diff options
16 files changed, 350 insertions, 15 deletions
diff --git a/kubernetes/cds/values.yaml b/kubernetes/cds/values.yaml index 5510b3a3a0..edac066f6f 100644 --- a/kubernetes/cds/values.yaml +++ b/kubernetes/cds/values.yaml @@ -84,6 +84,126 @@ mariadb-galera: serviceAccount: nameOverride: *dbServer + mariadbConfiguration: |- + [client] + port=3306 + socket=/opt/bitnami/mariadb/tmp/mysql.sock + plugin_dir=/opt/bitnami/mariadb/plugin + + [mysqld] + lower_case_table_names = 1 + default_storage_engine=InnoDB + basedir=/opt/bitnami/mariadb + datadir=/bitnami/mariadb/data + plugin_dir=/opt/bitnami/mariadb/plugin + tmpdir=/opt/bitnami/mariadb/tmp + socket=/opt/bitnami/mariadb/tmp/mysql.sock + pid_file=/opt/bitnami/mariadb/tmp/mysqld.pid + bind_address=0.0.0.0 + + ## Character set + collation_server=utf8_unicode_ci + init_connect='SET NAMES utf8' + character_set_server=utf8 + + ## MyISAM + key_buffer_size=32M + myisam_recover_options=FORCE,BACKUP + + ## Safety + skip_host_cache + skip_name_resolve + max_allowed_packet=16M + max_connect_errors=1000000 + sql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY + sysdate_is_now=1 + + ## Binary Logging + log_bin=mysql-bin + expire_logs_days=14 + # Disabling for performance per http://severalnines.com/blog/9-tips-going-production-galera-cluster-mysql + sync_binlog=0 + # Required for Galera + binlog_format=row + + ## Caches and Limits + tmp_table_size=32M + max_heap_table_size=32M + # Re-enabling as now works with Maria 10.1.2 + query_cache_type=1 + query_cache_limit=4M + query_cache_size=256M + max_connections=500 + thread_cache_size=50 + open_files_limit=65535 + table_definition_cache=4096 + table_open_cache=4096 + + ## InnoDB + innodb=FORCE + innodb_strict_mode=1 + # Mandatory per https://github.com/codership/documentation/issues/25 + innodb_autoinc_lock_mode=2 + # Per https://www.percona.com/blog/2006/08/04/innodb-double-write/ + innodb_doublewrite=1 + innodb_flush_method=O_DIRECT + innodb_log_files_in_group=2 + innodb_log_file_size=128M + innodb_flush_log_at_trx_commit=1 + innodb_file_per_table=1 + # 80% Memory is default reco. + # Need to re-evaluate when DB size grows + innodb_buffer_pool_size=2G + innodb_file_format=Barracuda + + ## Logging + log_error=/opt/bitnami/mariadb/logs/mysqld.log + slow_query_log_file=/opt/bitnami/mariadb/logs/mysqld.log + log_queries_not_using_indexes=1 + slow_query_log=1 + + ## SSL + ## Use extraVolumes and extraVolumeMounts to mount /certs filesystem + # ssl_ca=/certs/ca.pem + # ssl_cert=/certs/server-cert.pem + # ssl_key=/certs/server-key.pem + + [galera] + wsrep_on=ON + wsrep_provider=/opt/bitnami/mariadb/lib/libgalera_smm.so + wsrep_sst_method=mariabackup + wsrep_slave_threads=4 + wsrep_cluster_address=gcomm:// + wsrep_cluster_name=galera + wsrep_sst_auth="root:" + # Enabled for performance per https://mariadb.com/kb/en/innodb-system-variables/#innodb_flush_log_at_trx_commit + innodb_flush_log_at_trx_commit=2 + # MYISAM REPLICATION SUPPORT # + wsrep_replicate_myisam=ON + + [mariadb] + plugin_load_add=auth_pam + + ## Data-at-Rest Encryption + ## Use extraVolumes and extraVolumeMounts to mount /encryption filesystem + # plugin_load_add=file_key_management + # file_key_management_filename=/encryption/keyfile.enc + # file_key_management_filekey=FILE:/encryption/keyfile.key + # file_key_management_encryption_algorithm=AES_CTR + # encrypt_binlog=ON + # encrypt_tmp_files=ON + + ## InnoDB/XtraDB Encryption + # innodb_encrypt_tables=ON + # innodb_encrypt_temporary_tables=ON + # innodb_encrypt_log=ON + # innodb_encryption_threads=4 + # innodb_encryption_rotate_key_age=1 + + ## Aria Encryption + # aria_encrypt_tables=ON + # encrypt_tmp_disk_tables=ON + cds-blueprints-processor: enabled: true config: diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl index c03be83264..80b4cbc77b 100644 --- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl @@ -17,6 +17,56 @@ # ============LICENSE_END========================================================= */}} {{/* +For internal use only! + +dcaegen2-services-common._ms-specific-env-vars: +This template generates a list of microservice-specific environment variables +as specified in .Values.applicationEnv. The +dcaegen2-services-common.microServiceDeployment uses this template +to add the microservice-specific environment variables to the microservice's container. +These environment variables are in addition to a standard set of environment variables +provided to all microservices. + +The template expects a single argument, pointing to the caller's global context. + +Microservice-specific environment variables can be specified in two ways: + 1. As literal string values. + 2. As values that are sourced from a secret, identified by the secret's + uid and the key within the secret that provides the value. + +The following example shows an example of each type. The example assumes +that a secret has been created using the OOM common secret mechanism, with +a secret uid "example-secret" and a key called "password". + +applicationEnv: + APPLICATION_PASSWORD: + secretUid: example-secret + key: password + APPLICATION_EXAMPLE: "An example value" + +The example would set two environment variables on the microservice's container, +one called "APPLICATION_PASSWORD" with the value set from the "password" key in +the secret with uid "example-secret", and one called "APPLICATION_EXAMPLE" set to +the the literal string "An example value". +*/}} +{{- define "dcaegen2-services-common._ms-specific-env-vars" -}} + {{- $global := . }} + {{- if .Values.applicationEnv }} + {{- range $envName, $envValue := .Values.applicationEnv }} + {{- if kindIs "string" $envValue }} +- name: {{ $envName }} + value: {{ $envValue | quote }} + {{- else }} + {{ if or (not $envValue.secretUid) (not $envValue.key) }} + {{ fail (printf "Env %s definition is not a string and does not contain secretUid or key fields" $envName) }} + {{- end }} +- name: {{ $envName }} + {{- include "common.secret.envFromSecretFast" (dict "global" $global "uid" $envValue.secretUid "key" $envValue.key) | indent 2 }} + {{- end -}} + {{- end }} + {{- end }} +{{- end -}} +{{/* dcaegen2-services-common.microserviceDeployment: This template produces a Kubernetes Deployment for a DCAE microservice. @@ -150,12 +200,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: status.podIP - {{- if .Values.applicationEnv }} - {{- range $envName, $envValue := .Values.applicationEnv }} - - name: {{ $envName }} - value: {{ $envValue | quote }} - {{- end }} - {{- end }} + {{- include "dcaegen2-services-common._ms-specific-env-vars" . | nindent 8 }} {{- if .Values.service }} ports: {{ include "common.containerPorts" . | nindent 10 }} {{- end }} @@ -180,8 +225,9 @@ spec: {{- end }} {{- end }} resources: {{ include "common.resources" . | nindent 2 }} - {{- if or $logDir $certDir }} volumeMounts: + - mountPath: /app-config + name: app-config {{- if $logDir }} - mountPath: {{ $logDir}} name: component-log @@ -190,7 +236,6 @@ spec: - mountPath: {{ $certDir }} name: tls-info {{- end }} - {{- end }} {{- if $logDir }} - image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} diff --git a/kubernetes/sdc/components/sdc-helm-validator/Chart.yaml b/kubernetes/sdc/components/sdc-helm-validator/Chart.yaml new file mode 100644 index 0000000000..5af3bf737b --- /dev/null +++ b/kubernetes/sdc/components/sdc-helm-validator/Chart.yaml @@ -0,0 +1,20 @@ +# ===========LICENSE_START======================================================== +# Copyright (c) 2021 Nokia. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +description: ONAP Service Design and Creation Helm Validator +name: sdc-helm-validator +version: 8.0.0 diff --git a/kubernetes/sdc/components/sdc-helm-validator/requirements.yaml b/kubernetes/sdc/components/sdc-helm-validator/requirements.yaml new file mode 100644 index 0000000000..8e1160ad44 --- /dev/null +++ b/kubernetes/sdc/components/sdc-helm-validator/requirements.yaml @@ -0,0 +1,23 @@ +# ===========LICENSE_START======================================================== +# Copyright (c) 2021 Nokia. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +dependencies: + - name: repositoryGenerator + version: ~8.x-0 + repository: '@local' + - name: common + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/sdc/components/sdc-helm-validator/templates/deployment.yaml b/kubernetes/sdc/components/sdc-helm-validator/templates/deployment.yaml new file mode 100644 index 0000000000..08228ad99c --- /dev/null +++ b/kubernetes/sdc/components/sdc-helm-validator/templates/deployment.yaml @@ -0,0 +1,44 @@ +{{/* +# ===========LICENSE_START======================================================== +# Copyright (c) 2021 Nokia. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: 1 + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: {{ include "common.resources" . | nindent 12 }} + ports: {{ include "common.containerPorts" . | nindent 12 }} + env: + - name: LOG_LEVEL + value: {{ .Values.config.loggingLevel }} + livenessProbe: + httpGet: + path: {{ .Values.liveness.path }} + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/components/sdc-helm-validator/templates/service.yaml b/kubernetes/sdc/components/sdc-helm-validator/templates/service.yaml new file mode 100644 index 0000000000..a5837afc84 --- /dev/null +++ b/kubernetes/sdc/components/sdc-helm-validator/templates/service.yaml @@ -0,0 +1,19 @@ +{{/* +# ===========LICENSE_START======================================================== +# Copyright (c) 2021 Nokia. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.service" . }} diff --git a/kubernetes/sdc/components/sdc-helm-validator/values.yaml b/kubernetes/sdc/components/sdc-helm-validator/values.yaml new file mode 100644 index 0000000000..9c0d90649f --- /dev/null +++ b/kubernetes/sdc/components/sdc-helm-validator/values.yaml @@ -0,0 +1,58 @@ +# ===========LICENSE_START======================================================== +# Copyright (c) 2021 Nokia. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +# Global values +global: + pullPolicy: Always + +image: onap/org.onap.sdc.sdc-helm-validator:1.2.0 +containerPort: &svc_port 8080 + +config: + loggingLevel: INFO + +service: + type: ClusterIP + ports: + - name: &port http + port: *svc_port + +liveness: + initialDelaySeconds: 30 + periodSeconds: 30 + path: /actuator/health + port: *port + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 256Mi + requests: + cpu: 1 + memory: 256Mi + large: + limits: + cpu: 2 + memory: 1Gi + requests: + cpu: 1 + memory: 256Mi + unlimited: {} diff --git a/kubernetes/sdc/requirements.yaml b/kubernetes/sdc/requirements.yaml index 7ed88c50cc..2f2cb6c373 100644 --- a/kubernetes/sdc/requirements.yaml +++ b/kubernetes/sdc/requirements.yaml @@ -34,3 +34,7 @@ dependencies: version: ~8.x-0 repository: 'file://components/sdc-wfd-fe' condition: sdc-wfd.enabled + - name: sdc-helm-validator + version: ~8.x-0 + repository: 'file://components/sdc-helm-validator' + condition: sdc-helm-validator.enabled diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml index fef7dab310..b7476a584e 100644 --- a/kubernetes/sdc/values.yaml +++ b/kubernetes/sdc/values.yaml @@ -63,3 +63,5 @@ cassandra: # dependency / sub-chart configuration sdc-wfd: enabled: true +sdc-helm-validator: + enabled: true diff --git a/kubernetes/so/components/so-bpmn-infra/values.yaml b/kubernetes/so/components/so-bpmn-infra/values.yaml index c7ec266f7c..3e59cbfd74 100755 --- a/kubernetes/so/components/so-bpmn-infra/values.yaml +++ b/kubernetes/so/components/so-bpmn-infra/values.yaml @@ -62,7 +62,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/bpmn-infra:1.8.1 +image: onap/so/bpmn-infra:1.8.2 pullPolicy: Always db: diff --git a/kubernetes/so/components/so-catalog-db-adapter/values.yaml b/kubernetes/so/components/so-catalog-db-adapter/values.yaml index c83172dc24..6308e9f8de 100755 --- a/kubernetes/so/components/so-catalog-db-adapter/values.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/values.yaml @@ -61,7 +61,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/catalog-db-adapter:1.8.1 +image: onap/so/catalog-db-adapter:1.8.2 pullPolicy: Always db: diff --git a/kubernetes/so/components/so-openstack-adapter/values.yaml b/kubernetes/so/components/so-openstack-adapter/values.yaml index 0ecb925802..29fc50b2b2 100755 --- a/kubernetes/so/components/so-openstack-adapter/values.yaml +++ b/kubernetes/so/components/so-openstack-adapter/values.yaml @@ -57,7 +57,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/openstack-adapter:1.8.1 +image: onap/so/openstack-adapter:1.8.2 pullPolicy: Always db: diff --git a/kubernetes/so/components/so-request-db-adapter/values.yaml b/kubernetes/so/components/so-request-db-adapter/values.yaml index 8cf78749de..c117a7434a 100755 --- a/kubernetes/so/components/so-request-db-adapter/values.yaml +++ b/kubernetes/so/components/so-request-db-adapter/values.yaml @@ -57,7 +57,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/request-db-adapter:1.8.1 +image: onap/so/request-db-adapter:1.8.2 pullPolicy: Always db: diff --git a/kubernetes/so/components/so-sdc-controller/values.yaml b/kubernetes/so/components/so-sdc-controller/values.yaml index 36770ad22e..b1d7173a62 100755 --- a/kubernetes/so/components/so-sdc-controller/values.yaml +++ b/kubernetes/so/components/so-sdc-controller/values.yaml @@ -57,7 +57,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/sdc-controller:1.8.1 +image: onap/so/sdc-controller:1.8.2 pullPolicy: Always db: diff --git a/kubernetes/so/components/so-sdnc-adapter/values.yaml b/kubernetes/so/components/so-sdnc-adapter/values.yaml index c8e2abc4b3..9a67ef8220 100755 --- a/kubernetes/so/components/so-sdnc-adapter/values.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/values.yaml @@ -72,7 +72,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/sdnc-adapter:1.8.1 +image: onap/so/sdnc-adapter:1.8.2 pullPolicy: Always org: diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 1358795cec..ba98c344ac 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -162,7 +162,7 @@ dbCreds: userName: so_user adminName: so_admin -image: onap/so/api-handler-infra:1.8.1 +image: onap/so/api-handler-infra:1.8.2 server: aaf: |