aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--kubernetes/common/common/templates/_secret.tpl (renamed from kubernetes/common/common/templates/_secret.yaml)209
-rw-r--r--kubernetes/common/common/templates/_serviceMesh.tpl2
-rw-r--r--kubernetes/common/dgbuilder/templates/configmap.yaml2
-rw-r--r--kubernetes/common/dgbuilder/templates/deployment.yaml22
-rw-r--r--kubernetes/common/dgbuilder/templates/secrets.yaml4
-rw-r--r--kubernetes/common/dgbuilder/templates/service.yaml2
-rw-r--r--kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml4
-rw-r--r--kubernetes/common/mariadb-galera/templates/configmap.yaml2
-rw-r--r--kubernetes/common/mariadb-galera/templates/pv.yaml1
-rw-r--r--kubernetes/common/mariadb-galera/templates/secrets.yaml5
-rw-r--r--kubernetes/common/mariadb-galera/templates/service.yaml2
-rw-r--r--kubernetes/common/mariadb-galera/templates/statefulset.yaml8
-rw-r--r--kubernetes/common/network-name-gen/templates/deployment.yaml6
-rw-r--r--kubernetes/common/network-name-gen/templates/secrets.yaml4
-rw-r--r--kubernetes/common/network-name-gen/templates/service.yaml3
-rw-r--r--kubernetes/common/postgres/templates/_deployment.tpl16
-rw-r--r--kubernetes/common/postgres/templates/secrets.yaml2
-rw-r--r--kubernetes/contrib/ingress-nginx-post-inst/nginx_ingress_cluster_config.yaml2
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml6
-rw-r--r--kubernetes/dcaegen2/components/dcae-dashboard/values.yaml2
-rw-r--r--kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml14
-rw-r--r--kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml6
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml2
-rw-r--r--kubernetes/portal/charts/portal-app/templates/service.yaml12
m---------kubernetes/robot0
-rwxr-xr-xkubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml8
-rw-r--r--kubernetes/so/charts/so-bpmn-infra/templates/secret.yaml2
-rwxr-xr-xkubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml8
-rw-r--r--kubernetes/so/charts/so-catalog-db-adapter/templates/secret.yaml2
-rw-r--r--kubernetes/so/charts/so-mariadb/templates/job.yaml6
-rw-r--r--kubernetes/so/charts/so-mariadb/templates/secrets.yaml2
-rw-r--r--kubernetes/so/charts/so-monitoring/templates/deployment.yaml22
-rw-r--r--kubernetes/so/charts/so-monitoring/templates/secret.yaml15
-rw-r--r--kubernetes/so/charts/so-monitoring/values.yaml27
-rwxr-xr-xkubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml20
-rw-r--r--kubernetes/so/charts/so-openstack-adapter/templates/secret.yaml15
-rwxr-xr-xkubernetes/so/charts/so-openstack-adapter/values.yaml25
-rwxr-xr-xkubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml20
-rw-r--r--kubernetes/so/charts/so-request-db-adapter/templates/secret.yaml15
-rwxr-xr-xkubernetes/so/charts/so-request-db-adapter/values.yaml25
-rwxr-xr-xkubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml20
-rw-r--r--kubernetes/so/charts/so-vfc-adapter/templates/secret.yaml15
-rwxr-xr-xkubernetes/so/charts/so-vfc-adapter/values.yaml25
43 files changed, 479 insertions, 131 deletions
diff --git a/kubernetes/common/common/templates/_secret.yaml b/kubernetes/common/common/templates/_secret.tpl
index 9f41906c9e..a89ab6dfc7 100644
--- a/kubernetes/common/common/templates/_secret.yaml
+++ b/kubernetes/common/common/templates/_secret.tpl
@@ -78,6 +78,38 @@ type: Opaque
{{- end }}
{{- end -}}
+{{/*
+ For internal use only!
+
+ Pick a value based on "user input" and generation policy.
+
+ The template takes below arguments:
+ - .global: environment (.)
+ - .secretName: name of the secret where the value will be placed
+ - .secretEnv: map of values which configures this secret. This can contain below keys:
+ - value: Value of secret key provided by user (can be a template inside a string)
+ - policy: What to do if value is missing or empty. Possible options are:
+ - generate: Generate a new password deriving it from master password
+ - required: Fail the deployment if value has not been provided
+ Defaults to generate.
+ - name: Name of the key to which this value should be assigned
+*/}}
+{{- define "common.secret._valueFast" -}}
+ {{- $global := .global }}
+ {{- $name := .secretName }}
+ {{- $secretEnv := .secretEnv }}
+ {{- $value := $secretEnv.value }}
+ {{- $policy := default "generate" $secretEnv.policy }}
+
+ {{- if $value }}
+ {{- $value | quote }}
+ {{- else if eq $policy "generate" }}
+ {{- include "common.createPassword" (dict "dot" $global "uid" $name) | quote }}
+ {{- else }}
+ {{- fail (printf "Value for %s secret %s key not provided" $name $secretEnv.name) }}
+ {{- end }}
+{{- end -}}
+
{{/*
Generate a secret name based on provided name or UID.
@@ -100,6 +132,14 @@ type: Opaque
{{- default (printf "%s-%s" $fullname $uid) $name }}
{{- end -}}
+{{- define "common.secret.genNameFast" -}}
+ {{- $global := .global }}
+ {{- $uid := (default "" .uid) }}
+ {{- $name := (default "" .name) }}
+ {{- $fullname := ne (default "" .chartName) "" | ternary (include "common.fullnameExplicit" (dict "dot" $global "chartName" .chartName)) (include "common.fullname" $global) }}
+ {{- default (printf "%s-%s" $fullname $uid) $name }}
+{{- end -}}
+
{{/*
Get the real secret name by UID or name, based on the configuration provided by user.
User may decide to not create a new secret but reuse existing one for this deployment
@@ -122,8 +162,8 @@ type: Opaque
{{- $uid := tpl (default "" .uid) $global }}
{{- $targetName := default (include "common.secret.genName" (dict "global" $global "uid" $uid "name" .name)) $name}}
{{- range $secret := $global.Values.secrets }}
- {{- $givenName := tpl (default "" $secret.name) $global }}
{{- $currUID := tpl (default "" $secret.uid) $global }}
+ {{- $givenName := tpl (default "" $secret.name) $global }}
{{- $currName := default (include "common.secret.genName" (dict "global" $global "uid" $currUID "name" $secret.name)) $givenName }}
{{- if or (eq $uid $currUID) (eq $currName $targetName) }}
{{- $externalSecret := tpl (default "" $secret.externalSecret) $global }}
@@ -132,6 +172,37 @@ type: Opaque
{{- end }}
{{- end -}}
+{{- define "common.secret.getSecretNameFast" -}}
+ {{- $global := .global }}
+ {{- include "common.secret.buildCache" $global }}
+ {{- $secretsCache := $global.Values._secretsCache }}
+ {{- $uid := tpl .uid $global }}
+ {{- $secret := index $secretsCache $uid }}
+ {{- $secret.realName }}
+{{- end -}}
+
+{{- define "common.secret.buildCache" -}}
+ {{- $global := . }}
+ {{- if not $global.Values._secretsCache }}
+ {{- $secretCache := dict }}
+ {{- range $secret := .Values.secrets }}
+ {{- $entry := dict }}
+ {{- $uid := tpl (default "" $secret.uid) $global }}
+ {{- $keys := keys $secret }}
+ {{- range $key := (without $keys "annotations" )}}
+ {{- $_ := set $entry $key (tpl (index $secret $key) $global) }}
+ {{- end }}
+ {{- if $secret.annotations }}
+ {{- $_ := set $entry "annotations" $secret.annotations }}
+ {{- end }}
+ {{- $realName := default (include "common.secret.genNameFast" (dict "global" $global "uid" $uid "name" $entry.name) ) $entry.externalSecret }}
+ {{- $_ := set $entry "realName" $realName }}
+ {{- $_ := set $secretCache $uid $entry }}
+ {{- end }}
+ {{- $_ := set $global.Values "_secretsCache" $secretCache }}
+ {{- end }}
+{{- end -}}
+
{{/*
Convenience template which can be used to easily set the value of environment variable
to the value of a key in a secret.
@@ -159,6 +230,14 @@ valueFrom:
key: {{ $key }}
{{- end -}}
+{{- define "common.secret.envFromSecretFast" -}}
+ {{- $key := .key }}
+valueFrom:
+ secretKeyRef:
+ name: {{ include "common.secret.getSecretNameFast" . }}
+ key: {{ $key }}
+{{- end -}}
+
{{/*
Define secrets to be used by chart.
Every secret has a type which is one of:
@@ -285,3 +364,131 @@ stringData:
{{- end }}
{{- end }}
{{- end -}}
+
+{{/*
+ Define secrets to be used by chart.
+ Every secret has a type which is one of:
+ - generic:
+ Generic secret template that allows to input some raw data (from files).
+ File Input can be passed as list of files (filePaths) or as a single string
+ (filePath)
+ - genericKV:
+ Type of secret which allows you to define a list of key value pairs.
+ The list is assiged to envs value. Every item may define below items:
+ - name:
+ Identifier of this value within secret
+ - value:
+ String that defines a value associated with given key.
+ This can be a simple string or a template.
+ - policy:
+ Defines what to do if value is not provided by the user.
+ Available options are:
+ - generate:
+ Generate a value by derriving it from master password
+ - required:
+ Fail the deployment
+ - password:
+ Type of secret that holds only the password.
+ Only two items can be defined for this type:
+ - password:
+ Equivalent of value field from genericKV
+ - policy:
+ The same meaning as for genericKV policy field
+ - basicAuth:
+ Type of secret that holds both username and password.
+ Below fields are available:
+ - login:
+ The value for login key.
+ This can be a simple string or a template.
+ Providing a value for login is always required.
+ - password:
+ The value for password key.
+ This can be a simple string or a template.
+ - passwordPolicy:
+ The same meaning as the policy field in genericKV.
+ Only the policy for password can be set.
+
+ Every secret can be identified using:
+ - uid:
+ A string to be appended to the chart fullname to generate a secret name.
+ - name:
+ Overrides default secret name generation and allows to set immutable
+ and globaly unique name
+ - annotations:
+ List of annotations to be used while defining a secret
+
+ To allow sharing a secret between the components and allow to pre-deploy secrets
+ before ONAP deployment it is possible to use already existing secret instead of
+ creating a new one. For this purpose externalSecret field can be used. If value of
+ this field is evaluated to true no new secret is created, only the name of the
+ secret is aliased to the external one.
+
+ Example usage:
+ secrets.yaml:
+ {{ include "common.secretFast" . }}
+
+ values.yaml:
+ mysqlLogin: "root"
+
+ mysqlExternalSecret: "some-other-secret-name"
+
+ secrets:
+ - uid: "mysql"
+ externalSecret: '{{ tpl .Values.passExternalSecret . }}'
+ type: basicAuth
+ login: '{{ .Values.mysqlLogin }}'
+ mysqlPassword: '{{ .Values.mysqlPassword }}'
+ passwordPolicy: generate
+
+ In the above example new secret is not going to be created.
+ Already existing one (some-other-secret-name) is going to be used.
+ To force creating a new one, just make sure that mysqlExternalSecret
+ is not set.
+
+*/}}
+{{- define "common.secretFast" -}}
+ {{- $global := . }}
+ {{- include "common.secret.buildCache" $global }}
+ {{- range $secret := .Values._secretsCache }}
+ {{- $uid := $secret.uid }}
+ {{- $externalSecret := $secret.externalSecret }}
+ {{- if not $externalSecret }}
+ {{- $name := $secret.realName }}
+ {{- $annotations := default "" $secret.annotations }}
+ {{- $type := default "generic" $secret.type }}
+---
+ {{ include "common.secret._header" (dict "global" $global "name" $name "annotations" $annotations) }}
+
+ {{- if eq $type "generic" }}
+data:
+ {{- range $curFilePath := $secret.filePaths }}
+ {{ tpl ($global.Files.Glob $curFilePath).AsSecrets $global | indent 2 }}
+ {{- end }}
+ {{- if $secret.filePath }}
+ {{ tpl ($global.Files.Glob $secret.filePath).AsSecrets $global | indent 2 }}
+ {{- end }}
+ {{- else if eq $type "genericKV" }}
+stringData:
+ {{- if $secret.envs }}
+ {{- range $secretEnv := $secret.envs }}
+ {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }}
+ {{ $secretEnv.name }}: {{ include "common.secret._valueFast" $valueDesc }}
+ {{- end }}
+ {{- end }}
+ {{- else if eq $type "password" }}
+ {{- $secretEnv := (dict "policy" (default "generate" $secret.policy) "name" "password" "value" $secret.password) }}
+ {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }}
+stringData:
+ password: {{ include "common.secret._valueFast" $valueDesc }}
+ {{- else if eq $type "basicAuth" }}
+stringData:
+ {{- $secretEnv := (dict "policy" "required" "name" "login" "value" $secret.login) }}
+ {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }}
+ login: {{ include "common.secret._valueFast" $valueDesc }}
+ {{- $secretEnv := (dict "policy" (default "generate" $secret.passwordPolicy) "name" "password" "value" $secret.password) }}
+ {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }}
+ password: {{ include "common.secret._valueFast" $valueDesc }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+{{- end -}}
diff --git a/kubernetes/common/common/templates/_serviceMesh.tpl b/kubernetes/common/common/templates/_serviceMesh.tpl
index 6b6a26fc45..4457762754 100644
--- a/kubernetes/common/common/templates/_serviceMesh.tpl
+++ b/kubernetes/common/common/templates/_serviceMesh.tpl
@@ -1,4 +1,4 @@
-{/*
+{{/*
# Copyright © 2020 Amdocs, Bell Canada, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
diff --git a/kubernetes/common/dgbuilder/templates/configmap.yaml b/kubernetes/common/dgbuilder/templates/configmap.yaml
index 828818c68d..05699e6107 100644
--- a/kubernetes/common/dgbuilder/templates/configmap.yaml
+++ b/kubernetes/common/dgbuilder/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml
index b3f0ab05a3..e1fac77a97 100644
--- a/kubernetes/common/dgbuilder/templates/deployment.yaml
+++ b/kubernetes/common/dgbuilder/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: extensions/v1beta1
kind: Deployment
@@ -38,25 +40,25 @@ spec:
- "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- name: DB_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: HTTP_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "http-user-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "http-user-creds" "key" "login") | indent 10 }}
- name: HTTP_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "http-user-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "http-user-creds" "key" "password") | indent 10 }}
- name: HTTP_ADMIN_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "admin-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "admin-creds" "key" "login") | indent 10 }}
- name: HTTP_ADMIN_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "admin-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "admin-creds" "key" "password") | indent 10 }}
- name: HTTP_NODE_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "node-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "node-creds" "key" "login") | indent 10 }}
- name: HTTP_NODE_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "node-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "node-creds" "key" "password") | indent 10 }}
- name: REST_CONF_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }}
- name: REST_CONF_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input
name: config-input
diff --git a/kubernetes/common/dgbuilder/templates/secrets.yaml b/kubernetes/common/dgbuilder/templates/secrets.yaml
index c9a409fdca..4b4849980c 100644
--- a/kubernetes/common/dgbuilder/templates/secrets.yaml
+++ b/kubernetes/common/dgbuilder/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada
# Copyright © 2020 Samsung Electronics
#
@@ -12,5 +13,6 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/common/dgbuilder/templates/service.yaml b/kubernetes/common/dgbuilder/templates/service.yaml
index 7a8f752a2d..bfe8b0aeb5 100644
--- a/kubernetes/common/dgbuilder/templates/service.yaml
+++ b/kubernetes/common/dgbuilder/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
diff --git a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml
index c9e2ffe85c..29d96748a3 100644
--- a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml
+++ b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml
@@ -86,7 +86,7 @@ spec:
echo "Backup Successful!!!"
env:
- name: DB_PASS
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}}
volumeMounts:
- name: backup-dir
mountPath: /backup
@@ -96,7 +96,7 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}}
command:
- /bin/bash
- -c
diff --git a/kubernetes/common/mariadb-galera/templates/configmap.yaml b/kubernetes/common/mariadb-galera/templates/configmap.yaml
index f143c3b679..e7bb701930 100644
--- a/kubernetes/common/mariadb-galera/templates/configmap.yaml
+++ b/kubernetes/common/mariadb-galera/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
# Copyright © 2018 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if .Values.externalConfig }}
apiVersion: v1
diff --git a/kubernetes/common/mariadb-galera/templates/pv.yaml b/kubernetes/common/mariadb-galera/templates/pv.yaml
index 6e53a9543d..579b3475d1 100644
--- a/kubernetes/common/mariadb-galera/templates/pv.yaml
+++ b/kubernetes/common/mariadb-galera/templates/pv.yaml
@@ -13,6 +13,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
+
{{- $global := . }}
{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
{{- if eq "True" (include "common.needPV" .) -}}
diff --git a/kubernetes/common/mariadb-galera/templates/secrets.yaml b/kubernetes/common/mariadb-galera/templates/secrets.yaml
index 3f8eb0b6de..27c9a3aaee 100644
--- a/kubernetes/common/mariadb-galera/templates/secrets.yaml
+++ b/kubernetes/common/mariadb-galera/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
# Copyright © 2018 Amdocs, Bell Canada
# Copyright © 2019 Samsung Electronics
#
@@ -12,4 +13,6 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/common/mariadb-galera/templates/service.yaml b/kubernetes/common/mariadb-galera/templates/service.yaml
index 71d1b0fe80..69d8999f67 100644
--- a/kubernetes/common/mariadb-galera/templates/service.yaml
+++ b/kubernetes/common/mariadb-galera/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
# Copyright © 2018 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml
index a6260fae54..7157e3390b 100644
--- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml
+++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml
@@ -1,3 +1,4 @@
+{{/*
# Copyright © 2019 Amdocs, Bell Canada, Orange, Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1beta1
kind: StatefulSet
@@ -61,13 +63,13 @@ spec:
apiVersion: v1
fieldPath: metadata.namespace
- name: MYSQL_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "login") | indent 14}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "login") | indent 14}}
- name: MYSQL_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "password") | indent 14}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "password") | indent 14}}
- name: MYSQL_DATABASE
value: {{ default "" .Values.config.mysqlDatabase | quote }}
- name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}}
ports:
- containerPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
diff --git a/kubernetes/common/network-name-gen/templates/deployment.yaml b/kubernetes/common/network-name-gen/templates/deployment.yaml
index a6d18e7a59..3e9e849052 100644
--- a/kubernetes/common/network-name-gen/templates/deployment.yaml
+++ b/kubernetes/common/network-name-gen/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{/*
# Copyright (C) 2018 AT&T Intellectual Property.
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: extensions/v1beta1
kind: Deployment
@@ -61,9 +63,9 @@ spec:
- name: SPRING_PROFILE
value: "{{ .Values.config.springProfile }}"
- name: NENG_DB_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "neng-db-secret" "key" "login") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-db-secret" "key" "login") | indent 10}}
- name: NENG_DB_PASS
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "neng-db-secret" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-db-secret" "key" "password") | indent 10}}
- name: NENG_DB_URL
value: jdbc:mysql://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "config" "mysqlDatabase" }}
- name: POL_CLIENT_AUTH
diff --git a/kubernetes/common/network-name-gen/templates/secrets.yaml b/kubernetes/common/network-name-gen/templates/secrets.yaml
index d5bdce3e04..61b83d7a9b 100644
--- a/kubernetes/common/network-name-gen/templates/secrets.yaml
+++ b/kubernetes/common/network-name-gen/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{/*
# Copyright (c) 2018 Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,8 +12,9 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
---
apiVersion: v1
data:
diff --git a/kubernetes/common/network-name-gen/templates/service.yaml b/kubernetes/common/network-name-gen/templates/service.yaml
index a4c5b05012..753448c5b7 100644
--- a/kubernetes/common/network-name-gen/templates/service.yaml
+++ b/kubernetes/common/network-name-gen/templates/service.yaml
@@ -1,3 +1,4 @@
+{{/*
# Copyright (C) 2018 AT&T Intellectual Property.
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,8 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
+
apiVersion: v1
kind: Service
metadata:
diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl
index 361e64847e..e3ac66933f 100644
--- a/kubernetes/common/postgres/templates/_deployment.tpl
+++ b/kubernetes/common/postgres/templates/_deployment.tpl
@@ -49,15 +49,15 @@ spec:
- name: PG_PRIMARY_USER
value: primaryuser
- name: PG_PRIMARY_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }}
- name: PG_USER
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }}
- name: PG_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }}
- name: PG_DATABASE
value: "{{ $dot.Values.config.pgDatabase }}"
- name: PG_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input/setup.sql
name: config
@@ -116,15 +116,15 @@ spec:
- name: PG_PRIMARY_PORT
value: "{{ $dot.Values.service.internalPort }}"
- name: PG_PRIMARY_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }}
- name: PG_USER
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }}
- name: PG_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }}
- name: PG_DATABASE
value: "{{ $dot.Values.config.pgDatabase }}"
- name: PG_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
volumeMounts:
- name: config
mountPath: /pgconf/pool_hba.conf
diff --git a/kubernetes/common/postgres/templates/secrets.yaml b/kubernetes/common/postgres/templates/secrets.yaml
index 4c68015528..c4cde05216 100644
--- a/kubernetes/common/postgres/templates/secrets.yaml
+++ b/kubernetes/common/postgres/templates/secrets.yaml
@@ -13,4 +13,4 @@
# # See the License for the specific language governing permissions and
# # limitations under the License.
*/}}
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/contrib/ingress-nginx-post-inst/nginx_ingress_cluster_config.yaml b/kubernetes/contrib/ingress-nginx-post-inst/nginx_ingress_cluster_config.yaml
index af0f59b768..19f514f55d 100644
--- a/kubernetes/contrib/ingress-nginx-post-inst/nginx_ingress_cluster_config.yaml
+++ b/kubernetes/contrib/ingress-nginx-post-inst/nginx_ingress_cluster_config.yaml
@@ -11,7 +11,7 @@ metadata:
kind: ConfigMap
apiVersion: v1
data:
- enable-underscores-in-headers: "on"
+ enable-underscores-in-headers: "true"
metadata:
name: nginx-configuration
namespace: ingress-nginx
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
index 872d01d6ae..a4200c3fd1 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
@@ -109,7 +109,7 @@ mongo:
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.0
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.2
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
@@ -119,9 +119,9 @@ componentImages:
holmes_engine: onap/holmes/engine-management:1.2.6
tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.2.2
tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.0
- ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.5.3
+ ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.5.4
snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
- prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.0
+ prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.2
hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.4.0
# Resource Limit flavor -By Default using small
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
index 9d38659f61..fd7069450e 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
@@ -44,7 +44,7 @@ config:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.3.1
+image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.3.2
pullPolicy: Always
# probe configuration parameters
diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml
index 0043e8a95d..8b885895e0 100644
--- a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml
@@ -49,7 +49,19 @@ spec:
{{- include "common.secret.envFromSecret" (dict "global" . "uid" "dashsecret" "key" "login") | indent 14 }}
- name: DASHBOARD_PASSWORD
{{- include "common.secret.envFromSecret" (dict "global" . "uid" "dashsecret" "key" "password") | indent 14 }}
- - name: ONAPDUBLIN_TOPICURL
+ - name: ONAP_TOPICURL
value: {{ .Values.config.mrTopicURL }}
+ - name: ONAP_IMPORT_CLOUDIFYPLUGIN
+ value: {{ .Values.config.importCloudify }}
+ - name: ONAP_IMPORT_K8SPLUGIN
+ value: {{ .Values.config.importK8S }}
+ - name: ONAP_IMPORT_POLICYPLUGIN
+ value: {{ .Values.config.importPolicy }}
+ - name: ONAP_INPORT_POSTGRESPLUGIN
+ value: {{ .Values.config.importPostgres }}
+ - name: ONAP_IMPORT_CLAMPPLUGIN
+ value: {{ .Values.config.importClamp }}
+ - name: ONAP_IMPORT_DMAAPPLUGIN
+ value: {{ .Values.config.importDMaaP }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
index f21b7f9cb5..592def272f 100644
--- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
@@ -34,6 +34,12 @@ config:
dashboardUser: nobody
#dashboardPassword: doesntmatter
mrTopicURL: http://message-router:3904/events
+ importCloudify: https://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml
+ importK8S: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/k8splugin/1.7.2/k8splugin_types.yaml
+ importPolicy: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/dcaepolicyplugin/2.4.0/dcaepolicyplugin_types.yaml
+ importPostgres: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.ccsdk.platform.plugins/type_files/pgaas/1.1.0/pgaas_types.yaml
+ importClamp: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/clamppolicyplugin/1.1.0/clamppolicyplugin_types.yaml
+ importDMaaP: https://nexus.onap.org/content/repositories/raw/org.onap.ccsdk.platform.plugins/type_files/dmaap/dmaap.yaml
secrets:
- uid: "dashsecret"
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml
index 3f2d39e0d1..c7ecb07452 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml
@@ -21,7 +21,7 @@
---
{{- $global := . }}
{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
-{{- if eq "True" (include "common.needPV" .) -}}
+{{- if (include "common.needPV" .) -}}
{{- range $i := until (int $global.Values.replicaCount)}}
kind: PersistentVolume
apiVersion: v1
diff --git a/kubernetes/portal/charts/portal-app/templates/service.yaml b/kubernetes/portal/charts/portal-app/templates/service.yaml
index 1d78c14888..dd207ea0e6 100644
--- a/kubernetes/portal/charts/portal-app/templates/service.yaml
+++ b/kubernetes/portal/charts/portal-app/templates/service.yaml
@@ -37,18 +37,6 @@ spec:
type: {{ .Values.service.type }}
ports:
{{ if or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer") -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}2
- - port: {{ .Values.service.externalPort3 }}
- targetPort: {{ .Values.service.internalPort3 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
- name: {{ .Values.service.portName }}3
- port: {{ .Values.service.externalPort4 }}
targetPort: {{ .Values.service.internalPort4 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
diff --git a/kubernetes/robot b/kubernetes/robot
-Subproject 7a19b2ef27679a176d279345693c46c99aa1371
+Subproject ac2783f70a211de9642de744a0a1d3c3dbe920c
diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml b/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml
index 40b19871da..6a74c0bd24 100755
--- a/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml
@@ -66,13 +66,13 @@ spec:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
{{- if eq .Values.global.security.aaf.enabled true }}
- name: TRUSTSTORE
value: /app/org.onap.so.trust.jks
diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/secret.yaml b/kubernetes/so/charts/so-bpmn-infra/templates/secret.yaml
index dee311c336..bd7eb8ea40 100644
--- a/kubernetes/so/charts/so-bpmn-infra/templates/secret.yaml
+++ b/kubernetes/so/charts/so-bpmn-infra/templates/secret.yaml
@@ -12,4 +12,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml
index 63a10b0d83..d8b50adf7c 100755
--- a/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml
@@ -66,13 +66,13 @@ spec:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
{{- if eq .Values.global.security.aaf.enabled true }}
- name: TRUSTSTORE
value: /app/org.onap.so.trust.jks
diff --git a/kubernetes/so/charts/so-catalog-db-adapter/templates/secret.yaml b/kubernetes/so/charts/so-catalog-db-adapter/templates/secret.yaml
index dee311c336..bd7eb8ea40 100644
--- a/kubernetes/so/charts/so-catalog-db-adapter/templates/secret.yaml
+++ b/kubernetes/so/charts/so-catalog-db-adapter/templates/secret.yaml
@@ -12,4 +12,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-mariadb/templates/job.yaml b/kubernetes/so/charts/so-mariadb/templates/job.yaml
index c3002093eb..31868bd8af 100644
--- a/kubernetes/so/charts/so-mariadb/templates/job.yaml
+++ b/kubernetes/so/charts/so-mariadb/templates/job.yaml
@@ -43,11 +43,11 @@ spec:
- name: DB_HOST
value: {{ .Values.global.migration.dbHost }}
- name: DB_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-backup-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-backup-creds" "key" "login") | indent 10 }}
- name: DB_PORT
value: "{{ .Values.global.migration.dbPort }}"
- name: DB_PASS
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-backup-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-backup-creds" "key" "password") | indent 10 }}
command:
- /bin/bash
- -c
@@ -135,7 +135,7 @@ spec:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
diff --git a/kubernetes/so/charts/so-mariadb/templates/secrets.yaml b/kubernetes/so/charts/so-mariadb/templates/secrets.yaml
index 746fe61ccc..7c7d4f9fe5 100644
--- a/kubernetes/so/charts/so-mariadb/templates/secrets.yaml
+++ b/kubernetes/so/charts/so-mariadb/templates/secrets.yaml
@@ -13,4 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-monitoring/templates/deployment.yaml b/kubernetes/so/charts/so-monitoring/templates/deployment.yaml
index 9afcddde36..93b0efb801 100644
--- a/kubernetes/so/charts/so-monitoring/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-monitoring/templates/deployment.yaml
@@ -65,25 +65,13 @@ spec:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
@@ -119,5 +107,3 @@ spec:
name: {{ include "common.fullname" . }}-app-configmap
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
-
-
diff --git a/kubernetes/so/charts/so-monitoring/templates/secret.yaml b/kubernetes/so/charts/so-monitoring/templates/secret.yaml
new file mode 100644
index 0000000000..bd7eb8ea40
--- /dev/null
+++ b/kubernetes/so/charts/so-monitoring/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-monitoring/values.yaml b/kubernetes/so/charts/so-monitoring/values.yaml
index ae3f385c83..d3904234e2 100644
--- a/kubernetes/so/charts/so-monitoring/values.yaml
+++ b/kubernetes/so/charts/so-monitoring/values.yaml
@@ -29,12 +29,37 @@ global:
mountPath: /dockerdata-nfs
#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.db.userCredsExternalSecret }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.db.adminCredsExternalSecret }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+
+#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
image: onap/so/so-monitoring:1.5.3
pullPolicy: Always
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
replicaCount: 1
minReadySeconds: 10
containerPort: 9091
@@ -91,4 +116,4 @@ ingress:
ssl: "none"
nodeSelector: {}
tolerations: []
-affinity: {} \ No newline at end of file
+affinity: {}
diff --git a/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml
index c0ac078039..ca6be72273 100755
--- a/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml
@@ -66,25 +66,13 @@ spec:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
{{- if eq .Values.global.security.aaf.enabled true }}
- name: TRUSTSTORE
value: /app/org.onap.so.trust.jks
diff --git a/kubernetes/so/charts/so-openstack-adapter/templates/secret.yaml b/kubernetes/so/charts/so-openstack-adapter/templates/secret.yaml
new file mode 100644
index 0000000000..bd7eb8ea40
--- /dev/null
+++ b/kubernetes/so/charts/so-openstack-adapter/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-openstack-adapter/values.yaml b/kubernetes/so/charts/so-openstack-adapter/values.yaml
index 8dc7e830d2..13556c6ee4 100755
--- a/kubernetes/so/charts/so-openstack-adapter/values.yaml
+++ b/kubernetes/so/charts/so-openstack-adapter/values.yaml
@@ -24,12 +24,37 @@ global:
mountPath: /dockerdata-nfs
#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.db.userCredsExternalSecret }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.db.adminCredsExternalSecret }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+
+#################################################################
# Application configuration defaults.
#################################################################
image: onap/so/openstack-adapter:1.5.3
pullPolicy: Always
repository: nexus3.onap.org:10001
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
replicaCount: 1
minReadySeconds: 10
containerPort: 8087
diff --git a/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml
index 91e9be6376..d8b50adf7c 100755
--- a/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml
@@ -66,25 +66,13 @@ spec:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
{{- if eq .Values.global.security.aaf.enabled true }}
- name: TRUSTSTORE
value: /app/org.onap.so.trust.jks
diff --git a/kubernetes/so/charts/so-request-db-adapter/templates/secret.yaml b/kubernetes/so/charts/so-request-db-adapter/templates/secret.yaml
new file mode 100644
index 0000000000..bd7eb8ea40
--- /dev/null
+++ b/kubernetes/so/charts/so-request-db-adapter/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-request-db-adapter/values.yaml b/kubernetes/so/charts/so-request-db-adapter/values.yaml
index 58e6412847..f15b7c27c6 100755
--- a/kubernetes/so/charts/so-request-db-adapter/values.yaml
+++ b/kubernetes/so/charts/so-request-db-adapter/values.yaml
@@ -24,12 +24,37 @@ global:
mountPath: /dockerdata-nfs
#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.db.userCredsExternalSecret }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.db.adminCredsExternalSecret }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+
+#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
image: onap/so/request-db-adapter:1.5.3
pullPolicy: Always
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
replicaCount: 1
minReadySeconds: 10
containerPort: 8083
diff --git a/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml
index 44040c2c43..ce0bc0704a 100755
--- a/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml
@@ -66,25 +66,13 @@ spec:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
{{- if eq .Values.global.security.aaf.enabled true }}
- name: TRUSTSTORE
value: /app/org.onap.so.trust.jks
diff --git a/kubernetes/so/charts/so-vfc-adapter/templates/secret.yaml b/kubernetes/so/charts/so-vfc-adapter/templates/secret.yaml
new file mode 100644
index 0000000000..bd7eb8ea40
--- /dev/null
+++ b/kubernetes/so/charts/so-vfc-adapter/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-vfc-adapter/values.yaml b/kubernetes/so/charts/so-vfc-adapter/values.yaml
index b15a67ffe8..028f2b51b5 100755
--- a/kubernetes/so/charts/so-vfc-adapter/values.yaml
+++ b/kubernetes/so/charts/so-vfc-adapter/values.yaml
@@ -24,12 +24,37 @@ global:
mountPath: /dockerdata-nfs
#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.db.userCredsExternalSecret }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.db.adminCredsExternalSecret }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+
+#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
image: onap/so/vfc-adapter:1.5.3
pullPolicy: Always
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
replicaCount: 1
minReadySeconds: 10
containerPort: 8084