and generation policy. + + The template takes below arguments: + - .global: environment (.) + - .secretName: name of the secret where the value will be placed + - .secretEnv: map of values which configures this secret. This can contain below keys: + - value: Value of secret key provided by user (can be a template inside a string) + - policy: What to do if value is missing or empty. Possible options are: + - generate: Generate a new password deriving it from master password + - required: Fail the deployment if value has not been provided + Defaults to generate. + - name: Name of the key to which this value should be assigned +*/}} +{{- define "common.secret._value" -}} + {{- $global := .global }} + {{- $name := .secretName }} + {{- $secretEnv := .secretEnv }} + {{- $value := tpl $secretEnv.value $global }} + {{- $policy := default "generate" $secretEnv.policy }} + + {{- if $value }} + {{- $value | quote }} + {{- else if eq $policy "generate" }} + {{- include "common.createPassword" (dict "dot" $global "uid" $name) | quote }} + {{- else }} + {{- fail (printf "Value for %s secret %s key not provided" $name $secretEnv.name) }} + {{- end }} +{{- end -}} + + +{{/* + For internal use only! + + Generate a secret name based on provided name or UID. + If UID is provided then the name is generated by appending this UID right after + the chart name. If name is provided, it overrides the name generation algorith + and is used right away. Both name and uid strings may contain a template to be + resolved. + + The template takes below arguments: + - .global: environment (.) + - .uid: string that uniquely identifies this secret within a helm chart + - .name: string that can be used to override default name generation algorithm + and provide a custom name for the secret +*/}} +{{- define "common.secret._genName" -}} + {{- $global := .global }} + {{- $uid := tpl (default "" .uid) $global }} + {{- $name := tpl (default "" .name) $global }} + {{- default (printf "%s-%s" (include "common.fullname" $global) $uid) $name }} +{{- end -}} + +{{/* + Get the real secret name by UID or name, based on the configuration provided by user. + User may decide to not create a new secret but reuse existing one for this deployment + (aka externalSecret). In this case the real name of secret to be used is different + than the one declared in secret definition. This easily retrieve current secret real + name based on declared name or UID even if it has been overrided by the user using + externalSecret option. You should use this template always when you need to reference + a secret created using common.secret template by name. + + The template takes below arguments: + - .global: environment (.) + - .uid: string that uniquely identifies this secret within a helm chart + (can be omitted if name has been provided) + - .name: name which was used to declare a secret + (can be omitted if uid has been provided) +*/}} +{{- define "common.secret.getSecretName" -}} + {{- $global := .global }} + {{- $targetName := include "common.secret._genName" (dict "global" $global "uid" .uid "name" .name) }} + {{- range $secret := $global.Values.secrets }} + {{- $currName := include "common.secret._genName" (dict "global" $global "uid" $secret.uid "name" $secret.name) }} + {{- if eq $currName $targetName }} + {{- $externalSecret := tpl (default "" $secret.externalSecret) $global }} + {{- default $currName $externalSecret }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* + Convenience template which can be used to easily set the value of environment variable + to the value of a key in a secret. + + It takes care of all name mangling, usage of external secrets etc. + + The template takes below arguments: + - .global: environment (.) + - .uid: string that uniquely identifies this secret within a helm chart + (can be omitted if name has been provided) + - .name: name which was used to declare a secret + (can be omitted if uid has been provided) + - .key: Key within this secret which value should be assigned to this variable + + Example usage: + env: + - name: SECRET_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "secret" "key" "password") | indent 8}} +*/}} +{{- define "common.secret.envFromSecret" -}} + {{- $key := .key }} +valueFrom: + secretKeyRef: + name: {{ include "common.secret.getSecretName" . }} + key: {{ $key }} +{{- end -}} + +{{/* + Define secrets to be used by chart. + Every secret has a type which is one of: + - generic: + Generic secret template that allows to input some raw data (from files). + File Input can be passed as list of files (filePaths) or as a single string + (filePath) + - genericKV: + Type of secret which allows you to define a list of key value pairs. + The list is assiged to envs value. Every item may define below items: + - name: + Identifier of this value within secret + - value: + String that defines a value associated with given key. + This can be a simple string or a template. + - policy: + Defines what to do if value is not provided by the user. + Available options are: + - generate: + Generate a value by derriving it from master password + - required: + Fail the deployment + - password: + Type of secret that holds only the password. + Only two items can be defined for this type: + - password: + Equivalent of value field from genericKV + - policy: + The same meaning as for genericKV policy field + - basicAuth: + Type of secret that holds both username and password. + Below fields are available: + - login: + The value for login key. + This can be a simple string or a template. + Providing a value for login is always required. + - password: + The value for password key. + This can be a simple string or a template. + - passwordPolicy: + The same meaning as the policy field in genericKV. + Only the policy for password can be set. + + Every secret can be identified using: + - uid: + A string to be appended to the chart fullname to generate a secret name. + - name: + Overrides default secret name generation and allows to set immutable + and globaly unique name + + To allow sharing a secret between the components and allow to pre-deploy secrets + before ONAP deployment it is possible to use already existing secret instead of + creating a new one. For this purpose externalSecret field can be used. If value of + this field is evaluated to true no new secret is created, only the name of the + secret is aliased to the external one. + + Example usage: + secrets.yaml: + {{ include "common.secret" . }} + + values.yaml: + mysqlLogin: "root" + + mysqlExternalSecret: "some-other-secret-name" + + secrets: + - uid: "mysql" + externalSecret: '{{ tpl .Values.passExternalSecret . }}' + type: basicAuth + login: '{{ .Values.mysqlLogin }}' + mysqlPassword: '{{ .Values.mysqlPassword }}' + passwordPolicy: generate + + In the above example new secret is not going to be created. + Already existing one (some-other-secret-name) is going to be used. + To force creating a new one, just make sure that mysqlExternalSecret + is not set. + +*/}} +{{- define "common.secret" -}} + {{- $global := . }} + {{- range $secret := .Values.secrets }} + {{- $name := include "common.secret._genName" (dict "global" $global "uid" $secret.uid "name" $secret.name) }} + {{- $type := default "generic" $secret.type }} + {{- $externalSecret := tpl (default "" $secret.externalSecret) $global }} + {{- if not $externalSecret }} +--- + {{ include "common.secret._header" (dict "global" $global "name" $name) }} + + {{- if eq $type "generic" }} +data: + {{- range $curFilePath := $secret.filePaths }} + {{ tpl ($global.Files.Glob $curFilePath).AsSecrets $global | indent 2 }} + {{- end }} + {{- if $secret.filePath }} + {{ tpl ($global.Files.Glob $secret.filePath).AsSecrets $global | indent 2 }} + {{- end }} + {{- else if eq $type "genericKV" }} +stringData: + {{- if $secret.envs }} + {{- range $secretEnv := $secret.envs }} + {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }} + {{ $secretEnv.name }}: {{ include "common.secret._value" $valueDesc }} + {{- end }} + {{- end }} + {{- else if eq $type "password" }} + {{- $secretEnv := (dict "policy" (default "generate" $secret.policy) "name" "password" "value" $secret.password) }} + {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }} +stringData: + password: {{ include "common.secret._value" $valueDesc }} + {{- else if eq $type "basicAuth" }} +stringData: + {{- $secretEnv := (dict "policy" "required" "name" "login" "value" $secret.login) }} + {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }} + login: {{ include "common.secret._value" $valueDesc }} + {{- $secretEnv := (dict "policy" (default "generate" $secret.passwordPolicy) "name" "password" "value" $secret.password) }} + {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }} + password: {{ include "common.secret._value" $valueDesc }} + {{- end }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml index a5f1578159..408bd1814c 100644 --- a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml +++ b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2019 Amdocs, Bell Canada +# Copyright © 2019 Amdocs, Bell Canada, Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -86,10 +86,7 @@ spec: echo "Backup Successful!!!" env: - name: DB_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.fullname" . }} - key: db-root-password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 14}} volumeMounts: - name: backup-dir mountPath: /backup @@ -99,10 +96,7 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.fullname" . }} - key: db-root-password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 14}} command: - /bin/bash - -c diff --git a/kubernetes/common/mariadb-galera/templates/secrets.yaml b/kubernetes/common/mariadb-galera/templates/secrets.yaml index 233158f791..3f8eb0b6de 100644 --- a/kubernetes/common/mariadb-galera/templates/secrets.yaml +++ b/kubernetes/common/mariadb-galera/templates/secrets.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2019 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,18 +12,4 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -type: Opaque -data: - db-root-password: {{ .Values.config.mariadbRootPassword | b64enc | quote }} - user-password: {{ default "" .Values.config.userPassword | b64enc | quote }}
\ No newline at end of file +{{ include "common.secret" . }} diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml index c3cb4aaaf4..a9f1fb37b7 100644 --- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml +++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml @@ -1,4 +1,4 @@ -# Copyright © 2019 Amdocs, Bell Canada, Orange +# Copyright © 2019 Amdocs, Bell Canada, Orange, Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -61,19 +61,13 @@ spec: apiVersion: v1 fieldPath: metadata.namespace - name: MYSQL_USER - value: {{ default "" .Values.config.userName | quote }} + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-credentials" "key" "login") | indent 14}} - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: user-password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-credentials" "key" "password") | indent 14}} - name: MYSQL_DATABASE value: {{ default "" .Values.config.mysqlDatabase | quote }} - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-root-password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 14}} ports: - containerPort: {{ .Values.service.internalPort }} name: {{ .Values.service.portName }} diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index 14215e46de..a6dd1ca359 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2019 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +14,21 @@ # limitations under the License. ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: "db-root-password" + type: password + externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}' + password: '{{ .Values.config.mariadbRootPassword }}' + - uid: "db-user-credentials" + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.userName }}' + password: '{{ .Values.config.userPassword }}' + + +################################################################# # Global configuration defaults. ################################################################# global: @@ -41,7 +57,9 @@ pullPolicy: IfNotPresent # application configuration config: + # .mariadbRootPasswordExternalSecret: 'some-external-secret' mariadbRootPassword: secretpassword + # .userCredentialsExternalSecret: 'some-external-secret' userName: my-user userPassword: my-password mysqlDatabase: my-database diff --git a/kubernetes/common/mariadb-init/templates/_mariadb.tpl b/kubernetes/common/mariadb-init/templates/_mariadb.tpl index 4f111a5f40..fb3f7974b9 100644 --- a/kubernetes/common/mariadb-init/templates/_mariadb.tpl +++ b/kubernetes/common/mariadb-init/templates/_mariadb.tpl @@ -19,7 +19,7 @@ */}} {{- define "mariadbInit.mariadbClusterSecret" -}} {{- if (eq "default" .Values.global.mariadbGalera.userRootSecret) -}} - {{- printf "%s-mariadb-galera-%s" (include "common.release" .) .Values.global.mariadbGalera.nameOverride -}} + {{- printf "%s-mariadb-galera-%s-db-root-password" (include "common.release" .) .Values.global.mariadbGalera.nameOverride -}} {{- else -}} {{- .Values.global.mariadbGalera.userRootSecret -}} {{- end -}} diff --git a/kubernetes/common/mariadb-init/values.yaml b/kubernetes/common/mariadb-init/values.yaml index 095ff62ddf..d148ba6888 100644 --- a/kubernetes/common/mariadb-init/values.yaml +++ b/kubernetes/common/mariadb-init/values.yaml @@ -24,7 +24,7 @@ global: servicePort: 3306 # set these two values if you want to access an 'out of ONAP' mariadb userRootSecret: default - userRootSecretKey: db-root-password + userRootSecretKey: password ################################################################# # Application configuration defaults. diff --git a/kubernetes/multicloud/charts/multicloud-fcaps/resources/config/log/log.yml b/kubernetes/multicloud/charts/multicloud-fcaps/resources/config/log/log.yml index dced27d69f..49e532065d 100644 --- a/kubernetes/multicloud/charts/multicloud-fcaps/resources/config/log/log.yml +++ b/kubernetes/multicloud/charts/multicloud-fcaps/resources/config/log/log.yml @@ -34,7 +34,7 @@ handlers: class: "logging.handlers.RotatingFileHandler" filename: "/var/log/onap/multicloud/openstack/fcaps/fcaps.log" formatter: "mdcFormat" - maxBytes: 1024*1024*50 + maxBytes: 52428800 backupCount: 10 formatters: diff --git a/kubernetes/multicloud/charts/multicloud-pike/resources/config/log/log.yml b/kubernetes/multicloud/charts/multicloud-pike/resources/config/log/log.yml index 935d9ca62e..8e40564093 100644 --- a/kubernetes/multicloud/charts/multicloud-pike/resources/config/log/log.yml +++ b/kubernetes/multicloud/charts/multicloud-pike/resources/config/log/log.yml @@ -34,7 +34,7 @@ handlers: class: "logging.handlers.RotatingFileHandler" filename: "/var/log/onap/multicloud/openstack/pike/pike.log" formatter: "mdcFormat" - maxBytes: 1024*1024*50 + maxBytes: 52428800 backupCount: 10 formatters: diff --git a/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/log.yml b/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/log.yml index 30445572d9..8ec5449266 100644 --- a/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/log.yml +++ b/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/log.yml @@ -34,7 +34,7 @@ handlers: class: "logging.handlers.RotatingFileHandler" filename: "/var/log/onap/multicloud/openstack/starlingx/starlingx.log" formatter: "mdcFormat" - maxBytes: 1024*1024*50 + maxBytes: 52428800 backupCount: 10 formatters: diff --git a/kubernetes/multicloud/charts/multicloud-windriver/resources/config/log/log.yml b/kubernetes/multicloud/charts/multicloud-windriver/resources/config/log/log.yml index e606d03ce3..7e1735df08 100644 --- a/kubernetes/multicloud/charts/multicloud-windriver/resources/config/log/log.yml +++ b/kubernetes/multicloud/charts/multicloud-windriver/resources/config/log/log.yml @@ -34,7 +34,7 @@ handlers: class: "logging.handlers.RotatingFileHandler" filename: "/var/log/onap/multicloud/openstack/windriver/titanium_cloud.log" formatter: "mdcFormat" - maxBytes: 1024*1024*50 + maxBytes: 52428800 backupCount: 10 formatters: diff --git a/kubernetes/policy/charts/policy-apex-pdp/templates/configmap.yaml b/kubernetes/policy/charts/policy-apex-pdp/templates/configmap.yaml index 3fb63718d7..23fd1b56d0 100644 --- a/kubernetes/policy/charts/policy-apex-pdp/templates/configmap.yaml +++ b/kubernetes/policy/charts/policy-apex-pdp/templates/configmap.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright (C) 2020 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,4 +29,4 @@ binaryData: {{- end }} {{- end }} data: -{{ tpl (.Files.Glob "resources/config/*.json").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/*.{json,xml}").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/charts/policy-api/templates/configmap.yaml b/kubernetes/policy/charts/policy-api/templates/configmap.yaml index adf917a942..e2a3de7756 100644 --- a/kubernetes/policy/charts/policy-api/templates/configmap.yaml +++ b/kubernetes/policy/charts/policy-api/templates/configmap.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright (C) 2020 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,4 +29,4 @@ binaryData: {{- end }} {{- end }} data: -{{ tpl (.Files.Glob "resources/config/config.json").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/*.{json,xml}").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/charts/policy-distribution/templates/configmap.yaml b/kubernetes/policy/charts/policy-distribution/templates/configmap.yaml index 984fb18b23..23fd1b56d0 100644 --- a/kubernetes/policy/charts/policy-distribution/templates/configmap.yaml +++ b/kubernetes/policy/charts/policy-distribution/templates/configmap.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright (C) 2020 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,4 +29,4 @@ binaryData: {{- end }} {{- end }} data: -{{ tpl (.Files.Glob "resources/config/config.json").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/*.{json,xml}").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/charts/policy-pap/templates/configmap.yaml b/kubernetes/policy/charts/policy-pap/templates/configmap.yaml index 13d993dba9..372bf4dcca 100644 --- a/kubernetes/policy/charts/policy-pap/templates/configmap.yaml +++ b/kubernetes/policy/charts/policy-pap/templates/configmap.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2019 Nordix Foundation. +# Copyright (C) 2019-2020 Nordix Foundation. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,4 +28,4 @@ binaryData: {{- end }} {{- end }} data: -{{ tpl (.Files.Glob "resources/config/*.json").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/*.{json,xml}").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/configmap.yaml b/kubernetes/policy/charts/policy-xacml-pdp/templates/configmap.yaml index f725c3add7..3ca4f82963 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/templates/configmap.yaml +++ b/kubernetes/policy/charts/policy-xacml-pdp/templates/configmap.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright (C) 2020 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,4 +29,4 @@ binaryData: {{- end }} {{- end }} data: -{{ tpl (.Files.Glob "resources/config/*.{json,properties}").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/*.{json,properties,xml}").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index ef0e6b137e..ca1a8a3c21 100644 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -120,6 +120,9 @@ mariadb-galera: persistence: enabled: true mountSubPath: policy/maria/data + externalConfig: |- + [mysqld] + lower_case_table_names = 1 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/pomba/charts/pomba-data-router/templates/pv.yaml b/kubernetes/pomba/charts/pomba-data-router/templates/pv.yaml index 184728f8ad..63829cb185 100644 --- a/kubernetes/pomba/charts/pomba-data-router/templates/pv.yaml +++ b/kubernetes/pomba/charts/pomba-data-router/templates/pv.yaml @@ -15,6 +15,7 @@ */}} {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +{{- if eq "True" (include "common.needPV" .) -}} kind: PersistentVolume apiVersion: v1 metadata: @@ -31,7 +32,9 @@ spec: storage: {{ .Values.persistence.size}} accessModes: - {{ .Values.persistence.accessMode }} + storageClassName: "{{ include "common.fullname" . }}-data" persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} hostPath: path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }} {{- end -}} +{{- end -}} diff --git a/kubernetes/pomba/charts/pomba-data-router/templates/pvc.yaml b/kubernetes/pomba/charts/pomba-data-router/templates/pvc.yaml index e27c3311e9..49f1d6886f 100644 --- a/kubernetes/pomba/charts/pomba-data-router/templates/pvc.yaml +++ b/kubernetes/pomba/charts/pomba-data-router/templates/pvc.yaml @@ -25,24 +25,16 @@ metadata: chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" release: "{{ .Release.Name }}" heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} {{- if .Values.persistence.annotations }} annotations: {{ toYaml .Values.persistence.annotations | indent 4 }} {{- end }} spec: - selector: - matchLabels: - name: {{ include "common.fullname" . }} accessModes: - {{ .Values.persistence.accessMode }} + storageClassName: {{ include "common.storageClass" . }} resources: requests: storage: {{ .Values.persistence.size }} -{{- if .Values.persistence.storageClass }} -{{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" -{{- end }} -{{- end }} {{- end -}} diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/templates/deployment.yaml b/kubernetes/pomba/charts/pomba-elasticsearch/templates/deployment.yaml index 93b5539cfc..2e6f1fde54 100644 --- a/kubernetes/pomba/charts/pomba-elasticsearch/templates/deployment.yaml +++ b/kubernetes/pomba/charts/pomba-elasticsearch/templates/deployment.yaml @@ -108,10 +108,18 @@ spec: - key: elasticsearch.yml path: elasticsearch.yml - name: {{ include "common.fullname" . }}-data + {{- if .Values.persistence.enabled }} persistentVolumeClaim: claimName: {{ include "common.fullname" . }} + {{- else }} + emptyDir: {} + {{- end }} - name: {{ include "common.fullname" . }}-logs - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPathLogs }} + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-logs + {{- else }} + emptyDir: {} + {{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/templates/pv.yaml b/kubernetes/pomba/charts/pomba-elasticsearch/templates/pv-data.yaml index 31230a9ed7..7c6cfe543d 100644 --- a/kubernetes/pomba/charts/pomba-elasticsearch/templates/pv.yaml +++ b/kubernetes/pomba/charts/pomba-elasticsearch/templates/pv-data.yaml @@ -1,4 +1,21 @@ +{{/* +# Copyright © 2019 Amdocs, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +{{- if eq "True" (include "common.needPV" .) -}} kind: PersistentVolume apiVersion: v1 metadata: @@ -16,6 +33,8 @@ spec: accessModes: - {{ .Values.persistence.accessMode }} persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" . }}-data" hostPath: path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }} {{- end -}} +{{- end -}} diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/templates/pv-logs.yaml b/kubernetes/pomba/charts/pomba-elasticsearch/templates/pv-logs.yaml new file mode 100644 index 0000000000..a4cccd2af7 --- /dev/null +++ b/kubernetes/pomba/charts/pomba-elasticsearch/templates/pv-logs.yaml @@ -0,0 +1,40 @@ +{{/* +# Copyright © 2019 Amdocs, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +{{- if eq "True" (include "common.needPV" .) -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-logs + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }}-logs +spec: + capacity: + storage: {{ .Values.persistence.size}} + accessModes: + - {{ .Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" . }}-logs" + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPathLogs }} +{{- end -}} +{{- end -}} diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/templates/pvc-data.yaml b/kubernetes/pomba/charts/pomba-elasticsearch/templates/pvc-data.yaml new file mode 100644 index 0000000000..b536d7b58d --- /dev/null +++ b/kubernetes/pomba/charts/pomba-elasticsearch/templates/pvc-data.yaml @@ -0,0 +1,40 @@ +{{/* +# Copyright © 2019 Amdocs, Bell Canada, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + accessModes: + - {{ .Values.persistence.accessMode }} + storageClassName: {{ include "common.storageClass" . }} + resources: + requests: + storage: {{ .Values.persistence.size }} +{{- end -}} diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/templates/pvc-logs.yaml b/kubernetes/pomba/charts/pomba-elasticsearch/templates/pvc-logs.yaml new file mode 100644 index 0000000000..ec8e75be99 --- /dev/null +++ b/kubernetes/pomba/charts/pomba-elasticsearch/templates/pvc-logs.yaml @@ -0,0 +1,44 @@ +{{/* +# Copyright © 2019 Amdocs, Bell Canada, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-logs + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }}-logs +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + accessModes: + - {{ .Values.persistence.accessMode }} +{{- if eq "True" (include "common.needPV" .) }} + storageClassName: "{{ include "common.fullname" . }}-logs" +{{- else }} + storageClassName: {{ include "common.storageClass" . }} +{{- end }} + resources: + requests: + storage: {{ .Values.persistence.size }} +{{- end -}} diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/templates/pvc.yaml b/kubernetes/pomba/charts/pomba-elasticsearch/templates/pvc.yaml deleted file mode 100644 index c046f4604a..0000000000 --- a/kubernetes/pomba/charts/pomba-elasticsearch/templates/pvc.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - selector: - matchLabels: - name: {{ include "common.fullname" . }} - accessModes: - - {{ .Values.persistence.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.size }} -{{- end -}} diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/aai-environment.properties b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/aai-environment.properties index 2d600ce41a..cd5c62e96b 100644 --- a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/aai-environment.properties +++ b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/aai-environment.properties @@ -5,7 +5,7 @@ trustStorePath=/auth/tomcat_keystore #trustStorePassword intentionally left blank trustStorePassword.x= keyStorePath=/auth/client-cert-onap.p12 -keyStorePassword.x=dfcfd1003bdde18de8efea3c8661510e +keyStorePassword.x=OBF: keyManagerFactoryAlgorithm=SunX509 keyStoreType=PKCS12 securityProtocol=TLS diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-audit-result.properties b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-audit-result.properties index f15f46dd11..7d335aed50 100644 --- a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-audit-result.properties +++ b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-audit-result.properties @@ -18,5 +18,5 @@ poa-audit-result.name=POA-AUDIT-RESULT poa-audit-result.host=message-router:3904 poa-audit-result.publisher.partition=1 poa-audit-result.username= -poa-audit-result.password= +poa-audit-result.password=OBF: poa-audit-result.transport.type=HTTPAUTH diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-rule-validation.properties b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-rule-validation.properties index 79aa5398ae..15c60afcc4 100644 --- a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-rule-validation.properties +++ b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-rule-validation.properties @@ -17,7 +17,7 @@ poa-rule-validation.name=POA-RULE-VALIDATION poa-rule-validation.host=message-router:3904 poa-rule-validation.username= -poa-rule-validation.password= +poa-rule-validation.password=OBF: poa-rule-validation.consumer.group=poa-validator-test poa-rule-validation.consumer.id=test poa-rule-validation.transport.type=HTTPAUTH |