aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
m---------kubernetes/aai0
-rw-r--r--kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml18
-rw-r--r--kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml2
-rw-r--r--kubernetes/clamp/charts/clamp-dash-es/values.yaml2
-rw-r--r--kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml2
-rw-r--r--kubernetes/clamp/charts/clamp-dash-kibana/values.yaml2
-rw-r--r--kubernetes/clamp/charts/clamp-dash-logstash/values.yaml2
-rw-r--r--kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-tables.sql2
-rw-r--r--kubernetes/clamp/values.yaml2
-rw-r--r--kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml178
-rw-r--r--kubernetes/common/mariadb-galera/templates/backup/pv.yaml59
-rw-r--r--kubernetes/common/mariadb-galera/templates/backup/pvc.yaml81
-rw-r--r--kubernetes/common/mariadb-galera/values.yaml17
-rw-r--r--kubernetes/modeling/charts/modeling-genericparser/values.yaml2
-rwxr-xr-xkubernetes/oof/charts/oof-has/values.yaml2
-rw-r--r--kubernetes/oof/values.yaml2
-rw-r--r--kubernetes/portal/charts/portal-cassandra/values.yaml2
-rw-r--r--kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh312
-rw-r--r--kubernetes/portal/charts/portal-mariadb/values.yaml2
-rw-r--r--kubernetes/sdc/charts/sdc-be/values.yaml2
-rw-r--r--kubernetes/sdc/charts/sdc-cs/values.yaml2
-rw-r--r--kubernetes/sdc/charts/sdc-es/values.yaml2
-rw-r--r--kubernetes/sdc/charts/sdc-fe/values.yaml2
-rw-r--r--kubernetes/sdc/charts/sdc-onboarding-be/values.yaml4
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-be/values.yaml2
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-fe/values.yaml2
26 files changed, 527 insertions, 178 deletions
diff --git a/kubernetes/aai b/kubernetes/aai
-Subproject 3efe1df6fdba4af4e22849bec220c8daa4a68a4
+Subproject fde14dd1e9fec136f6ff9489dcb66ed8102ddb1
diff --git a/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml b/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml
index 996d218ada..26affe600c 100644
--- a/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml
+++ b/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml
@@ -129,18 +129,26 @@ http.port: {{.Values.service.externalPort}}
# Defaults to 9300-9400.
# More info:
transport.tcp.port: {{.Values.service.externalPort2}}
-
#xpack.graph.enabled: false
#Set to false to disable X-Pack graph features.
-
#xpack.ml.enabled: false
#Set to false to disable X-Pack machine learning features.
-
#xpack.monitoring.enabled: false
#Set to false to disable X-Pack monitoring features.
-#xpack.security.enabled: false
-#Set to false to disable X-Pack security features.
#xpack.watcher.enabled: false
#Set to false to disable Watcher.
+
+#xpack.license.self_generated.type: basic
+#xpack.security.enabled: false
+
+## Search Guard
+#
+searchguard.enterprise_modules_enabled: false
+searchguard.ssl.transport.keystore_filepath: sg/node-0-keystore.jks
+searchguard.ssl.transport.truststore_filepath: sg/truststore.jks
+searchguard.ssl.transport.enforce_hostname_verification: false
+
+searchguard.authcz.admin_dn:
+ - "CN=kirk,OU=client,O=client,l=tEst,C=De"
diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml b/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml
index d1504e0c04..5070f24ba3 100644
--- a/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml
+++ b/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml
@@ -58,7 +58,7 @@ spec:
mountPath: /usr/share/elasticsearch/data/
containers:
- name: {{ include "common.name" . }}
- image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.image }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
diff --git a/kubernetes/clamp/charts/clamp-dash-es/values.yaml b/kubernetes/clamp/charts/clamp-dash-es/values.yaml
index 33ea865b38..2d67048844 100644
--- a/kubernetes/clamp/charts/clamp-dash-es/values.yaml
+++ b/kubernetes/clamp/charts/clamp-dash-es/values.yaml
@@ -32,7 +32,7 @@ busyboxImage: library/busybox:latest
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-elasticsearch:4.1.0
+image: onap/clamp-dashboard-elasticsearch:4.1.1
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml b/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml
index 2173039252..55df82b0f1 100644
--- a/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml
+++ b/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml
@@ -128,7 +128,7 @@ server.ssl.key: {{.Values.config.sslPemkeyFilePath}}
## Search Guard
#
-xpack.security.enabled: false
+#xpack.security.enabled: false
elasticsearch.username: {{.Values.config.elasticUSR}}
elasticsearch.password: {{.Values.config.elasticPWD}}
diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml b/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml
index 276ac5d32a..9777b7c0ae 100644
--- a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml
+++ b/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml
@@ -34,7 +34,7 @@ busyboxImage: library/busybox:latest
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-kibana:4.1.0
+image: onap/clamp-dashboard-kibana:4.1.1
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml b/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml
index e7ab68fc5b..7fd8641bad 100644
--- a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml
+++ b/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml
@@ -30,7 +30,7 @@ flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-logstash:4.1.0
+image: onap/clamp-dashboard-logstash:4.1.1
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-tables.sql b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-tables.sql
index 5d6f14f5c6..9b12b1804c 100644
--- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-tables.sql
+++ b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-tables.sql
@@ -20,6 +20,7 @@
create table loop_logs (
id bigint not null,
+ log_component varchar(255) not null,
log_instant datetime(6) not null,
log_type varchar(255) not null,
message MEDIUMTEXT not null,
@@ -36,6 +37,7 @@
global_properties_json json,
last_computed_state varchar(255) not null,
model_properties_json json,
+ operational_policy_schema json,
svg_representation MEDIUMTEXT,
primary key (name)
) engine=InnoDB;
diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml
index 030460401f..21255d1c5b 100644
--- a/kubernetes/clamp/values.yaml
+++ b/kubernetes/clamp/values.yaml
@@ -30,7 +30,7 @@ flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp:4.1.0
+image: onap/clamp-backend:4.1.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml
new file mode 100644
index 0000000000..7d3ec75c00
--- /dev/null
+++ b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml
@@ -0,0 +1,178 @@
+{{/*
+# Copyright © 2019 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.backup.enabled }}
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+ name: {{ include "common.fullname" . }}-backup
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.fullname" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ schedule: {{ .Values.backup.cron | quote }}
+ concurrencyPolicy: Forbid
+ startingDeadlineSeconds: 120
+ jobTemplate:
+ spec:
+ template:
+ spec:
+ restartPolicy: Never
+ initContainers:
+ - command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - {{ include "common.name" . }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ - name: mariadb-galera-backup-init
+ image: "{{ include "common.repository" . }}/{{ .Values.backupImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/bash
+ - -c
+ - |
+ remove_dir(){
+ dirToRemove=$1
+ rm -rf $dirToRemove
+ echo "Failed" > /backup/backup.log
+ echo "Backup failed!!!"
+ }
+
+ target_dir=/backup/backup-`date +%s`
+ mkdir -p $target_dir
+
+ mysqlhost={{ include "common.fullname" . }}-{{ sub .Values.replicaCount 1 }}.{{ .Values.service.name }}
+
+ mariabackup --backup --target-dir=$target_dir --user=root --password=$DB_PASS --host=$mysqlhost
+
+ ret_code=$?
+ if [ $ret_code -ne 0 ]; then
+ remove_dir $target_dir
+ exit 0
+ fi
+
+ echo "Starting Backup Preparation!!!"
+ mariabackup --prepare --target-dir=$target_dir
+ ret_code=$?
+ if [ $ret_code -ne 0 ]; then
+ remove_dir $target_dir
+ exit 0
+ fi
+ echo "Success" > /backup/backup.log
+ echo "Backup Successful!!!"
+ env:
+ - name: DB_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.fullname" . }}
+ key: db-root-password
+ volumeMounts:
+ - name: backup-data
+ mountPath: /backup
+ - name: db-data
+ mountPath: /var/lib/mysql
+ containers:
+ - name: mariadb-backup-validate
+ image: "{{ include "common.repository" . }}/{{ .Values.backupImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: MYSQL_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.fullname" . }}
+ key: db-root-password
+ command:
+ - /bin/bash
+ - -c
+ - |
+ remove_dir(){
+ dirToRemove=$1
+ rm -rf $dirToRemove
+ echo "Validation Failed!!!";
+ }
+
+ backup_result=`cat /backup/backup.log`
+ rm -rf /backup/backup.log
+
+ if [ "$backup_result" == "Failed" ]; then
+ echo "Backup Failed!!! So Validation Failed!!!";
+ exit 0
+ fi
+
+ target_dir=$(ls -td -- /backup/backup-* | head -n 1)
+ cp -Ra $target_dir/* /var/lib/mysql/
+
+ if [ ! "$(ls -A /var/lib/mysql)" ]; then
+ remove_dir $target_dir
+ exit 0
+ fi
+
+ /docker-entrypoint.sh mysqld &
+
+ count=0
+ until mysql --user=root --password=$MYSQL_ROOT_PASSWORD -e "SELECT 1";
+ do sleep 3;
+ count=`expr $count + 1`;
+ if [ $count -ge 30 ]; then
+ remove_dir $target_dir
+ exit 0;
+ fi;
+ done
+
+ mysqlcheck -A --user=root --password=$MYSQL_ROOT_PASSWORD > /tmp/output.log
+ error_lines=`cat /tmp/output.log| grep -v "OK" | wc -l`
+
+ cat /tmp/output.log
+
+ if [ $error_lines -gt 1 ];then
+ remove_dir $target_dir
+ else
+ echo "Validation successful!!!"
+ cd /backup
+ totalFiles=`ls -t | grep "backup-" | wc -l`
+ if [ $totalFiles -gt {{ .Values.backup.retentionPeriod }} ]; then
+ filestoDelete=`expr $totalFiles - {{ .Values.backup.retentionPeriod }}`
+ ls -tr | grep backup | head -$filestoDelete | xargs rm -rf
+ fi
+ fi
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - name: backup-data
+ mountPath: /backup
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: db-data
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-db-data
+ - name: backup-data
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-backup
+{{- end }}
diff --git a/kubernetes/common/mariadb-galera/templates/backup/pv.yaml b/kubernetes/common/mariadb-galera/templates/backup/pv.yaml
new file mode 100644
index 0000000000..2972191563
--- /dev/null
+++ b/kubernetes/common/mariadb-galera/templates/backup/pv.yaml
@@ -0,0 +1,59 @@
+{{/*
+# Copyright © 2019 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.backup.enabled }}
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}-backup
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}-backup
+spec:
+ capacity:
+ storage: {{ .Values.persistence.size}}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ hostPath:
+ path: {{ .Values.global.persistence.backup.mountPath | default .Values.persistence.backup.mountPath }}/{{ include "common.namespace" . }}/{{include "common.name" . }}
+---
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}-db-data
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}-db-data
+spec:
+ capacity:
+ storage: {{ .Values.persistence.size}}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ hostPath:
+ path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}{{ sub .Values.replicaCount 1 }}
+{{- end -}}
+{{- end -}}
+
diff --git a/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml b/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml
new file mode 100644
index 0000000000..a983c8af98
--- /dev/null
+++ b/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml
@@ -0,0 +1,81 @@
+{{/*
+# Copyright © 2019 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.backup.enabled }}
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}-backup
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-backup
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+{{- if .Values.persistence.annotations }}
+ annotations:
+{{ toYaml .Values.persistence.annotations | indent 4 }}
+{{- end }}
+spec:
+ selector:
+ matchLabels:
+ name: {{ include "common.fullname" . }}-backup
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size }}
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}-db-data
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-db-data
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+{{- if .Values.persistence.annotations }}
+ annotations:
+{{ toYaml .Values.persistence.annotations | indent 4 }}
+{{- end }}
+spec:
+ selector:
+ matchLabels:
+ name: {{ include "common.fullname" . }}-db-data
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size }}
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml
index 6b1e186e8b..a662b1e04a 100644
--- a/kubernetes/common/mariadb-galera/values.yaml
+++ b/kubernetes/common/mariadb-galera/values.yaml
@@ -17,9 +17,16 @@
#################################################################
global:
nodePortPrefix: 302
- persistence: {}
+ persistence:
+ mountPath: /dockerdata-nfs
+ backup:
+ mountPath: /dockerdata-nfs/backup
+
repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+
#################################################################
# Application configuration defaults.
@@ -28,6 +35,7 @@ global:
#repository: mysql
repository: nexus3.onap.org:10001
image: adfinissygroup/k8s-mariadb-galera-centos:v002
+backupImage: library/mariadb:10.1.38
imageInit: busybox
pullPolicy: IfNotPresent
@@ -82,6 +90,8 @@ persistence:
mountPath: /dockerdata-nfs
mountSubPath: "mariadb-galera/data"
mysqlPath: /var/lib/mysql
+ backup:
+ mountPath: /dockerdata-nfs/backup
service:
internalPort: 3306
@@ -139,3 +149,8 @@ nameOverride: mariadb-galera
# DNS name for mariadb-galera cluster - should be unique accross all projects other clusters
#dnsnameOverride: mariadb-galera
+
+backup:
+ enabled: false
+ cron: "00 00 * * *"
+ retentionPeriod: 3
diff --git a/kubernetes/modeling/charts/modeling-genericparser/values.yaml b/kubernetes/modeling/charts/modeling-genericparser/values.yaml
index 37f4c427ba..467d7315b5 100644
--- a/kubernetes/modeling/charts/modeling-genericparser/values.yaml
+++ b/kubernetes/modeling/charts/modeling-genericparser/values.yaml
@@ -76,7 +76,7 @@ persistence:
## GKE, AWS & OpenStack)
##
# storageClass: "-"
- accessMode: ReadWriteMany
+ accessMode: ReadWriteOnce
size: 2Gi
mountPath: /dockerdata-nfs
mountSubPath: modeling/genericparser
diff --git a/kubernetes/oof/charts/oof-has/values.yaml b/kubernetes/oof/charts/oof-has/values.yaml
index e53c3422e9..0a003b68da 100755
--- a/kubernetes/oof/charts/oof-has/values.yaml
+++ b/kubernetes/oof/charts/oof-has/values.yaml
@@ -25,7 +25,7 @@ global:
commonConfigPrefix: onap-oof-has
image:
readiness: oomk8s/readiness-check:2.0.0
- optf_has: onap/optf-has:1.3.1
+ optf_has: onap/optf-has:1.3.2
filebeat: docker.elastic.co/beats/filebeat:5.5.0
pullPolicy: Always
diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml
index d72b1f0457..a9b2b2a9c5 100644
--- a/kubernetes/oof/values.yaml
+++ b/kubernetes/oof/values.yaml
@@ -26,7 +26,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-osdf:1.3.2
+image: onap/optf-osdf:1.3.4
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/portal/charts/portal-cassandra/values.yaml b/kubernetes/portal/charts/portal-cassandra/values.yaml
index c46ca4238c..e08f59b971 100644
--- a/kubernetes/portal/charts/portal-cassandra/values.yaml
+++ b/kubernetes/portal/charts/portal-cassandra/values.yaml
@@ -69,7 +69,7 @@ persistence:
## GKE, AWS & OpenStack)
##
# storageClass: "-"
- accessMode: ReadWriteMany
+ accessMode: ReadWriteOnce
size: 2Gi
mountPath: /dockerdata-nfs
mountSubPath: portal/cassandra/data
diff --git a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
index f00bf8b71d..28fcee1551 100644
--- a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
+++ b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
@@ -4,18 +4,18 @@ shopt -s nullglob
# if command starts with an option, prepend mysqld
if [ "${1:0:1}" = '-' ]; then
- set -- mysqld "$@"
+ set -- mysqld "$@"
fi
# skip setup if they want an option that stops mysqld
wantHelp=
for arg; do
- case "$arg" in
- -'?'|--help|--print-defaults|-V|--version)
- wantHelp=1
- break
- ;;
- esac
+ case "$arg" in
+ -'?'|--help|--print-defaults|-V|--version)
+ wantHelp=1
+ break
+ ;;
+ esac
done
# usage: file_env VAR [DEFAULT]
@@ -23,168 +23,174 @@ done
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
- local var="$1"
- local fileVar="${var}_FILE"
- local def="${2:-}"
- if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
- echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
- exit 1
- fi
- local val="$def"
- if [ "${!var:-}" ]; then
- val="${!var}"
- elif [ "${!fileVar:-}" ]; then
- val="$(< "${!fileVar}")"
- fi
- export "$var"="$val"
- unset "$fileVar"
+ local var="$1"
+ local fileVar="${var}_FILE"
+ local def="${2:-}"
+ if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+ echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+ exit 1
+ fi
+ local val="$def"
+ if [ "${!var:-}" ]; then
+ val="${!var}"
+ elif [ "${!fileVar:-}" ]; then
+ val="$(< "${!fileVar}")"
+ fi
+ export "$var"="$val"
+ unset "$fileVar"
}
_check_config() {
- toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" )
- if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
- cat >&2 <<-EOM
-
- ERROR: mysqld failed while attempting to check config
- command was: "${toRun[*]}"
-
- $errors
- EOM
- exit 1
- fi
+ toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" )
+ if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
+ cat >&2 <<-EOM
+ ERROR: mysqld failed while attempting to check config
+ command was: "${toRun[*]}"
+ $errors
+ EOM
+ exit 1
+ fi
}
# Fetch value from server config
# We use mysqld --verbose --help instead of my_print_defaults because the
# latter only show values present in config files, and not server defaults
_get_config() {
- local conf="$1"; shift
- "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null | awk '$1 == "'"$conf"'" { print $2; exit }'
+ local conf="$1"; shift
+ "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \
+ | awk '$1 == "'"$conf"'" && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }'
+ # match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)"
}
# allow the container to be started with `--user`
if [ "$1" = 'mysqld' -a -z "$wantHelp" -a "$(id -u)" = '0' ]; then
- _check_config "$@"
- DATADIR="$(_get_config 'datadir' "$@")"
- mkdir -p "$DATADIR"
- find "$DATADIR" \! -user mysql -exec chown mysql '{}' +
- exec gosu mysql "$BASH_SOURCE" "$@"
+ _check_config "$@"
+ DATADIR="$(_get_config 'datadir' "$@")"
+ mkdir -p "$DATADIR"
+ find "$DATADIR" \! -user mysql -exec chown mysql '{}' +
+ exec gosu mysql "$BASH_SOURCE" "$@"
fi
if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then
- # still need to check config, container may have started with --user
- _check_config "$@"
- # Get config
- DATADIR="$(_get_config 'datadir' "$@")"
-
- if [ ! -d "$DATADIR/mysql" ]; then
- file_env 'MYSQL_ROOT_PASSWORD'
- if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
- echo >&2 'error: database is uninitialized and password option is not specified '
- echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD'
- exit 1
- fi
-
- mkdir -p "$DATADIR"
-
- echo 'Initializing database'
- # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
- mysql_install_db --datadir="$DATADIR" --rpm "${@:2}"
- echo 'Database initialized'
-
- SOCKET="$(_get_config 'socket' "$@")"
- "$@" --skip-networking --socket="${SOCKET}" &
- pid="$!"
-
- mysql=( mysql --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" )
-
- for i in {60..0}; do
- if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then
- break
- fi
- echo 'MySQL init process in progress...'
- sleep 1
- done
- if [ "$i" = 0 ]; then
- echo >&2 'MySQL init process failed.'
- exit 1
- fi
-
- if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
- # sed is for https://bugs.mysql.com/bug.php?id=20545
- mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql
- fi
-
- if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
- export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)"
- echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
- fi
-
- rootCreate=
- # default root to listen for connections from anywhere
- file_env 'MYSQL_ROOT_HOST' '%'
- if [ ! -z "$MYSQL_ROOT_HOST" -a "$MYSQL_ROOT_HOST" != 'localhost' ]; then
- # no, we don't care if read finds a terminating character in this heredoc
- # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151
- read -r -d '' rootCreate <<-EOSQL || true
- CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
- GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ;
- EOSQL
- fi
-
- "${mysql[@]}" <<-EOSQL
- -- What's done in this file shouldn't be replicated
- -- or products like mysql-fabric won't work
- SET @@SESSION.SQL_LOG_BIN=0;
-
- DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ;
- SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
- GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ;
- ${rootCreate}
- DROP DATABASE IF EXISTS test ;
- FLUSH PRIVILEGES ;
- EOSQL
-
- if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then
- mysql+=( -p"${MYSQL_ROOT_PASSWORD}" )
- fi
-
- file_env 'MYSQL_DATABASE'
- if [ "$MYSQL_DATABASE" ]; then
- echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}"
- mysql+=( "$MYSQL_DATABASE" )
- fi
-
- file_env 'MYSQL_USER'
- file_env 'MYSQL_PASSWORD'
- if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then
- echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}"
-
- if [ "$MYSQL_DATABASE" ]; then
- echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
- fi
- fi
-
- echo
- for f in /docker-entrypoint-initdb.d/*; do
- case "$f" in
- *.sh) echo "$0: running $f"; . "$f" ;;
- *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;;
- *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;;
- *) echo "$0: ignoring $f" ;;
- esac
- echo
- done
-
- if ! kill -s TERM "$pid" || ! wait "$pid"; then
- echo >&2 'MySQL init process failed.'
- exit 1
- fi
-
- echo
- echo 'MySQL init process done. Ready for start up.'
- echo
- fi
+ # still need to check config, container may have started with --user
+ _check_config "$@"
+ # Get config
+ DATADIR="$(_get_config 'datadir' "$@")"
+
+ if [ ! -d "$DATADIR/mysql" ]; then
+ file_env 'MYSQL_ROOT_PASSWORD'
+ if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
+ echo >&2 'error: database is uninitialized and password option is not specified '
+ echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD'
+ exit 1
+ fi
+
+ mkdir -p "$DATADIR"
+
+ echo 'Initializing database'
+ installArgs=( --datadir="$DATADIR" --rpm )
+ if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then
+ # beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password
+ # see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3
+ # (this flag doesn't exist in 10.0 and below)
+ installArgs+=( --auth-root-authentication-method=normal )
+ fi
+ # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
+ mysql_install_db "${installArgs[@]}" "${@:2}"
+ echo 'Database initialized'
+
+ SOCKET="$(_get_config 'socket' "$@")"
+ "$@" --skip-networking --socket="${SOCKET}" &
+ pid="$!"
+
+ mysql=( mysql --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" )
+
+ for i in {60..0}; do
+ if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then
+ break
+ fi
+ echo 'MySQL init process in progress...'
+ sleep 1
+ done
+ if [ "$i" = 0 ]; then
+ echo >&2 'MySQL init process failed.'
+ exit 1
+ fi
+
+ if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
+ # sed is for https://bugs.mysql.com/bug.php?id=20545
+ mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql
+ fi
+
+ if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
+ export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)"
+ echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
+ fi
+
+ rootCreate=
+ # default root to listen for connections from anywhere
+ file_env 'MYSQL_ROOT_HOST' '%'
+ if [ ! -z "$MYSQL_ROOT_HOST" -a "$MYSQL_ROOT_HOST" != 'localhost' ]; then
+ # no, we don't care if read finds a terminating character in this heredoc
+ # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151
+ read -r -d '' rootCreate <<-EOSQL || true
+ CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
+ GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ;
+ EOSQL
+ fi
+
+ "${mysql[@]}" <<-EOSQL
+ -- What's done in this file shouldn't be replicated
+ -- or products like mysql-fabric won't work
+ SET @@SESSION.SQL_LOG_BIN=0;
+ DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ;
+ SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
+ GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ;
+ ${rootCreate}
+ DROP DATABASE IF EXISTS test ;
+ FLUSH PRIVILEGES ;
+ EOSQL
+
+ if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then
+ mysql+=( -p"${MYSQL_ROOT_PASSWORD}" )
+ fi
+
+ file_env 'MYSQL_DATABASE'
+ if [ "$MYSQL_DATABASE" ]; then
+ echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}"
+ mysql+=( "$MYSQL_DATABASE" )
+ fi
+
+ file_env 'MYSQL_USER'
+ file_env 'MYSQL_PASSWORD'
+ if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then
+ echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}"
+
+ if [ "$MYSQL_DATABASE" ]; then
+ echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
+ fi
+ fi
+
+ echo
+ for f in /docker-entrypoint-initdb.d/*; do
+ case "$f" in
+ *.sh) echo "$0: running $f"; . "$f" ;;
+ *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;;
+ *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;;
+ *) echo "$0: ignoring $f" ;;
+ esac
+ echo
+ done
+
+ if ! kill -s TERM "$pid" || ! wait "$pid"; then
+ echo >&2 'MySQL init process failed.'
+ exit 1
+ fi
+
+ echo
+ echo 'MySQL init process done. Ready for start up.'
+ echo
+ fi
fi
exec "$@" \ No newline at end of file
diff --git a/kubernetes/portal/charts/portal-mariadb/values.yaml b/kubernetes/portal/charts/portal-mariadb/values.yaml
index e00f0fcebb..8869b94467 100644
--- a/kubernetes/portal/charts/portal-mariadb/values.yaml
+++ b/kubernetes/portal/charts/portal-mariadb/values.yaml
@@ -111,7 +111,7 @@ persistence:
## GKE, AWS & OpenStack)
##
# storageClass: "-"
- accessMode: ReadWriteMany
+ accessMode: ReadWriteOnce
size: 2Gi
mountPath: /dockerdata-nfs
mountSubPath: portal/mariadb/data
diff --git a/kubernetes/sdc/charts/sdc-be/values.yaml b/kubernetes/sdc/charts/sdc-be/values.yaml
index b20288072b..928252d334 100644
--- a/kubernetes/sdc/charts/sdc-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-be/values.yaml
@@ -36,7 +36,7 @@ pullPolicy: Always
debugEnabled: false
config:
- javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=4000,server=y,suspend=n -Xmx1536m -Xms1536m"
+ javaOptions: "-Xmx1536m -Xms1536m"
cassandraSslEnabled: "false"
# default number of instances
diff --git a/kubernetes/sdc/charts/sdc-cs/values.yaml b/kubernetes/sdc/charts/sdc-cs/values.yaml
index 49e5ac05f6..fdad3fe16a 100644
--- a/kubernetes/sdc/charts/sdc-cs/values.yaml
+++ b/kubernetes/sdc/charts/sdc-cs/values.yaml
@@ -85,7 +85,7 @@ persistence:
## GKE, AWS & OpenStack)
##
# storageClass: "-"
- accessMode: ReadWriteMany
+ accessMode: ReadWriteOnce
size: 2Gi
mountPath: /dockerdata-nfs
mountSubPath: /sdc/sdc-cs/CS
diff --git a/kubernetes/sdc/charts/sdc-es/values.yaml b/kubernetes/sdc/charts/sdc-es/values.yaml
index 4c0a6cc768..31386333fb 100644
--- a/kubernetes/sdc/charts/sdc-es/values.yaml
+++ b/kubernetes/sdc/charts/sdc-es/values.yaml
@@ -89,7 +89,7 @@ persistence:
## GKE, AWS & OpenStack)
##
# storageClass: "-"
- accessMode: ReadWriteMany
+ accessMode: ReadWriteOnce
size: 2Gi
mountPath: /dockerdata-nfs
mountSubPath: /sdc/sdc-es/ES
diff --git a/kubernetes/sdc/charts/sdc-fe/values.yaml b/kubernetes/sdc/charts/sdc-fe/values.yaml
index fba4c568f0..d3ea244368 100644
--- a/kubernetes/sdc/charts/sdc-fe/values.yaml
+++ b/kubernetes/sdc/charts/sdc-fe/values.yaml
@@ -32,7 +32,7 @@ image: onap/sdc-frontend:1.5.1
pullPolicy: Always
config:
- javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=6000,server=y,suspend=n -Xmx256m -Xms256m"
+ javaOptions: "-Xmx256m -Xms256m"
plugins:
dcae_discovery_url: "http://sdc-dcae-fe:8183/dcaed/#/home"
dcae_source_url: "http://sdc.dcae.plugin.simpledemo.onap.org:30263/dcaed/#/home"
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
index 32b8cdb18d..fac4dd0502 100644
--- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
@@ -36,7 +36,7 @@ pullPolicy: Always
debugEnabled: false
config:
- javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=4001,server=y,suspend=n -Xmx1g -Xms1g"
+ javaOptions: "-Xmx1g -Xms1g"
cassandraSslEnabled: "false"
# default number of instances
@@ -85,7 +85,7 @@ persistence:
## GKE, AWS & OpenStack)
##
# storageClass: "-"
- accessMode: ReadWriteMany
+ accessMode: ReadWriteOnce
size: 2Gi
mountPath: /dockerdata-nfs
mountSubPath: /sdc/sdc-cs/CS
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
index 73eea4af7e..691963733f 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
@@ -39,7 +39,7 @@ initJob:
enabled: true
config:
- javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=7001,server=y,suspend=n -Xmx1536m -Xms1536m"
+ javaOptions: "-Xmx1536m -Xms1536m"
cassandraAuthenticationEnabled: true
cassandraThriftClientPort: 9160
cassandraClientPort: 9042
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
index 639c811b08..09fe3291e0 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
@@ -35,7 +35,7 @@ pullPolicy: Always
debugEnabled: false
config:
- javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=7000,server=y,suspend=n -Xmx256m -Xms256m"
+ javaOptions: "-Xmx256m -Xms256m"
backendServerURL: "http://sdc-wfd-be:8080"
isHttpsEnabled: true