diff options
47 files changed, 1655 insertions, 19 deletions
diff --git a/kubernetes/common/Makefile b/kubernetes/common/Makefile index 941c2f84df..eb782b4fd8 100644 --- a/kubernetes/common/Makefile +++ b/kubernetes/common/Makefile @@ -22,6 +22,8 @@ COMMON_CHARTS_DIR := common EXCLUDES := HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER != helm version --template "{{.Version}}" + .PHONY: $(EXCLUDES) $(HELM_CHARTS) all: $(COMMON_CHARTS_DIR) $(HELM_CHARTS) @@ -41,7 +43,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/common/cassandra/templates/pv.yaml b/kubernetes/common/cassandra/templates/pv.yaml index 76a224ab5f..a0d998cd07 100644 --- a/kubernetes/common/cassandra/templates/pv.yaml +++ b/kubernetes/common/cassandra/templates/pv.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.replicaPV" . }} diff --git a/kubernetes/common/cassandra/templates/service.yaml b/kubernetes/common/cassandra/templates/service.yaml index 0b91076f82..8934d41c33 100644 --- a/kubernetes/common/cassandra/templates/service.yaml +++ b/kubernetes/common/cassandra/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, AT&T, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.headlessService" . }} diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml index 96139ce988..2bcafd9ade 100644 --- a/kubernetes/common/cassandra/templates/statefulset.yaml +++ b/kubernetes/common/cassandra/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, AT&T, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet diff --git a/kubernetes/common/common/templates/_createPassword.tpl b/kubernetes/common/common/templates/_createPassword.tpl index bfa96daf64..bfd0999e16 100644 --- a/kubernetes/common/common/templates/_createPassword.tpl +++ b/kubernetes/common/common/templates/_createPassword.tpl @@ -32,6 +32,9 @@ {{ else if eq "testRelease" (include "common.release" .) }} {{/* Special case for chart liniting. DON"T NAME YOUR PRODUCTION RELEASE testRelease */}} {{- printf "testRelease" -}} + {{ else if eq "test-release" .Release.Name }} + {{/* Special case for chart linting in helm3. DON"T NAME YOUR PRODUCTION RELEASE test-release */}} + {{- printf "testRelease" -}} {{ else }} {{ fail "masterPassword not provided" }} {{ end }} diff --git a/kubernetes/common/dgbuilder/templates/ingress.yaml b/kubernetes/common/dgbuilder/templates/ingress.yaml index 0cd8cfbd36..4392308e38 100644 --- a/kubernetes/common/dgbuilder/templates/ingress.yaml +++ b/kubernetes/common/dgbuilder/templates/ingress.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,5 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +*/}} {{ include "common.ingress" . }} diff --git a/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml index 9e826ae311..583c2d7429 100644 --- a/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml +++ b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.enabled }} {{- range $kind, $enabled := .Values.hooks }} {{- if $enabled }} diff --git a/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml b/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml index dc2a430922..2af57aae77 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.enabled }} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml index ea769d1291..b9e2c05d1a 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.enabled }} {{ $role := "curator" -}} {{ $suffix := $role -}} diff --git a/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml b/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml index 6fe032d818..628cdd1d73 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if and .Values.enabled .Values.psp.create }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy diff --git a/kubernetes/common/elasticsearch/components/curator/templates/role.yaml b/kubernetes/common/elasticsearch/components/curator/templates/role.yaml index 0d189f448b..f124a44c85 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/role.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/role.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if and .Values.enabled .Values.rbac.enabled }} kind: Role apiVersion: rbac.authorization.k8s.io/v1 diff --git a/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml b/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml index b112468dc3..f10b14231f 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if and .Values.enabled .Values.rbac.enabled }} kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml index 0bd4ae0999..a1732cfedc 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if and .Values.enabled .Values.serviceAccount.create .Values.rbac.enabled }} apiVersion: v1 kind: ServiceAccount diff --git a/kubernetes/common/elasticsearch/components/data/templates/pv.yaml b/kubernetes/common/elasticsearch/components/data/templates/pv.yaml index c713ec81ac..133984c800 100644 --- a/kubernetes/common/elasticsearch/components/data/templates/pv.yaml +++ b/kubernetes/common/elasticsearch/components/data/templates/pv.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}} diff --git a/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml index 2ac3880886..4a8ef08946 100644 --- a/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml +++ b/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount diff --git a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml index aeb14a1b61..98d533d4e2 100644 --- a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml +++ b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet {{ $role := "data" -}} diff --git a/kubernetes/common/elasticsearch/components/master/templates/pv.yaml b/kubernetes/common/elasticsearch/components/master/templates/pv.yaml index c713ec81ac..133984c800 100644 --- a/kubernetes/common/elasticsearch/components/master/templates/pv.yaml +++ b/kubernetes/common/elasticsearch/components/master/templates/pv.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}} diff --git a/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml index 05a3af37f2..323b9fc318 100644 --- a/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml +++ b/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.serviceAccount.create }} diff --git a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml index 626747f075..6744f75f26 100644 --- a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml +++ b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet diff --git a/kubernetes/common/elasticsearch/components/master/templates/svc.yaml b/kubernetes/common/elasticsearch/components/master/templates/svc.yaml index 8d66ef082e..ca94e242a4 100644 --- a/kubernetes/common/elasticsearch/components/master/templates/svc.yaml +++ b/kubernetes/common/elasticsearch/components/master/templates/svc.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,9 +12,10 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ $role := "master" -}} {{ $labels := (dict "role" $role) -}} {{ $matchLabels := (dict "role" $role) }} -{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }}
\ No newline at end of file +{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }} diff --git a/kubernetes/common/elasticsearch/templates/_helpers.tpl b/kubernetes/common/elasticsearch/templates/_helpers.tpl index fdbe82f855..6e745bd560 100644 --- a/kubernetes/common/elasticsearch/templates/_helpers.tpl +++ b/kubernetes/common/elasticsearch/templates/_helpers.tpl @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. diff --git a/kubernetes/common/elasticsearch/templates/configmap-es.yaml b/kubernetes/common/elasticsearch/templates/configmap-es.yaml index 38234da0cf..7138e4e094 100644 --- a/kubernetes/common/elasticsearch/templates/configmap-es.yaml +++ b/kubernetes/common/elasticsearch/templates/configmap-es.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.config }} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml index 8ec38626e6..cf9ef73e52 100644 --- a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml +++ b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment {{ $role := "coordinating-only" -}} diff --git a/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml b/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml index 610c7d68c1..d7fd447846 100644 --- a/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml +++ b/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ $role := "coordinating-only" -}} {{ $labels := (dict "role" $role) -}} diff --git a/kubernetes/common/elasticsearch/templates/discovery-svc.yaml b/kubernetes/common/elasticsearch/templates/discovery-svc.yaml index fa79c29eca..9750be7b80 100644 --- a/kubernetes/common/elasticsearch/templates/discovery-svc.yaml +++ b/kubernetes/common/elasticsearch/templates/discovery-svc.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- $matchLabels := (dict "discovery" (include "elasticsearch.clustername" .) "nameNoMatch" "useDiscoveryService") }} {{ include "common.headlessService" (dict "matchLabels" $matchLabels "dot" .) }} diff --git a/kubernetes/common/elasticsearch/templates/secrets.yaml b/kubernetes/common/elasticsearch/templates/secrets.yaml index 359e8975e1..b8cd0686c4 100644 --- a/kubernetes/common/elasticsearch/templates/secrets.yaml +++ b/kubernetes/common/elasticsearch/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada # Copyright © 2019 Samsung Electronics # @@ -12,4 +13,5 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/common/elasticsearch/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/templates/serviceaccount.yaml index 49ad504da6..a9b54882f1 100644 --- a/kubernetes/common/elasticsearch/templates/serviceaccount.yaml +++ b/kubernetes/common/elasticsearch/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount diff --git a/kubernetes/common/etcd/templates/pv.yaml b/kubernetes/common/etcd/templates/pv.yaml index ed1344d4c1..ac5b7b975d 100644 --- a/kubernetes/common/etcd/templates/pv.yaml +++ b/kubernetes/common/etcd/templates/pv.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- $global := . }} {{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} diff --git a/kubernetes/common/etcd/templates/service.yaml b/kubernetes/common/etcd/templates/service.yaml index 4268dd6d2c..04fc93af00 100644 --- a/kubernetes/common/etcd/templates/service.yaml +++ b/kubernetes/common/etcd/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright 2019 Intel Corporation Inc # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml index fcab51cb59..c45648f757 100644 --- a/kubernetes/common/etcd/templates/statefulset.yaml +++ b/kubernetes/common/etcd/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Intel Corporation Inc # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet metadata: diff --git a/kubernetes/common/mariadb-init/templates/configmap.yaml b/kubernetes/common/mariadb-init/templates/configmap.yaml index 0144ec1907..d021d60b8d 100644 --- a/kubernetes/common/mariadb-init/templates/configmap.yaml +++ b/kubernetes/common/mariadb-init/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Orange # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml index 7de0a9182b..cccb118787 100644 --- a/kubernetes/common/mariadb-init/templates/job.yaml +++ b/kubernetes/common/mariadb-init/templates/job.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Orange # Copyright © 2020 Samsung Electronics # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "mariadbInit._updateSecrets" . -}} diff --git a/kubernetes/common/mariadb-init/templates/secret.yaml b/kubernetes/common/mariadb-init/templates/secret.yaml index 2db326f163..a9d9e0b704 100644 --- a/kubernetes/common/mariadb-init/templates/secret.yaml +++ b/kubernetes/common/mariadb-init/templates/secret.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada, Orange # Copyright © 2020 Samsung Electronics # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "mariadbInit._updateSecrets" . -}} diff --git a/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml b/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml index fbdac61a9e..5ae944a568 100644 --- a/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml +++ b/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml @@ -26,17 +26,6 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - {{ .Chart.Name }} - topologyKey: kubernetes.io/hostname serviceName: {{ include "common.servicename" . }} replicas: {{ .Values.replicaCount }} selector: @@ -133,5 +122,3 @@ spec: requests: storage: {{ .Values.persistence.size | quote }} {{- end }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/common/music/charts/music/templates/configmap.yaml b/kubernetes/common/music/charts/music/templates/configmap.yaml index 4023f343df..d42cf2e7e0 100644 --- a/kubernetes/common/music/charts/music/templates/configmap.yaml +++ b/kubernetes/common/music/charts/music/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017-2020 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/common/music/charts/music/templates/deployment.yaml b/kubernetes/common/music/charts/music/templates/deployment.yaml index 81c3c2049d..63b5ab0974 100644 --- a/kubernetes/common/music/charts/music/templates/deployment.yaml +++ b/kubernetes/common/music/charts/music/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017-2020 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -77,7 +79,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} resources: -{{ toYaml .Values.resources | indent 12 }} +{{ include "common.resources" . | indent 12 }} env: - name: SPRING_OPTS value: "{{ .Values.springOpts }}" diff --git a/kubernetes/common/music/charts/music/templates/secrets.yaml b/kubernetes/common/music/charts/music/templates/secrets.yaml index 5d5f5bb397..15791a85d7 100644 --- a/kubernetes/common/music/charts/music/templates/secrets.yaml +++ b/kubernetes/common/music/charts/music/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 AT&T, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/common/music/charts/music/templates/service.yaml b/kubernetes/common/music/charts/music/templates/service.yaml index ca774c9b5b..3bd32a9419 100644 --- a/kubernetes/common/music/charts/music/templates/service.yaml +++ b/kubernetes/common/music/charts/music/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017-2020 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.service" . }} diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl index 456aa32bc0..9ce9b88644 100644 --- a/kubernetes/common/postgres/templates/_deployment.tpl +++ b/kubernetes/common/postgres/templates/_deployment.tpl @@ -30,7 +30,6 @@ metadata: heritage: {{ $dot.Release.Service }} name: "{{ index $dot.Values "container" "name" $pgMode }}" spec: - serviceName: {{ $dot.Values.service.name }} replicas: 1 selector: matchLabels: diff --git a/kubernetes/common/postgres/templates/configmap.yaml b/kubernetes/common/postgres/templates/configmap.yaml index 26ba390040..e8bfd1194a 100644 --- a/kubernetes/common/postgres/templates/configmap.yaml +++ b/kubernetes/common/postgres/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Amdocs, Bell Canada, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/contrib/components/ejbca/resources/certprofile_CUSTOM_ENDUSER-1834889499.xml b/kubernetes/contrib/components/ejbca/resources/certprofile_CUSTOM_ENDUSER-1834889499.xml new file mode 100644 index 0000000000..e163aed82a --- /dev/null +++ b/kubernetes/contrib/components/ejbca/resources/certprofile_CUSTOM_ENDUSER-1834889499.xml @@ -0,0 +1,595 @@ +<?xml version="1.0" encoding="UTF-8"?> +<java version="1.8.0_242" class="java.beans.XMLDecoder"> + <object class="java.util.LinkedHashMap"> + <void method="put"> + <string>version</string> + <float>46.0</float> + </void> + <void method="put"> + <string>type</string> + <int>1</int> + </void> + <void method="put"> + <string>certversion</string> + <string>X509v3</string> + </void> + <void method="put"> + <string>encodedvalidity</string> + <string>2y</string> + </void> + <void method="put"> + <string>usecertificatevalidityoffset</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>certificatevalidityoffset</string> + <string>-10m</string> + </void> + <void method="put"> + <string>useexpirationrestrictionforweekdays</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>expirationrestrictionforweekdaysbefore</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>expirationrestrictionweekdays</string> + <object class="java.util.ArrayList"> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>true</boolean> + </void> + </object> + </void> + <void method="put"> + <string>allowvalidityoverride</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>allowextensionoverride</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>allowdnoverride</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>allowdnoverridebyeei</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>allowbackdatedrevokation</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecertificatestorage</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>storecertificatedata</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>storesubjectaltname</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>usebasicconstrants</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>basicconstraintscritical</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>usesubjectkeyidentifier</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>subjectkeyidentifiercritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useauthoritykeyidentifier</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>authoritykeyidentifiercritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usesubjectalternativename</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>subjectalternativenamecritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useissueralternativename</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>issueralternativenamecritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecrldistributionpoint</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usedefaultcrldistributionpoint</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>crldistributionpointcritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>crldistributionpointuri</string> + <string></string> + </void> + <void method="put"> + <string>usefreshestcrl</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecadefinedfreshestcrl</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>freshestcrluri</string> + <string></string> + </void> + <void method="put"> + <string>crlissuer</string> + <string></string> + </void> + <void method="put"> + <string>usecertificatepolicies</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>certificatepoliciescritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>certificatepolicies</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>availablekeyalgorithms</string> + <object class="java.util.ArrayList"> + <void method="add"> + <string>DSA</string> + </void> + <void method="add"> + <string>ECDSA</string> + </void> + <void method="add"> + <string>RSA</string> + </void> + </object> + </void> + <void method="put"> + <string>availableeccurves</string> + <object class="java.util.ArrayList"> + <void method="add"> + <string>ANY_EC_CURVE</string> + </void> + </object> + </void> + <void method="put"> + <string>availablebitlengths</string> + <object class="java.util.ArrayList"> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>192</int> + </void> + <void method="add"> + <int>224</int> + </void> + <void method="add"> + <int>239</int> + </void> + <void method="add"> + <int>256</int> + </void> + <void method="add"> + <int>384</int> + </void> + <void method="add"> + <int>512</int> + </void> + <void method="add"> + <int>521</int> + </void> + <void method="add"> + <int>1024</int> + </void> + <void method="add"> + <int>1536</int> + </void> + <void method="add"> + <int>2048</int> + </void> + <void method="add"> + <int>3072</int> + </void> + <void method="add"> + <int>4096</int> + </void> + <void method="add"> + <int>6144</int> + </void> + <void method="add"> + <int>8192</int> + </void> + </object> + </void> + <void method="put"> + <string>minimumavailablebitlength</string> + <int>0</int> + </void> + <void method="put"> + <string>maximumavailablebitlength</string> + <int>8192</int> + </void> + <void method="put"> + <string>signaturealgorithm</string> + <null/> + </void> + <void method="put"> + <string>usekeyusage</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>keyusage</string> + <object class="java.util.ArrayList"> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + </object> + </void> + <void method="put"> + <string>allowkeyusageoverride</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>keyusagecritical</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>useextendedkeyusage</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>extendedkeyusage</string> + <object class="java.util.ArrayList"> + <void method="add"> + <string>1.3.6.1.5.5.7.3.2</string> + </void> + <void method="add"> + <string>1.3.6.1.5.5.7.3.4</string> + </void> + <void method="add"> + <string>1.3.6.1.5.5.7.3.1</string> + </void> + </object> + </void> + <void method="put"> + <string>extendedkeyusagecritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usedocumenttypelist</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>documenttypelistcritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>documenttypelist</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>availablecas</string> + <object class="java.util.ArrayList"> + <void method="add"> + <int>-1</int> + </void> + </object> + </void> + <void method="put"> + <string>usedpublishers</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>useocspnocheck</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useldapdnorder</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>usecustomdnorder</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usemicrosofttemplate</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>microsofttemplate</string> + <string></string> + </void> + <void method="put"> + <string>usecardnumber</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecnpostfix</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>cnpostfix</string> + <string></string> + </void> + <void method="put"> + <string>usesubjectdnsubset</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>subjectdnsubset</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>usesubjectaltnamesubset</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>subjectaltnamesubset</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>usepathlengthconstraint</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>pathlengthconstraint</string> + <int>0</int> + </void> + <void method="put"> + <string>useqcstatement</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usepkixqcsyntaxv2</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useqcstatementcritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useqcstatementraname</string> + <string></string> + </void> + <void method="put"> + <string>useqcsematicsid</string> + <string></string> + </void> + <void method="put"> + <string>useqcetsiqccompliance</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useqcetsisignaturedevice</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useqcetsivaluelimit</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>qcetsivaluelimit</string> + <int>0</int> + </void> + <void method="put"> + <string>qcetsivaluelimitexp</string> + <int>0</int> + </void> + <void method="put"> + <string>qcetsivaluelimitcurrency</string> + <string></string> + </void> + <void method="put"> + <string>useqcetsiretentionperiod</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>qcetsiretentionperiod</string> + <int>0</int> + </void> + <void method="put"> + <string>useqccustomstring</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>qccustomstringoid</string> + <string></string> + </void> + <void method="put"> + <string>qccustomstringtext</string> + <string></string> + </void> + <void method="put"> + <string>qcetsipds</string> + <null/> + </void> + <void method="put"> + <string>qcetsitype</string> + <null/> + </void> + <void method="put"> + <string>usecertificatetransparencyincerts</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecertificatetransparencyinocsp</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecertificatetransparencyinpublisher</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usesubjectdirattributes</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usenameconstraints</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useauthorityinformationaccess</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>caissuers</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>usedefaultcaissuer</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usedefaultocspservicelocator</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>ocspservicelocatoruri</string> + <string></string> + </void> + <void method="put"> + <string>cvcaccessrights</string> + <int>3</int> + </void> + <void method="put"> + <string>usedcertificateextensions</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>approvals</string> + <object class="java.util.LinkedHashMap"> + <void method="put"> + <object class="java.lang.Enum" method="valueOf"> + <class>org.cesecore.certificates.ca.ApprovalRequestType</class> + <string>REVOCATION</string> + </object> + <int>-1</int> + </void> + <void method="put"> + <object class="java.lang.Enum" method="valueOf"> + <class>org.cesecore.certificates.ca.ApprovalRequestType</class> + <string>KEYRECOVER</string> + </object> + <int>-1</int> + </void> + <void method="put"> + <object class="java.lang.Enum" method="valueOf"> + <class>org.cesecore.certificates.ca.ApprovalRequestType</class> + <string>ADDEDITENDENTITY</string> + </object> + <int>-1</int> + </void> + </object> + </void> + <void method="put"> + <string>useprivkeyusageperiodnotbefore</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useprivkeyusageperiod</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useprivkeyusageperiodnotafter</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>privkeyusageperiodstartoffset</string> + <long>0</long> + </void> + <void method="put"> + <string>privkeyusageperiodlength</string> + <long>63072000</long> + </void> + <void method="put"> + <string>usesingleactivecertificateconstraint</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>overridableextensionoids</string> + <object class="java.util.LinkedHashSet"/> + </void> + <void method="put"> + <string>nonoverridableextensionoids</string> + <object class="java.util.LinkedHashSet"/> + </void> + <void method="put"> + <string>allowcertsnoverride</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecustomdnorderldap</string> + <boolean>false</boolean> + </void> + </object> +</java> diff --git a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh index f1bd07e158..ad10240b94 100755 --- a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh +++ b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh @@ -12,6 +12,12 @@ configureEjbca() { ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value ${RA_IAK} ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe + #Custom EJBCA cert profile and endentity are imported to allow issuing certificates with correct extended usage (containing serverAuth) + ejbca.sh ca importprofiles -d /opt/primekey/custom_profiles + #Profile name taken from certprofile filename (certprofile_<profile-name>-<id>.xml) + ejbca.sh config cmp updatealias --alias cmpRA --key ra.certificateprofile --value CUSTOM_ENDUSER + #ID taken from entityprofile filename (entityprofile_<profile-name>-<id>.xml) + ejbca.sh config cmp updatealias --alias cmpRA --key ra.endentityprofileid --value 1356531849 ejbca.sh config cmp dumpalias --alias cmpRA ejbca.sh config cmp addalias --alias cmp ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true diff --git a/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml b/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml new file mode 100644 index 0000000000..652acd5fa7 --- /dev/null +++ b/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml @@ -0,0 +1,936 @@ +<?xml version="1.0" encoding="UTF-8"?> +<java version="1.8.0_242" class="java.beans.XMLDecoder"> + <object class="java.util.LinkedHashMap"> + <void method="put"> + <string>version</string> + <float>14.0</float> + </void> + <void method="put"> + <string>NUMBERARRAY</string> + <object class="java.util.ArrayList"> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>3</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + </object> + </void> + <void method="put"> + <string>SUBJECTDNFIELDORDER</string> + <object class="java.util.ArrayList"> + <void method="add"> + <int>500</int> + </void> + <void method="add"> + <int>1100</int> + </void> + <void method="add"> + <int>1200</int> + </void> + <void method="add"> + <int>1300</int> + </void> + <void method="add"> + <int>1400</int> + </void> + <void method="add"> + <int>1600</int> + </void> + </object> + </void> + <void method="put"> + <string>SUBJECTALTNAMEFIELDORDER</string> + <object class="java.util.ArrayList"> + <void method="add"> + <int>1800</int> + </void> + <void method="add"> + <int>1801</int> + </void> + <void method="add"> + <int>1802</int> + </void> + </object> + </void> + <void method="put"> + <string>SUBJECTDIRATTRFIELDORDER</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <int>0</int> + <string></string> + </void> + <void method="put"> + <int>20000</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10000</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30000</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>1</int> + <string></string> + </void> + <void method="put"> + <int>20001</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10001</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30001</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>95</int> + <string></string> + </void> + <void method="put"> + <int>20095</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10095</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30095</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>96</int> + <string></string> + </void> + <void method="put"> + <int>20096</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10096</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30096</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>5</int> + <string></string> + </void> + <void method="put"> + <int>20005</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10005</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30005</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>26</int> + <string></string> + </void> + <void method="put"> + <int>20026</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10026</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30026</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>29</int> + <string>1834889499</string> + </void> + <void method="put"> + <int>20029</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10029</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30029</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30</int> + <string>1834889499</string> + </void> + <void method="put"> + <int>20030</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10030</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30030</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>31</int> + <string>1</string> + </void> + <void method="put"> + <int>20031</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10031</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30031</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>32</int> + <string>1;2;3;4</string> + </void> + <void method="put"> + <int>20032</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10032</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30032</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>33</int> + <string></string> + </void> + <void method="put"> + <int>20033</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10033</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30033</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>34</int> + <string></string> + </void> + <void method="put"> + <int>20034</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10034</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30034</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>38</int> + <string>1</string> + </void> + <void method="put"> + <int>20038</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10038</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30038</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>37</int> + <string>-477565695</string> + </void> + <void method="put"> + <int>20037</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10037</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30037</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>98</int> + <string></string> + </void> + <void method="put"> + <int>20098</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10098</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30098</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>99</int> + <string></string> + </void> + <void method="put"> + <int>20099</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10099</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30099</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>97</int> + <string></string> + </void> + <void method="put"> + <int>20097</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10097</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30097</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>91</int> + <string>false</string> + </void> + <void method="put"> + <int>20091</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10091</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30091</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>94</int> + <string>-1</string> + </void> + <void method="put"> + <int>20094</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10094</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30094</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>93</int> + <string>-1</string> + </void> + <void method="put"> + <int>20093</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10093</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30093</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>89</int> + <string></string> + </void> + <void method="put"> + <int>20089</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10089</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30089</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>88</int> + <string></string> + </void> + <void method="put"> + <int>20088</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10088</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30088</int> + <boolean>true</boolean> + </void> + <void method="put"> + <string>ALLOW_MERGEDN_WEBSERVICES</string> + <boolean>false</boolean> + </void> + <void method="put"> + <int>2</int> + <string></string> + </void> + <void method="put"> + <int>20002</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10002</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10090</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>90</int> + <string>0</string> + </void> + <void method="put"> + <string>REVERSEFFIELDCHECKS</string> + <boolean>false</boolean> + </void> + <void method="put"> + <int>28</int> + <string>false</string> + </void> + <void method="put"> + <int>20028</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10028</int> + <boolean>false</boolean> + </void> + <void method="put"> + <string>REUSECERTIFICATE</string> + <boolean>false</boolean> + </void> + <void method="put"> + <int>35</int> + <string>false</string> + </void> + <void method="put"> + <int>20035</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10035</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10092</int> + <boolean>false</boolean> + </void> + <void method="put"> + <string>USEEXTENSIONDATA</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>PRINTINGUSE</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>PRINTINGDEFAULT</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>PRINTINGREQUIRED</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>PRINTINGCOPIES</string> + <int>1</int> + </void> + <void method="put"> + <string>PRINTINGPRINTERNAME</string> + <string></string> + </void> + <void method="put"> + <string>PRINTINGSVGDATA</string> + <string></string> + </void> + <void method="put"> + <string>PRINTINGSVGFILENAME</string> + <string></string> + </void> + <void method="put"> + <int>11</int> + <string></string> + </void> + <void method="put"> + <int>20011</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10011</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30011</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>12</int> + <string></string> + </void> + <void method="put"> + <int>20012</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10012</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30012</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>13</int> + <string></string> + </void> + <void method="put"> + <int>20013</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10013</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30013</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>14</int> + <string></string> + </void> + <void method="put"> + <int>20014</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10014</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30014</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>16</int> + <string></string> + </void> + <void method="put"> + <int>20016</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10016</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30016</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>18</int> + <string></string> + </void> + <void method="put"> + <int>20018</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10018</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30018</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>118</int> + <string></string> + </void> + <void method="put"> + <int>20118</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10118</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30118</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>218</int> + <string></string> + </void> + <void method="put"> + <int>20218</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10218</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30218</int> + <boolean>true</boolean> + </void> + </object> +</java> diff --git a/kubernetes/contrib/components/ejbca/templates/configmap.yaml b/kubernetes/contrib/components/ejbca/templates/configmap.yaml index d336bc9a94..d61af076a0 100644 --- a/kubernetes/contrib/components/ejbca/templates/configmap.yaml +++ b/kubernetes/contrib/components/ejbca/templates/configmap.yaml @@ -18,3 +18,11 @@ metadata: name: "{{ include "common.fullname" . }}-config-script" data: {{ tpl (.Files.Glob "resources/ejbca-config.sh").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ include "common.fullname" . }}-profiles" +data: +{{ tpl (.Files.Glob "resources/certprofile_CUSTOM_ENDUSER-1834889499.xml").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/entityprofile_Custom_EndEntity-1356531849.xml").AsConfig . | indent 2 }} diff --git a/kubernetes/contrib/components/ejbca/templates/deployment.yaml b/kubernetes/contrib/components/ejbca/templates/deployment.yaml index 1b1843476d..495b816bc5 100644 --- a/kubernetes/contrib/components/ejbca/templates/deployment.yaml +++ b/kubernetes/contrib/components/ejbca/templates/deployment.yaml @@ -51,6 +51,8 @@ spec: volumeMounts: - name: "{{ include "common.fullname" . }}-volume" mountPath: /opt/primekey/scripts/ + - name: "{{ include "common.fullname" . }}-profiles-volume" + mountPath: /opt/primekey/custom_profiles/ ports: {{ include "common.containerPorts" . | nindent 10 }} env: - name: INITIAL_ADMIN @@ -90,3 +92,7 @@ spec: name: "{{ include "common.fullname" . }}-config-script" defaultMode: 0755 name: "{{ include "common.fullname" . }}-volume" + - configMap: + name: "{{ include "common.fullname" . }}-profiles" + defaultMode: 0755 + name: "{{ include "common.fullname" . }}-profiles-volume" diff --git a/kubernetes/multicloud/charts/multicloud-k8s/values.yaml b/kubernetes/multicloud/charts/multicloud-k8s/values.yaml index 2cdbba77c0..b9fa617d94 100644 --- a/kubernetes/multicloud/charts/multicloud-k8s/values.yaml +++ b/kubernetes/multicloud/charts/multicloud-k8s/values.yaml @@ -73,6 +73,23 @@ mongo: mountSubPath: multicloud-k8s/mongo/data enabled: true disableNfsProvisioner: true + flavor: &storage_flavor large + resources: &storage_resources + small: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 10m + memory: 75Mi + large: + limits: + cpu: 200m + memory: 1Gi + requests: + cpu: 50m + memory: 300Mi + unlimited: {} #etcd chart overrides for k8splugin etcd: @@ -82,6 +99,8 @@ etcd: persistence: mountSubPath: multicloud-k8s/etcd/data enabled: true + flavor: *storage_flavor + resources: *storage_resources # No persistence right now as we rely on Mongo to handle that persistence: diff --git a/kubernetes/multicloud/values.yaml b/kubernetes/multicloud/values.yaml index d075291db2..0ff561c800 100644 --- a/kubernetes/multicloud/values.yaml +++ b/kubernetes/multicloud/values.yaml @@ -20,7 +20,7 @@ global: nodePortPrefix: 302 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 - artifactImage: onap/multicloud/framework-artifactbroker:1.5.1 + artifactImage: onap/multicloud/framework-artifactbroker:1.6.0 prometheus: enabled: false persistence: {} @@ -30,7 +30,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/multicloud/framework:1.5.1 +image: onap/multicloud/framework:1.6.0 pullPolicy: Always #Istio sidecar injection policy |