diff options
1860 files changed, 19704 insertions, 15306 deletions
diff --git a/.gitignore b/.gitignore index fcf3cdd96f..11c7e801d7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,9 +1,15 @@ +# auto generated certificates +kubernetes/platform/components/oom-cert-service/resources/*.jks +kubernetes/platform/components/oom-cert-service/resources/*.p12 +kubernetes/platform/components/oom-cert-service/resources/*.crt + # Unit tests __snapshot__ # Application kubernetes/config/onap-parameters.yaml kubernetes/dist/* +kubernetes/common/dist/* requirements.lock **/charts/*.tgz *.orig diff --git a/docs/environments_onap_demo.yaml b/docs/environments_onap_demo.yaml index 9846e3717e..cbb8f01d22 100644 --- a/docs/environments_onap_demo.yaml +++ b/docs/environments_onap_demo.yaml @@ -13,7 +13,7 @@ global: repository: nexus3.onap.org:10001 repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ== # readiness check - readinessRepository: oomk8s + readinessImage: onap/oom/readiness:3.0.1 # logging agent loggingRepository: docker.elastic.co diff --git a/docs/hardcoded_certificates.csv b/docs/hardcoded_certificates.csv new file mode 100644 index 0000000000..762956febd --- /dev/null +++ b/docs/hardcoded_certificates.csv @@ -0,0 +1,32 @@ +Project,ONAP Certificate,Own Certificate,MSB Certificate,Path +AAF,No,Yes,No,aaf/charts/aaf-cert-service/resources/ +AAF,Yes,No,No,aaf/components/aaf-sms/resources/certs/intermediate_root_ca.pem +AAI,Yes,No,No,aai/oom/resources/config/haproxy/aai.pem +AAI,Yes,No,No,aai/oom/resources/config/aai/aai_keystore +AAI/SEARCH-DATA,Yes,No,No,aai/oom/components/aai-search-data/resources/config/auth/tomcat_keystore +AAI/SPARKY-BE,Yes,No,No,aai/oom/components/aai-spary-be/resources/config/auth/org.onap.aai.p12 +AAI/BABEL,No,Yes,No,aai/oom/components/aai-babel/resources/config/auth/tomcat_keystore +AAI/MODEL-LOADER,Yes,Yes,No,aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore +APPC,Yes,No,No,kubernetes/appc/resources/config/certs/org.onap.appc.keyfile +APPC,Yes,No,No,kubernetes/appc/resources/config/certs/org.onap.appc.p12 +certInitializer,Yes,No,No,kubernetes/common/certInitializer/resources +MSB,Yes,No?,Yes,kubernetes/msb/resources/config/certificates +MUSIC,Yes,No?,No?,kubernetes/common/music/charts/music/resources/keys/ +SDC,Yes,No?,No?,kubernetes/sdc/resources/cert +SO,Yes,No?,Yes,kubernetes/so/resources/config/certificates +SO/BPMN,Yes,No?,Yes,kubernetes/so/resources/config/certificates +SO/Catalog,Yes,No?,Yes,kubernetes/so/resources/config/certificates +SO/Monitoring,Yes,No?,Yes,kubernetes/so/resources/config/certificates +SO/OpenStack,Yes,No?,Yes,kubernetes/so/resources/config/certificates +SO/RequestDb,Yes,No?,Yes,kubernetes/so/resources/config/certificates +SO/SDC,Yes,No?,Yes,kubernetes/so/resources/config/certificates +SO/SDNC,Yes,No?,Yes,kubernetes/so/resources/config/certificates +SO/VE/VNFM,Yes,No?,Yes,kubernetes/so/resources/config/certificates +SO/VFC,Yes,No?,Yes,kubernetes/so/resources/config/certificates +SO/VNFM,Yes,No?,Yes,kubernetes/so/resources/config/certificates +SO/VNFM,No,Yes?,Yes,kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks +VID,No,Yes,No,kubernetes/vid/resources/cert +OOF/OOF-CMSO,Yes,No,No,kubernetes/oof/charts/oof-cmso/resources/certs +OOF/OOF-HAS,Yes,No,No,kubernetes/oof/charts/oof-has/resources/config +OOF/OOF-OSDF,Yes,No,No,kubernetes/oof/resources/config +CLI,No,Yes,No,kubernetes/cli/resources/certificates diff --git a/docs/index.rst b/docs/index.rst index c933a726fb..c3902ecae0 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -1,6 +1,7 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. This work is licensed under a Creative Commons Attribution 4.0 +.. International License. .. http://creativecommons.org/licenses/by/4.0 -.. Copyright 2018 Amdocs, Bell Canada +.. Copyright 2018-2020 Amdocs, Bell Canada, Orange, Samsung .. _master_index: diff --git a/docs/oom_cloud_setup_guide.rst b/docs/oom_cloud_setup_guide.rst index 2c6eb9a5f8..9a34036727 100644 --- a/docs/oom_cloud_setup_guide.rst +++ b/docs/oom_cloud_setup_guide.rst @@ -1,7 +1,7 @@ .. This work is licensed under a Creative Commons Attribution 4.0 .. International License. .. http://creativecommons.org/licenses/by/4.0 -.. Copyright 2019 Amdocs, Bell Canada +.. Copyright 2019-2020 Amdocs, Bell Canada, Orange, Samsung .. _oom_cloud_setup_guide: .. Links @@ -92,9 +92,9 @@ Cloud Installation .. - IBM, and .. - `Openstack`_. .. -.. #. Alternatively, OOM can be deployed on a private set of physical hosts or VMs -.. (or even a combination of the two). The following guides describe how to -.. create a Kubernetes cluster with popular tools: +.. #. Alternatively, OOM can be deployed on a private set of physical hosts or +.. VMs (or even a combination of the two). The following guides describe how +.. to create a Kubernetes cluster with popular tools: .. .. - `Setting up Kubernetes with Rancher`_ (recommended) .. - `Setting up Kubernetes with Kubeadm`_ @@ -104,4 +104,5 @@ OOM can be deployed on a private set of physical hosts or VMs (or even a combination of the two). The following guide describe the recommended method to setup a Kubernetes cluster: :ref:`onap-on-kubernetes-with-rancher`. -There are alternative deployment methods described on the `Cloud Native Deployment Wiki`_ +There are alternative deployment methods described on the +`Cloud Native Deployment Wiki`_ diff --git a/docs/oom_developer_guide.rst b/docs/oom_developer_guide.rst index 3cced83f62..fccf453925 100644 --- a/docs/oom_developer_guide.rst +++ b/docs/oom_developer_guide.rst @@ -1,6 +1,7 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. This work is licensed under a Creative Commons Attribution 4.0 +.. International License. .. http://creativecommons.org/licenses/by/4.0 -.. Copyright 2018 Amdocs, Bell Canada +.. Copyright 2018-2020 Amdocs, Bell Canada, Orange, Samsung .. Links .. _Helm: https://docs.helm.sh/ @@ -164,7 +165,8 @@ components and in themselves can be quite complex. You can use either `charts` or `components` folder for your subcomponents. `charts` folder means that the subcomponent will always been deployed. -`components` folders means we can choose if we want to deploy the sub component. +`components` folders means we can choose if we want to deploy the +subcomponent. This choice is done in root `values.yaml`: @@ -451,10 +453,10 @@ It would render the following Service Resource (for a component named app.kubernetes.io/instance: my-deployment-name-of-my-component type: NodePort -In the deployment or statefulSet file, you needs to set the good labels in order -for the service to match the pods. +In the deployment or statefulSet file, you needs to set the good labels in +order for the service to match the pods. -here's an example to be sure it matchs (for a statefulSet): +here's an example to be sure it matches (for a statefulSet): .. code-block:: yaml @@ -637,7 +639,7 @@ SO deployment specification excerpt: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - so-mariadb @@ -1010,7 +1012,7 @@ MSB service discovery. The following is a brief description of how this integration will be done: A registrator to push the service endpoint info to MSB service -discovery. +discovery. - The needed service endpoint info is put into the kubernetes yaml file as annotation, including service name, Protocol,version, visual diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst index d853244283..9f6aa1ff0e 100644 --- a/docs/oom_hardcoded_certificates.rst +++ b/docs/oom_hardcoded_certificates.rst @@ -1,9 +1,10 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. This work is licensed under a Creative Commons Attribution 4.0 +.. International License. .. http://creativecommons.org/licenses/by/4.0 .. Copyright 2018 Amdocs, Bell Canada, 2020 Nokia Solutions and Networks .. Links -.. _hardcoded-certiticates-label: +.. _hardcoded-certificates-label: ONAP Hardcoded certificates ########################### @@ -11,68 +12,5 @@ ONAP Hardcoded certificates ONAP current installation have hardcoded certificates. Here's the list of these certificates: - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | Project | ONAP Certificate | Own Certificate | MSB Certificate | Path | - +==================+==================+==================+=================+==========================================================================+ - | AAF | No | Yes | No | aaf/charts/aaf-cert-service/resources/ | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | AAF | Yes | No | No | aaf/components/aaf-sms/resources/certs/intermediate_root_ca.pem | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | AAI | Yes | No | No | aai/oom/resources/config/haproxy/aai.pem | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | AAI | Yes | No | No | aai/oom/resources/config/aai/aai_keystore | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | AAI/SEARCH-DATA | Yes | No | No | aai/oom/components/aai-search-data/resources/config/auth/tomcat_keystore | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | AAI/SPARKY-BE | Yes | No | No | aai/oom/components/aai-spary-be/resources/config/auth/org.onap.aai.p12 | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | AAI/BABEL | No | Yes | No | aai/oom/components/aai-babel/resources/config/auth/tomcat_keystore | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | AAI/MODEL-LOADER | Yes | Yes | No | aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | APPC | Yes | No | No | kubernetes/appc/resources/config/certs/org.onap.appc.keyfile | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | APPC | Yes | No | No | kubernetes/appc/resources/config/certs/org.onap.appc.p12 | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | certInitializer | Yes | No | No | kubernetes/common/certInitializer/resources | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | MSB | Yes | No? | Yes | kubernetes/msb/resources/config/certificates | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | MUSIC | Yes | No? | No? | kubernetes/common/music/charts/music/resources/keys/ | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | SDC | Yes | No? | No? | kubernetes/sdc/resources/cert | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | SO | Yes | No? | Yes | kubernetes/so/resources/config/certificates | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | SO/BPMN | Yes | No? | Yes | kubernetes/so/resources/config/certificates | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | SO/Catalog | Yes | No? | Yes | kubernetes/so/resources/config/certificates | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | SO/Monitoring | Yes | No? | Yes | kubernetes/so/resources/config/certificates | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | SO/OpenStack | Yes | No? | Yes | kubernetes/so/resources/config/certificates | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | SO/RequestDb | Yes | No? | Yes | kubernetes/so/resources/config/certificates | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | SO/SDC | Yes | No? | Yes | kubernetes/so/resources/config/certificates | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | SO/SDNC | Yes | No? | Yes | kubernetes/so/resources/config/certificates | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | SO/VE/VNFM | Yes | No? | Yes | kubernetes/so/resources/config/certificates | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | SO/VFC | Yes | No? | Yes | kubernetes/so/resources/config/certificates | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | SO/VNFM | Yes | No? | Yes | kubernetes/so/resources/config/certificates | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | SO/VNFM | No | Yes? | Yes | kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | VID | No | Yes | No | kubernetes/vid/resources/cert | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | OOF/OOF-CMSO | Yes | No | No | kubernetes/oof/charts/oof-cmso/resources/certs | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | OOF/OOF-HAS | Yes | No | No | kubernetes/oof/charts/oof-has/resources/config | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | OOF/OOF-OSDF | Yes | No | No | kubernetes/oof/resources/config | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ - | CLI | No | Yes | No | kubernetes/cli/resources/certificates | - +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+ +.. csv-table:: + :file: hardcoded_certificates.csv diff --git a/docs/oom_project_description.rst b/docs/oom_project_description.rst index 034d0a48c9..f1587b4eeb 100644 --- a/docs/oom_project_description.rst +++ b/docs/oom_project_description.rst @@ -1,6 +1,7 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. This work is licensed under a Creative Commons Attribution 4.0 +.. International License. .. http://creativecommons.org/licenses/by/4.0 -.. Copyright 2018 Amdocs, Bell Canada +.. Copyright 2018-2020 Amdocs, Bell Canada, Orange, Samsung .. _oom_project_description: ONAP Operations Manager Project @@ -23,23 +24,28 @@ In summary OOM provides the following capabilities: - **Deploy** - with built-in component dependency management - **Configure** - unified configuration across all ONAP components -- **Monitor** - real-time health monitoring feeding to a Consul UI and Kubernetes +- **Monitor** - real-time health monitoring feeding to a Consul UI and + Kubernetes - **Heal**- failed ONAP containers are recreated automatically - **Scale** - cluster ONAP services to enable seamless scaling -- **Upgrade** - change-out containers or configuration with little or no service impact +- **Upgrade** - change-out containers or configuration with little or no + service impact - **Delete** - cleanup individual containers or entire deployments OOM supports a wide variety of Kubernetes private clouds - built with Rancher, -Kubeadm or Cloudify - and public cloud infrastructures such as: Microsoft Azure, -Amazon AWS, Google GCD, VMware VIO, and Openstack. +Kubeadm or Cloudify - and public cloud infrastructures such as: Microsoft +Azure, Amazon AWS, Google GCD, VMware VIO, and OpenStack. -The OOM documentation is broken into four different areas each targeted at a different user: +The OOM documentation is broken into four different areas each targeted at a +different user: - :ref:`quick-start-label` - deploy ONAP on an existing cloud - :ref:`user-guide-label` - a guide for operators of an ONAP instance - :ref:`developer-guide-label` - a guide for developers of OOM and ONAP -- :ref:`cloud-setup-guide-label` - a guide for those setting up cloud environments that ONAP will use -- :ref:`hardcoded-certiticates-label` - the list of all hardcoded certificates sets in ONAP installation +- :ref:`cloud-setup-guide-label` - a guide for those setting up cloud + environments that ONAP will use +- :ref:`hardcoded-certificates-label` - the list of all hardcoded certificates + set in ONAP installation The :ref:`release_notes` for OOM describe the incremental features per release. diff --git a/docs/oom_quickstart_guide.rst b/docs/oom_quickstart_guide.rst index 78af191872..5c0d5127bd 100644 --- a/docs/oom_quickstart_guide.rst +++ b/docs/oom_quickstart_guide.rst @@ -1,7 +1,7 @@ .. This work is licensed under a .. Creative Commons Attribution 4.0 International License. .. http://creativecommons.org/licenses/by/4.0 -.. Copyright 2019 Amdocs, Bell Canada +.. Copyright 2019-2020 Amdocs, Bell Canada, Orange, Samsung .. _oom_quickstart_guide: .. _quick-start-label: @@ -11,7 +11,7 @@ OOM Quick Start Guide .. figure:: oomLogoV2-medium.png :align: right -Once a kubernetes environment is available (follow the instructions in +Once a Kubernetes environment is available (follow the instructions in :ref:`cloud-setup-guide-label` if you don't have a cloud environment available), follow the following instructions to deploy ONAP. @@ -20,7 +20,7 @@ available), follow the following instructions to deploy ONAP. > git clone -b <BRANCH> http://gerrit.onap.org/r/oom --recurse-submodules > cd oom/kubernetes -where <BRANCH> can be an offical release tag, such as +where <BRANCH> can be an official release tag, such as * 4.0.0-ONAP for Dublin * 5.0.1-ONAP for El Alto @@ -31,9 +31,9 @@ where <BRANCH> can be an offical release tag, such as > sudo cp -R ~/oom/kubernetes/helm/plugins/ ~/.helm -**Step 3.** Customize the helm charts like `oom/kubernetes/onap/values.yaml` or an override -file like `onap-all.yaml`, `onap-vfw.yaml` or `openstack.yaml` file to suit your deployment -with items like the OpenStack tenant information. +**Step 3.** Customize the Helm charts like `oom/kubernetes/onap/values.yaml` or +an override file like `onap-all.yaml`, `onap-vfw.yaml` or `openstack.yaml` file +to suit your deployment with items like the OpenStack tenant information. .. note:: Standard and example override files (e.g. `onap-all.yaml`, `openstack.yaml`) can be found in @@ -44,15 +44,15 @@ with items like the OpenStack tenant information. the ``enabled: true/false`` flags. - b. Encrypt the OpenStack password using the shell tool for robot and put it in - the robot helm charts or robot section of `openstack.yaml` + b. Encrypt the OpenStack password using the shell tool for Robot and put it in + the Robot Helm charts or Robot section of `openstack.yaml` - c. Encrypt the OpenStack password using the java based script for SO helm charts + c. Encrypt the OpenStack password using the java based script for SO Helm charts or SO section of `openstack.yaml`. - d. Update the OpenStack parameters that will be used by robot, SO and APPC helm + d. Update the OpenStack parameters that will be used by Robot, SO and APPC Helm charts or use an override file to replace them. e. Add in the command line a value for the global master password (global.masterPassword). @@ -68,11 +68,11 @@ We have different values file available for different contexts. b. Generating ROBOT Encrypted Password: -The ROBOT encrypted Password uses the same encryption.key as SO but an +The Robot encrypted Password uses the same encryption.key as SO but an openssl algorithm that works with the python based Robot Framework. .. note:: - To generate ROBOT ``openStackEncryptedPasswordHere``:: + To generate Robot ``openStackEncryptedPasswordHere``:: cd so/resources/config/mso/ /oom/kubernetes/so/resources/config/mso# echo -n "<openstack tenant password>" | openssl aes-128-ecb -e -K `cat encryption.key` -nosalt | xxd -c 256 -p`` @@ -80,7 +80,7 @@ openssl algorithm that works with the python based Robot Framework. c. Generating SO Encrypted Password: The SO Encrypted Password uses a java based encryption utility since the Java encryption library is not easy to integrate with openssl/python that -ROBOT uses in Dublin and upper versions. +Robot uses in Dublin and upper versions. .. note:: To generate SO ``openStackEncryptedPasswordHere`` and ``openStackSoEncryptedPassword`` @@ -101,32 +101,33 @@ ROBOT uses in Dublin and upper versions. d. Update the OpenStack parameters: -There are assumptions in the demonstration VNF heat templates about the networking -available in the environment. To get the most value out of these templates and the -automation that can help confirm the setup is correct, please observe the following -constraints. +There are assumptions in the demonstration VNF Heat templates about the +networking available in the environment. To get the most value out of these +templates and the automation that can help confirm the setup is correct, please +observe the following constraints. ``openStackPublicNetId:`` - This network should allow heat templates to add interfaces. - This need not be an external network, floating IPs can be assigned to the ports on - the VMs that are created by the heat template but its important that neutron allow - ports to be created on them. + This network should allow Heat templates to add interfaces. + This need not be an external network, floating IPs can be assigned to the + ports on the VMs that are created by the heat template but its important that + neutron allow ports to be created on them. ``openStackPrivateNetCidr: "10.0.0.0/16"`` - This ip address block is used to assign OA&M addresses on VNFs to allow ONAP connectivity. - The demonstration heat templates assume that 10.0 prefix can be used by the VNFs and the - demonstration ip addressing plan embodied in the preload template prevent conflicts when - instantiating the various VNFs. If you need to change this, you will need to modify the preload - data in the robot helm chart like integration_preload_parametes.py and the demo/heat/preload_data - in the robot container. The size of the CIDR should be sufficient for ONAP and the VMs you expect - to create. + This ip address block is used to assign OA&M addresses on VNFs to allow ONAP + connectivity. The demonstration Heat templates assume that 10.0 prefix can be + used by the VNFs and the demonstration ip addressing plan embodied in the + preload template prevent conflicts when instantiating the various VNFs. If + you need to change this, you will need to modify the preload data in the + Robot Helm chart like integration_preload_parameters.py and the + demo/heat/preload_data in the Robot container. The size of the CIDR should + be sufficient for ONAP and the VMs you expect to create. ``openStackOamNetworkCidrPrefix: "10.0"`` - This ip prefix mush match the openStackPrivateNetCidr and is a helper variable to some of the - robot scripts for demonstration. A production deployment need not worry about this - setting but for the demonstration VNFs the ip asssignment strategy assumes 10.0 ip prefix. - + This ip prefix mush match the openStackPrivateNetCidr and is a helper + variable to some of the Robot scripts for demonstration. A production + deployment need not worry about this setting but for the demonstration VNFs + the ip asssignment strategy assumes 10.0 ip prefix. Example Keystone v2.0 @@ -156,7 +157,11 @@ follows:: **Step 6.** Build a local Helm repository (from the kubernetes directory):: - > make SKIP_LINT=TRUE all; make SKIP_LINT=TRUE onap + > make SKIP_LINT=TRUE [HELM_BIN=<HELM_PATH>] all ; make SKIP_LINT=TRUE [HELM_BIN=<HELM_PATH>] onap + +`HELM_BIN` + Sets the helm binary to be used. The default value use helm from PATH. Allow the user to have + multiple version of helm in operating system and choose which one to use. **Step 7.** Display the onap charts that available to be deployed:: @@ -165,7 +170,9 @@ follows:: .. literalinclude:: helm-search.txt .. note:: - The setup of the Helm repository is a one time activity. If you make changes to your deployment charts or values be sure to use ``make`` to update your local Helm repository. + The setup of the Helm repository is a one time activity. If you make changes + to your deployment charts or values be sure to use ``make`` to update your + local Helm repository. **Step 8.** Once the repo is setup, installation of ONAP can be done with a single command @@ -189,26 +196,35 @@ To deploy all ONAP applications use this command:: > cd oom/kubernetes > helm deploy dev local/onap --namespace onap --set global.masterPassword=myAwesomePasswordThatINeedToChange -f onap/resources/overrides/onap-all.yaml -f onap/resources/overrides/environment.yaml -f onap/resources/overrides/openstack.yaml --timeout 900 -All override files may be customized (or replaced by other overrides) as per needs. +All override files may be customized (or replaced by other overrides) as per +needs. `onap-all.yaml` - Enables the modules in the ONAP deployment. As ONAP is very modular, it is possible to customize ONAP and disable some components through this configuration file. + Enables the modules in the ONAP deployment. As ONAP is very modular, it is + possible to customize ONAP and disable some components through this + configuration file. `onap-all-ingress-nginx-vhost.yaml` - Alternative version of the `onap-all.yaml` but with global ingress controller enabled. It requires the cluster configured with the nginx ingress controller and load balancer. - Please use this file instad `onap-all.yaml` if you want to use experimental ingress controller feature. + Alternative version of the `onap-all.yaml` but with global ingress controller + enabled. It requires the cluster configured with the nginx ingress controller + and load balancer. Please use this file instead `onap-all.yaml` if you want + to use experimental ingress controller feature. `environment.yaml` Includes configuration values specific to the deployment environment. - Example: adapt readiness and liveness timers to the level of performance of your infrastructure + Example: adapt readiness and liveness timers to the level of performance of + your infrastructure `openstack.yaml` - Includes all the Openstack related information for the default target tenant you want to use to deploy VNFs from ONAP and/or additional parameters for the embedded tests. + Includes all the OpenStack related information for the default target tenant + you want to use to deploy VNFs from ONAP and/or additional parameters for the + embedded tests. **Step 9.** Verify ONAP installation -Use the following to monitor your deployment and determine when ONAP is ready for use:: +Use the following to monitor your deployment and determine when ONAP is ready +for use:: > kubectl get pods -n onap -o=wide @@ -219,7 +235,8 @@ Use the following to monitor your deployment and determine when ONAP is ready fo > ~/oom/kubernetes/robot/ete-k8s.sh onap health -**Step 10.** Undeploy ONAP:: +**Step 10.** Undeploy ONAP +:: > helm undeploy dev --purge diff --git a/docs/oom_setup_ingress_controller.rst b/docs/oom_setup_ingress_controller.rst index a4abc2b390..c15171c7be 100644 --- a/docs/oom_setup_ingress_controller.rst +++ b/docs/oom_setup_ingress_controller.rst @@ -1,4 +1,5 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. This work is licensed under a Creative Commons Attribution 4.0 +.. International License. .. http://creativecommons.org/licenses/by/4.0 .. Copyright 2020, Samsung Electronics @@ -20,9 +21,10 @@ Ingress controller setup on HA Kubernetes Cluster ################################################# -This guide provides instruction how to setup experimental ingress controller feature. -For this, we are hosting our cluster on OpenStack VMs and using the Rancher Kubernetes Engine (RKE) -to deploy and manage our Kubernetes Cluster and ingress controller +This guide provides instruction how to setup experimental ingress controller +feature. For this, we are hosting our cluster on OpenStack VMs and using the +Rancher Kubernetes Engine (RKE) to deploy and manage our Kubernetes Cluster and +ingress controller .. contents:: :depth: 1 @@ -33,127 +35,148 @@ The result at the end of this tutorial will be: #. Customization of the cluster.yaml file for ingress controller support -#. Installation and configuration test DNS server for ingress host resolution on testing machines +#. Installation and configuration test DNS server for ingress host resolution + on testing machines -#. Instalation and configuration MLB (Metal Load Balancer) required for exposing ingress service +#. Installation and configuration MLB (Metal Load Balancer) required for + exposing ingress service -#. Instalation and configuration NGINX ingress controller +#. Installation and configuration NGINX ingress controller -#. Additional info howto deploy onap with services exposed via Ingress controller +#. Additional info how to deploy ONAP with services exposed via Ingress + controller Customize cluster.yml file -=========================== -Before setup cluster for ingress purposes DNS cluster IP and ingress provider should be configured and follwing: +========================== +Before setup cluster for ingress purposes DNS cluster IP and ingress provider +should be configured and following: .. code-block:: yaml - <...> - restore: - restore: false - snapshot_name: "" - ingress: - provider: none - dns: - provider: coredns - upstreamnameservers: - - <custer_dns_ip>:31555 - -Where the <cluster_dns_ip> should be set to the same IP as the CONTROLPANE node. - -For external load balacer purposes minimum one of the worker node should be configured with external IP -address accessible outside the cluster. It can be done using the following example node configuration: + + --- + <...> + restore: + restore: false + snapshot_name: "" + ingress: + provider: none + dns: + provider: coredns + upstreamnameservers: + - <custer_dns_ip>:31555 + +Where the <cluster_dns_ip> should be set to the same IP as the CONTROLPANE +node. + +For external load balancer purposes, minimum one of the worker node should be +configured with external IP address accessible outside the cluster. It can be +done using the following example node configuration: .. code-block:: yaml - <...> - - address: <external_ip> - internal_address: <internal_ip> - port: "22" - role: - - worker - hostname_override: "onap-worker-0" - user: ubuntu - ssh_key_path: "~/.ssh/id_rsa" - <...> -Where the <external_ip> is external worker node IP address, and <internal_ip> is internal node IP address if it is required + --- + <...> + - address: <external_ip> + internal_address: <internal_ip> + port: "22" + role: + - worker + hostname_override: "onap-worker-0" + user: ubuntu + ssh_key_path: "~/.ssh/id_rsa" + <...> +Where the <external_ip> is external worker node IP address, and <internal_ip> +is internal node IP address if it is required. -DNS server configuration and instalation -======================== -DNS server deployed on the Kubernetes cluster makes it easy to use services exposed through ingress controller because it -resolves all subdomain related to the onap cluster to the load balancer IP. -Testing ONAP cluster requires a lot of entries on the target machines in the /etc/hosts. -Adding many entries into the configuration files on testing machines is quite problematic and error prone. -The better wait is to create central DNS server with entries for all virtual host pointed to simpledemo.onap.org and add custom DNS server as a target DNS server for testing machines and/or as external DNS for kubernetes cluster. +DNS server configuration and installation +========================================= +DNS server deployed on the Kubernetes cluster makes it easy to use services +exposed through ingress controller because it resolves all subdomain related to +the ONAP cluster to the load balancer IP. Testing ONAP cluster requires a lot +of entries on the target machines in the /etc/hosts. Adding many entries into +the configuration files on testing machines is quite problematic and error +prone. The better wait is to create central DNS server with entries for all +virtual host pointed to simpledemo.onap.org and add custom DNS server as a +target DNS server for testing machines and/or as external DNS for Kubernetes +cluster. -DNS server has automatic instalation and configuration script, so instalation is quite easy:: +DNS server has automatic installation and configuration script, so installation +is quite easy:: - > cd kubernetes/contrib/dns-server-for-vhost-ingress-testing + > cd kubernetes/contrib/dns-server-for-vhost-ingress-testing - > ./deploy\_dns.sh + > ./deploy\_dns.sh After DNS deploy you need to setup DNS entry on the target testing machine. Because DNS listen on non standard port configuration require iptables rules -on the target machine. Please follow the configuation proposed by the deploy scripts +on the target machine. Please follow the configuration proposed by the deploy +scripts. Example output depends on the IP address and example output looks like bellow:: - - DNS server already deployed: - 1. You can add the DNS server to the target machine using following commands: - sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555 - sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555 - sudo sysctl -w net.ipv4.conf.all.route_localnet=1 - sudo sysctl -w net.ipv4.ip_forward=1 - 2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine + DNS server already deployed: + 1. You can add the DNS server to the target machine using following commands: + sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555 + sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555 + sudo sysctl -w net.ipv4.conf.all.route_localnet=1 + sudo sysctl -w net.ipv4.ip_forward=1 + 2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine -MetalLB Load Balancer instalation and configuration +MetalLB Load Balancer installation and configuration ==================================================== -By default pure Kubernetes cluster requires external load balancer if we want to expose -external port using LoadBalancer settings. For this purpose MetalLB can be used. -Before installing the MetalLB you need to ensure that at least one worker has assigned IP acessible outside the cluster. +By default pure Kubernetes cluster requires external load balancer if we want +to expose external port using LoadBalancer settings. For this purpose MetalLB +can be used. Before installing the MetalLB you need to ensure that at least one +worker has assigned IP accessible outside the cluster. -MetalLB Load balanancer can be easily installed using automatic install script:: +MetalLB Load balancer can be easily installed using automatic install script:: - > cd kubernetes/contrib/metallb-loadbalancer-inst + > cd kubernetes/contrib/metallb-loadbalancer-inst - > ./install-metallb-on-cluster.sh + > ./install-metallb-on-cluster.sh -Configuration NGINX ingress controller +Configuration Ngninx ingress controller ======================================= -After installation DNS server and ingress controller we can install and configure ingress controller. +After installation DNS server and ingress controller we can install and +configure ingress controller. It can be done using the following commands:: - > cd kubernetes/contrib/ingress-nginx-post-inst + > cd kubernetes/contrib/ingress-nginx-post-inst - > kubectl apply -f nginx_ingress_cluster_config.yaml + > kubectl apply -f nginx_ingress_cluster_config.yaml - > kubectl apply -f nginx_ingress_enable_optional_load_balacer_service.yaml + > kubectl apply -f nginx_ingress_enable_optional_load_balacer_service.yaml -After deploy NGINX ingress controller you can ensure that the ingress port is exposed as load balancer service -with external IP address:: +After deploy NGINX ingress controller you can ensure that the ingress port is +exposed as load balancer service with external IP address:: - > kubectl get svc -n ingress-nginx - NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE - default-http-backend ClusterIP 10.10.10.10 <none> 80/TCP 25h - ingress-nginx LoadBalancer 10.10.10.11 10.12.13.14 80:31308/TCP,443:30314/TCP 24h + > kubectl get svc -n ingress-nginx + NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE + default-http-backend ClusterIP 10.10.10.10 <none> 80/TCP 25h + ingress-nginx LoadBalancer 10.10.10.11 10.12.13.14 80:31308/TCP,443:30314/TCP 24h ONAP with ingress exposed services -===================================== -If you want to deploy onap with services exposed through ingress controller you can use full onap deploy script:: - > onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml +================================== +If you want to deploy onap with services exposed through ingress controller you +can use full onap deploy script:: + + > onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml Ingress also can be enabled on any onap setup override using following code: .. code-block:: yaml - <...> - #ingress virtualhost based configuration - global: - <...> - ingress: - enabled: true + + --- + <...> + #ingress virtualhost based configuration + global: + <...> + ingress: + enabled: true diff --git a/docs/oom_setup_kubernetes_rancher.rst b/docs/oom_setup_kubernetes_rancher.rst index de6324e585..eea46c0e51 100644 --- a/docs/oom_setup_kubernetes_rancher.rst +++ b/docs/oom_setup_kubernetes_rancher.rst @@ -1,6 +1,7 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. This work is licensed under a Creative Commons Attribution 4.0 +.. International License. .. http://creativecommons.org/licenses/by/4.0 -.. Copyright 2018 Amdocs, Bell Canada +.. Copyright 2018-2020 Amdocs, Bell Canada, Orange, Samsung .. Links .. _HELM Best Practices Guide: https://docs.helm.sh/chart_best_practices/#requirements @@ -19,9 +20,9 @@ ONAP on HA Kubernetes Cluster ############################# -This guide provides instructions on how to setup a Highly-Available Kubernetes Cluster. -For this, we are hosting our cluster on OpenStack VMs and using the Rancher Kubernetes Engine (RKE) -to deploy and manage our Kubernetes Cluster. +This guide provides instructions on how to setup a Highly-Available Kubernetes +Cluster. For this, we are hosting our cluster on OpenStack VMs and using the +Rancher Kubernetes Engine (RKE) to deploy and manage our Kubernetes Cluster. .. contents:: :depth: 1 @@ -40,12 +41,14 @@ The result at the end of this tutorial will be: #. Installation and configuration of kubectl -#. Installation and configuration of helm +#. Installation and configuration of Helm #. Creation of an NFS Server to be used by ONAP as shared persistance -There are many ways one can execute the above steps. Including automation through the use of HEAT to setup the OpenStack VMs. -To better illustrate the steps involved, we have captured the manual creation of such an environment using the ONAP Wind River Open Lab. +There are many ways one can execute the above steps. Including automation +through the use of HEAT to setup the OpenStack VMs. To better illustrate the +steps involved, we have captured the manual creation of such an environment +using the ONAP Wind River Open Lab. Create Key Pair =============== @@ -57,10 +60,12 @@ Use an existing key pair, import one or create a new one to assign. .. image:: images/keys/key_pair_1.png .. Note:: - If you're creating a new Key Pair, ensure to create a local copy of the Private Key through the use of "Copy Private Key to Clipboard". + If you're creating a new Key Pair, ensure to create a local copy of the + Private Key through the use of "Copy Private Key to Clipboard". For the purpose of this guide, we will assume a new local key called "onap-key" -has been downloaded and is copied into **~/.ssh/**, from which it can be referenced. +has been downloaded and is copied into **~/.ssh/**, from which it can be +referenced. Example:: @@ -175,16 +180,17 @@ Launch Instance Create Kubernetes Worker VMs ============================ The following instructions describe how to create OpenStack VMs to host the -Highly-Available Kubernetes Workers. ONAP workloads will only be scheduled on these nodes. +Highly-Available Kubernetes Workers. ONAP workloads will only be scheduled on +these nodes. Launch new VM instances ----------------------- -The number and size of Worker VMs is depenedent on the size of the ONAP deployment. -By default, all ONAP applications are deployed. It's possible to customize the deployment -and enable a subset of the ONAP applications. For the purpose of this guide, however, -we will deploy 12 Kubernetes Workers that have been sized to handle the entire ONAP -application workload. +The number and size of Worker VMs is dependent on the size of the ONAP +deployment. By default, all ONAP applications are deployed. It's possible to +customize the deployment and enable a subset of the ONAP applications. For the +purpose of this guide, however, we will deploy 12 Kubernetes Workers that have +been sized to handle the entire ONAP application workload. .. image:: images/wk_vms/worker_1.png @@ -223,8 +229,8 @@ Assign the key pair that was created/selected previously (e.g. onap_key). Apply customization script for Kubernetes VM(s) ----------------------------------------------- -Click :download:`openstack-k8s-workernode.sh <openstack-k8s-workernode.sh>` to download the -script. +Click :download:`openstack-k8s-workernode.sh <openstack-k8s-workernode.sh>` to +download the script. .. literalinclude:: openstack-k8s-workernode.sh :language: bash @@ -347,8 +353,8 @@ Download and install kubectl. Binaries can be found here for Linux and Mac: https://storage.googleapis.com/kubernetes-release/release/v1.15.11/bin/linux/amd64/kubectl https://storage.googleapis.com/kubernetes-release/release/v1.15.11/bin/darwin/amd64/kubectl -You only need to install kubectl where you'll launch kubernetes command. This -can be any machines of the kubernetes cluster or a machine that has IP access +You only need to install kubectl where you'll launch Kubernetes command. This +can be any machines of the Kubernetes cluster or a machine that has IP access to the APIs. Usually, we use the first controller as it has also access to internal Kubernetes services, which can be convenient. @@ -460,8 +466,8 @@ Assign the key pair that was created/selected previously (e.g. onap_key). Apply customization script for NFS Server VM -------------------------------------------- -Click :download:`openstack-nfs-server.sh <openstack-nfs-server.sh>` to download the -script. +Click :download:`openstack-nfs-server.sh <openstack-nfs-server.sh>` to download +the script. .. literalinclude:: openstack-nfs-server.sh :language: bash @@ -516,7 +522,7 @@ the NFS Master node as input, e.g.:: ONAP Deployment via OOM ======================= -Now that kubernetes and Helm are installed and configured you can prepare to +Now that Kubernetes and Helm are installed and configured you can prepare to deploy ONAP. Follow the instructions in the README.md_ or look at the official documentation to get started: diff --git a/docs/oom_user_guide.rst b/docs/oom_user_guide.rst index 847795dc17..74f24dab62 100644 --- a/docs/oom_user_guide.rst +++ b/docs/oom_user_guide.rst @@ -1,6 +1,7 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. This work is licensed under a Creative Commons Attribution 4.0 +.. International License. .. http://creativecommons.org/licenses/by/4.0 -.. Copyright 2018 Amdocs, Bell Canada +.. Copyright 2018-2020 Amdocs, Bell Canada, Orange, Samsung .. _oom_user_guide: .. Links @@ -36,7 +37,8 @@ The following sections describe the life-cycle operations: - Monitor_ - real-time health monitoring feeding to a Consul UI and Kubernetes - Heal_- failed ONAP containers are recreated automatically - Scale_ - cluster ONAP services to enable seamless scaling -- Upgrade_ - change-out containers or configuration with little or no service impact +- Upgrade_ - change-out containers or configuration with little or no service + impact - Delete_ - cleanup individual containers or entire deployments .. figure:: oomLogoV2-Deploy.png @@ -137,7 +139,11 @@ To get a list of all of the available Helm chart repositories:: Then build your local Helm repository:: - > make SKIP_LINT=TRUE all + > make SKIP_LINT=TRUE [HELM_BIN=<HELM_PATH>] all + +`HELM_BIN` + Sets the helm binary to be used. The default value use helm from PATH. Allow the user to have + multiple version of helm in operating system and choose which one to use. The Helm search command reads through all of the repositories configured on the system, and looks for matches:: @@ -365,19 +371,19 @@ Accessing the ONAP Portal using OOM and a Kubernetes Cluster ------------------------------------------------------------ The ONAP deployment created by OOM operates in a private IP network that isn't -publicly accessible (i.e. Openstack VMs with private internal network) which +publicly accessible (i.e. OpenStack VMs with private internal network) which blocks access to the ONAP Portal. To enable direct access to this Portal from a user's own environment (a laptop etc.) the portal application's port 8989 is exposed through a `Kubernetes LoadBalancer`_ object. Typically, to be able to access the Kubernetes nodes publicly a public address -is assigned. In Openstack this is a floating IP address. +is assigned. In OpenStack this is a floating IP address. When the `portal-app` chart is deployed a Kubernetes service is created that instantiates a load balancer. The LB chooses the private interface of one of the nodes as in the example below (10.0.0.4 is private to the K8s cluster only). Then to be able to access the portal on port 8989 from outside the K8s & -Openstack environment, the user needs to assign/get the floating IP address that +OpenStack environment, the user needs to assign/get the floating IP address that corresponds to the private IP as follows:: > kubectl -n onap get services|grep "portal-app" @@ -386,7 +392,7 @@ corresponds to the private IP as follows:: In this example, use the 10.0.0.4 private address as a key find the corresponding public address which in this example is 10.12.6.155. If you're -using OpenStack you'll do the lookup with the horizon GUI or the Openstack CLI +using OpenStack you'll do the lookup with the horizon GUI or the OpenStack CLI for your tenant (openstack server list). That IP is then used in your `/etc/hosts` to map the fixed DNS aliases required by the ONAP Portal as shown below:: @@ -451,8 +457,8 @@ Monitor All highly available systems include at least one facility to monitor the health of components within the system. Such health monitors are often used as -inputs to distributed coordination systems (such as etcd, zookeeper, or consul) -and monitoring systems (such as nagios or zabbix). OOM provides two mechanisms +inputs to distributed coordination systems (such as etcd, Zookeeper, or Consul) +and monitoring systems (such as Nagios or Zabbix). OOM provides two mechanisms to monitor the real-time health of an ONAP deployment: - a Consul GUI for a human operator or downstream monitoring systems and @@ -609,7 +615,7 @@ Kubernetes and replaced with a new container with the new environment value. To upgrade a component to a new version with a new configuration file enter:: - > helm deploy onbap onap/so --version 2.0.2 -f environments/demo.yaml + > helm deploy onap onap/so --version 2.0.2 -f environments/demo.yaml To fetch release history enter:: diff --git a/docs/release-notes-dublin.rst b/docs/release-notes-dublin.rst index 6201f56350..e948af5ebb 100644 --- a/docs/release-notes-dublin.rst +++ b/docs/release-notes-dublin.rst @@ -26,10 +26,12 @@ Summary **Platform Resiliency** * Documenation of a Highly-Available Kubernetes Cluster Deployment -* Availability of a Default Storage Class Provisioner for improved Persistent Storage resiliency +* Availability of a Default Storage Class Provisioner for improved Persistent + Storage resiliency * Availability of a CNI reference integration for Multi-site support - * applications can take advantage of multi-site by using POD and/or Node (anti)affinity, taints/tolerations, labels per application + * applications can take advantage of multi-site by using POD and/or Node + (anti)affinity, taints/tolerations, labels per application **Footprint Optimization** diff --git a/docs/release-notes-elalto.rst b/docs/release-notes-elalto.rst index f23751d0ed..435889ef32 100644 --- a/docs/release-notes-elalto.rst +++ b/docs/release-notes-elalto.rst @@ -24,7 +24,8 @@ Version 5.0.1 (El Alto Release) Summary ------- -The focus of this release was on maintanence and as such no new features were delivered. +The focus of this release was on maintanence and as such no new features were +delivered. A list of issues resolved in this release can be found here: https://jira.onap.org/projects/OOM/versions/10726 **New Features** diff --git a/docs/release-notes.rst b/docs/release-notes.rst index 5570d4d722..382b49961d 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -133,7 +133,7 @@ Workarounds version 2.2.2 in global part of override file if the new check is needed. - `OOM-2421 <https://jira.onap.org/browse/OOM-2421>`_ Workaround is to undeploy/redeploy NBI. -- `OOM-2422 <https://jira.onap.org/browse/OOM-2421>`_ Workaround is to create +- `OOM-2422 <https://jira.onap.org/browse/OOM-2422>`_ Workaround is to create first portal app service with service type Cluster IP then changing it to NodePort or LoadBalancer so all the port are available. diff --git a/kubernetes/Makefile b/kubernetes/Makefile index b25381fd81..08b028afe1 100644 --- a/kubernetes/Makefile +++ b/kubernetes/Makefile @@ -19,9 +19,15 @@ ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) OUTPUT_DIR := $(ROOT_DIR)/dist PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets +HELM_BIN := helm +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") +# use this if you would like to push onap charts to repo with other name +# WARNING: Helm v3+ only +# WARNING: Make sure to edit also requirements files +HELM_REPO := local ifneq ($(SKIP_LINT),TRUE) - HELM_LINT_CMD := helm lint + HELM_LINT_CMD := $(HELM_BIN) lint else HELM_LINT_CMD := echo "Skipping linting of" endif @@ -30,9 +36,9 @@ SUBMODS := robot aai EXCLUDES := config oneclick readiness test dist helm $(PARENT_CHART) dcae $(SUBMODS) HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) $(PARENT_CHART) -.PHONY: $(EXCLUDES) $(HELM_CHARTS) +.PHONY: $(EXCLUDES) $(HELM_CHARTS) check-for-staging-images -all: $(COMMON_CHARTS_DIR) $(SUBMODS) $(HELM_CHARTS) plugins +all: $(COMMON_CHARTS_DIR) $(SUBMODS) $(HELM_CHARTS) helm-repo-update plugins $(COMMON_CHARTS): @echo "\n[$@]" @@ -58,15 +64,19 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi - @helm repo index $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME $(HELM_REPO); fi +else + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) +endif clean: @rm -f */requirements.lock @@ -75,19 +85,30 @@ clean: # publish helm plugins via distrubtion directory plugins: - @cp -R helm $(PACKAGE_DIR)/ + @cp -R $(HELM_BIN) $(PACKAGE_DIR)/ # start up a local helm repo to serve up helm chart packages +# WARNING: Only helm < v3 supported repo: @mkdir -p $(PACKAGE_DIR) - @helm serve --repo-path $(PACKAGE_DIR) & + @$(HELM_BIN) serve --repo-path $(PACKAGE_DIR) & @sleep 3 - @helm repo index $(PACKAGE_DIR) - @helm repo add local http://127.0.0.1:8879 + @$(HELM_BIN) repo index $(PACKAGE_DIR) + @$(HELM_BIN) repo add local http://127.0.0.1:8879 # stop local helm repo +# WARNING: Only helm < v3 supported repo-stop: - @pkill helm - @helm repo remove local + @pkill $(HELM_BIN) + @$(HELM_BIN) repo remove local + +check-for-staging-images: + $(ROOT_DIR)/contrib/tools/check-for-staging-images.sh + +helm-repo-update: +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @$(HELM_BIN) repo update +endif + %: @: diff --git a/kubernetes/aaf/components/aaf-cert-service/.helmignore b/kubernetes/a1policymanagement/.helmignore index 50af031725..50af031725 100644 --- a/kubernetes/aaf/components/aaf-cert-service/.helmignore +++ b/kubernetes/a1policymanagement/.helmignore diff --git a/kubernetes/a1policymanagement/Chart.yaml b/kubernetes/a1policymanagement/Chart.yaml new file mode 100644 index 0000000000..ba51af4c6c --- /dev/null +++ b/kubernetes/a1policymanagement/Chart.yaml @@ -0,0 +1,21 @@ +################################################################################ +# Copyright (c) 2020 Nordix Foundation. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +appVersion: "1.0.0" +description: A Helm chart for A1 Policy Management Service +name: a1policymanagement +version: 6.0.0 diff --git a/kubernetes/a1policymanagement/requirements.yaml b/kubernetes/a1policymanagement/requirements.yaml new file mode 100644 index 0000000000..7257fcf4f3 --- /dev/null +++ b/kubernetes/a1policymanagement/requirements.yaml @@ -0,0 +1,23 @@ +################################################################################ +# Copyright (c) 2020 Nordix Foundation. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/a1policymanagement/resources/config/application_configuration.json b/kubernetes/a1policymanagement/resources/config/application_configuration.json new file mode 100644 index 0000000000..64c42e6cd1 --- /dev/null +++ b/kubernetes/a1policymanagement/resources/config/application_configuration.json @@ -0,0 +1,39 @@ +{ + "config": { + "controller": [ + { + "name": "controller1", + "baseUrl": "{{ .Values.sdncLink }}", + "userName": "${A1CONTROLLER_USER}", + "password": "${A1CONTROLLER_PASSWORD}" + } + ], + "ric": [ + { + "name": "ric1", + "baseUrl": "{{ .Values.ricLink }}", + "controller": "controller1", + "managedElementIds": [ + "kista_1", + "kista_2" + ] + } + ], + "streams_publishes": { + "dmaap_publisher": { + "type": "message_router", + "dmaap_info": { + "topic_url": "{{ .Values.streamPublish }}" + } + } + }, + "streams_subscribes": { + "dmaap_subscriber": { + "type": "message_router", + "dmaap_info": { + "topic_url": "{{ .Values.streamSubscribe }}" + } + } + } + } +} diff --git a/kubernetes/a1policymanagement/resources/envsubst/daemon.sh b/kubernetes/a1policymanagement/resources/envsubst/daemon.sh new file mode 100644 index 0000000000..6d239f1ec8 --- /dev/null +++ b/kubernetes/a1policymanagement/resources/envsubst/daemon.sh @@ -0,0 +1,30 @@ +#!/bin/sh +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +terminate() { + echo "$(date) | INFO | Terminating child processes" + pids="$(jobs -p)" + if [ "$pids" != "" ]; then + kill -TERM $pids >/dev/null 2>/dev/null + fi + wait +} + +trap terminate TERM +echo "$(date) | INFO | Started monitoring /config-input/ directory" +inotifyd /tmp/scripts/update_files /config-input/ & +wait diff --git a/kubernetes/a1policymanagement/resources/envsubst/update_files b/kubernetes/a1policymanagement/resources/envsubst/update_files new file mode 100644 index 0000000000..754bb55432 --- /dev/null +++ b/kubernetes/a1policymanagement/resources/envsubst/update_files @@ -0,0 +1,27 @@ +#!/bin/sh +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +if [ "$1" == "y" ] && [ "$3" == "..data" ]; then + echo "$(date) | INFO | Configmap has been reloaded" + cd /config-input + for file in $(ls -1); do + if [ "$file" -nt "/config/$file" ]; then + echo "$(date) | INFO | Templating /config/$file" + envsubst <$file >/config/$file + fi + done +fi diff --git a/kubernetes/a1policymanagement/templates/configmap.yaml b/kubernetes/a1policymanagement/templates/configmap.yaml new file mode 100644 index 0000000000..e84beac2ab --- /dev/null +++ b/kubernetes/a1policymanagement/templates/configmap.yaml @@ -0,0 +1,24 @@ +{{/* +################################################################################ +# Copyright (c) 2020 Nordix Foundation. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} + name: {{ include "common.fullname" . }}-policy-conf +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/a1policymanagement/templates/deployment.yaml b/kubernetes/a1policymanagement/templates/deployment.yaml new file mode 100644 index 0000000000..ce2e2732e6 --- /dev/null +++ b/kubernetes/a1policymanagement/templates/deployment.yaml @@ -0,0 +1,103 @@ +{{/* +################################################################################ +# Copyright (c) 2020 Nordix Foundation. # +# Copyright © 2020 Samsung Electronics, Modifications # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +*/}} + +kind: Deployment +apiVersion: apps/v1 +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: {{ index .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: + labels: {{- include "common.labels" . | nindent 8 }} + spec: + initContainers: + - name: {{ include "common.name" . }}-bootstrap-config + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; chmod o+w /config/${PFILE}; done" + env: + - name: A1CONTROLLER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }} + - name: A1CONTROLLER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: {{ include "common.fullname" . }}-policy-conf-input + - mountPath: /config + name: config + containers: + - name: {{ include "common.name" . }}-update-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + runAsGroup: {{ .Values.groupID }} + runAsUser: {{ .Values.userID }} + runAsNonRoot: true + command: + - sh + args: + - /tmp/scripts/daemon.sh + env: + - name: A1CONTROLLER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }} + - name: A1CONTROLLER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /tmp/scripts + name: {{ include "common.fullname" . }}-envsubst-scripts + - mountPath: /config-input + name: {{ include "common.fullname" . }}-policy-conf-input + - mountPath: /config + name: config + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{ include "common.containerPorts" . | nindent 10 }} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + livenessProbe: + httpGet: + path: /status + port: {{ .Values.liveness.port }} + scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + volumeMounts: + - name: config + mountPath: /opt/app/policy-agent/data + resources: {{ include "common.resources" . | nindent 10 }} + volumes: + - name: {{ include "common.fullname" . }}-policy-conf-input + configMap: + name: {{ include "common.fullname" . }}-policy-conf + defaultMode: 0555 + - name: {{ include "common.fullname" . }}-envsubst-scripts + configMap: + name: {{ include "common.fullname" . }}-envsubst-scripts + - name: config + emptyDir: + medium: Memory diff --git a/kubernetes/a1policymanagement/templates/envsubst-configmap.yaml b/kubernetes/a1policymanagement/templates/envsubst-configmap.yaml new file mode 100644 index 0000000000..99449638f4 --- /dev/null +++ b/kubernetes/a1policymanagement/templates/envsubst-configmap.yaml @@ -0,0 +1,23 @@ +{{/* +################################################################################ +# Copyright © 2020 Samsung Electronics # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +*/}} +apiVersion: v1 +kind: ConfigMap +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} + name: {{ include "common.fullname" . }}-envsubst-scripts +data: +{{ tpl (.Files.Glob "resources/envsubst/*").AsConfig . | indent 2 }} diff --git a/kubernetes/a1policymanagement/templates/secrets.yaml b/kubernetes/a1policymanagement/templates/secrets.yaml new file mode 100644 index 0000000000..55e465c373 --- /dev/null +++ b/kubernetes/a1policymanagement/templates/secrets.yaml @@ -0,0 +1,19 @@ +{{/* +################################################################################ +# Copyright (c) 2020 Nordix Foundation. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/a1policymanagement/templates/service.yaml b/kubernetes/a1policymanagement/templates/service.yaml new file mode 100644 index 0000000000..f13c16105b --- /dev/null +++ b/kubernetes/a1policymanagement/templates/service.yaml @@ -0,0 +1,19 @@ +{{/* +################################################################################ +# Copyright (c) 2020 Nordix Foundation. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +*/}} + +{{ include "common.service" . }} diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml new file mode 100644 index 0000000000..a1602c569c --- /dev/null +++ b/kubernetes/a1policymanagement/values.yaml @@ -0,0 +1,90 @@ +################################################################################ +# Copyright (c) 2020 Nordix Foundation. # +# Copyright © 2020 Samsung Electronics, Modifications # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +# Default values for Policy Management Service. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + nodePortPrefix: 302 + +secrets: + - uid: controller-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.a1controller.credsExternalSecret) . }}' + login: '{{ .Values.a1controller.user }}' + password: '{{ .Values.a1controller.password }}' + passwordPolicy: required + +image: onap/ccsdk-oran-a1policymanagementservice:1.0.1 +userID: 1000 #Should match with image-defined user ID +groupID: 999 #Should match with image-defined group ID +pullPolicy: IfNotPresent +replicaCount: 1 + +service: + type: NodePort + name: a1policymanagement + both_tls_and_plain: true + ports: + - name: api + port: 8433 + plain_port: 8081 + port_protocol: http + nodePort: '94' + +# SDNC Credentials are used here +a1controller: + user: admin + password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + +sdncLink: https://sdnc.onap:8443 +# Add your own A1 Mediator link. Supports both STD & OSC Version. ex. http://<ip>:<port> +# Alternatively you can also use the A1 simulator available in ORAN. It provides STD & OSC Version for A1 termination. +# Refer source code & run in docker container : https://gerrit.o-ran-sc.org/r/admin/repos/sim/a1-interface +# Refer it/dep repo for k8's deployment: https://gerrit.o-ran-sc.org/r/admin/repos/it/dep +ricLink: +streamPublish: http://message-router:3904/events/A1-POLICY-AGENT-WRITE +streamSubscribe: http://message-router:3904/events/A1-POLICY-AGENT-READ/users/policy-agent?timeout=15000&limit=100 + +liveness: + port: api + initialDelaySeconds: 60 + periodSeconds: 10 +readiness: + port: api + initialDelaySeconds: 60 + periodSeconds: 10 + +#Resource Limit flavor -By Default using small +flavor: small + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 2Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 4Gi + unlimited: {} diff --git a/kubernetes/aaf/.helmignore b/kubernetes/aaf/.helmignore index 542b3390d8..7ddbad7ef4 100644 --- a/kubernetes/aaf/.helmignore +++ b/kubernetes/aaf/.helmignore @@ -1,21 +1,22 @@ -# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
\ No newline at end of file +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +components/ diff --git a/kubernetes/aaf/Makefile b/kubernetes/aaf/Makefile index 9396001ebc..764533e624 100644 --- a/kubernetes/aaf/Makefile +++ b/kubernetes/aaf/Makefile @@ -18,6 +18,7 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -32,15 +33,15 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi - @helm repo index $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/aaf/components/Makefile b/kubernetes/aaf/components/Makefile index 2fc0cbe4ab..bf267b7720 100644 --- a/kubernetes/aaf/components/Makefile +++ b/kubernetes/aaf/components/Makefile @@ -18,6 +18,7 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -32,15 +33,15 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi - @helm repo index $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/aaf/components/aaf-cass/requirements.yaml b/kubernetes/aaf/components/aaf-cass/requirements.yaml index 6afaa06e8a..7a4543d57d 100644 --- a/kubernetes/aaf/components/aaf-cass/requirements.yaml +++ b/kubernetes/aaf/components/aaf-cass/requirements.yaml @@ -16,3 +16,6 @@ - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml b/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml index 309a9f38c6..461553c469 100644 --- a/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications © 2020 Orange # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -31,7 +33,7 @@ spec: - | chown -R 1000:1000 /opt/app/aaf/status chown -R 1000:1000 /var/lib/cassandra - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /var/lib/cassandra @@ -45,7 +47,7 @@ spec: memory: 100Mi containers: - name: {{ include "common.name" . }} - image: {{ include "common.repository" . }}/{{ .Values.image }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} # installing with cmd "onap" will not only initialize the DB, but add ONAP bootstrap data as well command: ["/bin/bash","/opt/app/aaf/cass_init/cmd.sh","onap"] diff --git a/kubernetes/aaf/components/aaf-cass/templates/service.yaml b/kubernetes/aaf/components/aaf-cass/templates/service.yaml index 8f80ee12a2..149a8708a6 100644 --- a/kubernetes/aaf/components/aaf-cass/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-cass/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications © 2020 Orange # @@ -12,5 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.service" . }} diff --git a/kubernetes/aaf/components/aaf-cass/values.yaml b/kubernetes/aaf/components/aaf-cass/values.yaml index c5e5811fd1..525674434e 100644 --- a/kubernetes/aaf/components/aaf-cass/values.yaml +++ b/kubernetes/aaf/components/aaf-cass/values.yaml @@ -14,23 +14,10 @@ # limitations under the License. global: nodePortPrefix: 302 - # Readiness image - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - # Ubuntu Init image - ubuntuInitRepository: registry.hub.docker.com - ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 - # Logging image - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - # BusyBox image - busyboxRepository: registry.hub.docker.com - busyboxImage: library/busybox:1.31 persistence: enabled: true # Standard OOM pullPolicy: "Always" - repository: "nexus3.onap.org:10001" flavor: small diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks Binary files differdeleted file mode 100644 index e7da9a7d44..0000000000 --- a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks +++ /dev/null diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks Binary files differdeleted file mode 100644 index f47adb614f..0000000000 --- a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks +++ /dev/null diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12 b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12 Binary files differdeleted file mode 100644 index 9b90af6499..0000000000 --- a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12 +++ /dev/null diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/root.crt b/kubernetes/aaf/components/aaf-cert-service/resources/root.crt deleted file mode 100644 index b5e75dadd6..0000000000 --- a/kubernetes/aaf/components/aaf-cert-service/resources/root.crt +++ /dev/null @@ -1,33 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFnjCCA4agAwIBAgIEDQtWKTANBgkqhkiG9w0BAQwFADB3MQswCQYDVQQGEwJV
-UzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuLUZyYW5jaXNjbzEZ
-MBcGA1UEChMQTGludXgtRm91bmRhdGlvbjENMAsGA1UECxMET05BUDERMA8GA1UE
-AxMIb25hcC5vcmcwHhcNMjAwNzA5MDgwNDE1WhcNMzAwNzA3MDgwNDE1WjB3MQsw
-CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuLUZy
-YW5jaXNjbzEZMBcGA1UEChMQTGludXgtRm91bmRhdGlvbjENMAsGA1UECxMET05B
-UDERMA8GA1UEAxMIb25hcC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
-AoICAQCkxel9G29Hgy9j7cEQ0BGlPrP9s1SF3ADe7f56jTjQd/jFUsN67Da+l9Dt
-vy1yUwPnTr3krpXOHwQKplsuBDMoa0ayRhqUpp6fuSuu/zgGJOQIe7NlJh9FbYfq
-ax0nHO8qtwd+eTUCqkwVfOFZpDFwR7Ss73Z++14Em8TgFiIsTlBV1sa/xRWLT9JL
-Sqnr0tQiUJewO6sCUsis+U7kEf+QCueJAktMxR70rQcAJ2gd/zlnIaoaL4rF+MU8
-xlbEfMK/rxC6jeVm3oJu4ihjDKj1V6PDyEtzjsWQFtM+y6wgd98Kxt+0mHW3mZZ0
-+Ul0fHSE0fRNp8qEMOUKYFbCffWBrMBZaOaUy6FSnnGi8frv7WqJXNiO2lClhsN1
-2yA1HgiorhK9sXjVdwsjTmJhOdvn5sla22+QXrobNflHZHo8JhWHpZ9RbBWAZdaa
-FrEizBoDnkpdaNb2PykYjqPo8D1Y/lOSDOg32wOW50F6bZg3yyQzFe0+PsAPK/u+
-b8THRJhkbXYvcAoDQv785aXoaa0mVg+yAvz6dorchJkViaOvUlNl+DNNKGJb1hWc
-KWLU1SpH7I9QWQYGExFEzsg4Wv2ErGponSoecAm+IM23mn/fhGrwv1r/bl5WR++5
-5nUIAbPysz3yQoMllSsBBOpuSsCLo1KQqQeQxnTwFxLS0Ag2SwIDAQABozIwMDAd
-BgNVHQ4EFgQUff+Pkp90yZtYsNvFGhq6SBdL+f0wDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQwFAAOCAgEAAWzAQxiJb+3WiXnVC0AeQ2GBnj3JNWI13WE1VJ1a
-+hsKAGHk6ACzsGfN0BiGp81Bt/4y+AinWTPI0xnuYqfJHS8/7sEvC7aSzmR0TsuM
-u7xOYCiczoEwlM2YoFt1dRWt+ve6EZgTXzBSm75to7F3HS0dZzRaEKxyOA3ONFHT
-tGgT+u7851qJQvNVwTOt54C7/PZ9Me5y98sosiGbp0USKroJbiMXHzIligp8s1uT
-+Pm581C8YTVHKciR/4fhChu+tx39ZR2p4AoJFjEvgcWqYy+sOyn+Z8sWWLoj3dFk
-xjdpSRLPI771ihGdV2JXwgzN1ei8OvUzrW1a1gLZkZ1ZWtK4rwpJteFh4YW/wuDb
-dKElfqXJITmOEO+uT4cJ5+hGa3rl6asxbEJ6vhy7SZPOzgM1uAjRT1MpBtG/ZPY5
-mOkjzNbjlNsgwJNkuXCi4+3DWNC3QNrIqm825Wdr79TM3kYGfkK/ngargA0z0KYc
-7sF6P0tGo6gLACbx+dO9KFpjBIqVaw9AUwb/IOGm1Yv+QutEISqgDQTKzT0iv2Pt
-eSkR2IzaEvH0VmBnTHoHQwrV7x10cMxhwoA1mRvdt8L+gKC91CbVirIiRGCrJabO
-GiKKZ+pD5kVi9gy7omrjw2kH6Vu4aQGySGBhzpIZ977oO9u+jaTdMHBtladqVvWd
-sIM= ------END CERTIFICATE----- diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks b/kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks Binary files differdeleted file mode 100644 index 90dfcb937c..0000000000 --- a/kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks +++ /dev/null diff --git a/kubernetes/aaf/components/aaf-cm/requirements.yaml b/kubernetes/aaf/components/aaf-cm/requirements.yaml index 08ef7fe836..004107e10f 100644 --- a/kubernetes/aaf/components/aaf-cm/requirements.yaml +++ b/kubernetes/aaf/components/aaf-cm/requirements.yaml @@ -16,6 +16,9 @@ - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' - name: aaf-templates version: ~6.x-0 repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/components/aaf-cm/templates/deployment.yaml b/kubernetes/aaf/components/aaf-cm/templates/deployment.yaml index 5074c8bc08..656aa1746d 100644 --- a/kubernetes/aaf/components/aaf-cm/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-cm/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs # Modifications © 2020 Orange # @@ -12,5 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/components/aaf-cm/templates/service.yaml b/kubernetes/aaf/components/aaf-cm/templates/service.yaml index e54c4f3057..ea95e44497 100644 --- a/kubernetes/aaf/components/aaf-cm/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-cm/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Orange # Modifications © 2020 Orange # @@ -12,5 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.service" . }} diff --git a/kubernetes/aaf/components/aaf-cm/values.yaml b/kubernetes/aaf/components/aaf-cm/values.yaml index 0997c7db41..964b5c1002 100644 --- a/kubernetes/aaf/components/aaf-cm/values.yaml +++ b/kubernetes/aaf/components/aaf-cm/values.yaml @@ -15,25 +15,13 @@ global: nodePortPrefix: 302 - # Readiness image - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - # Ubuntu Init image - ubuntuInitRepository: registry.hub.docker.com - ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 - # Logging image - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - # BusyBox image - busyboxRepository: registry.hub.docker.com - busyboxImage: library/busybox:1.31 persistence: enabled: true # Standard OOM pullPolicy: "Always" - repository: "nexus3.onap.org:10001" aaf: + image: onap/aaf/aaf_core:2.1.23 config: image: onap/aaf/aaf_config:2.1.23 diff --git a/kubernetes/aaf/components/aaf-fs/requirements.yaml b/kubernetes/aaf/components/aaf-fs/requirements.yaml index 08ef7fe836..c7e2dcaa11 100644 --- a/kubernetes/aaf/components/aaf-fs/requirements.yaml +++ b/kubernetes/aaf/components/aaf-fs/requirements.yaml @@ -16,6 +16,9 @@ - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' - name: aaf-templates version: ~6.x-0 - repository: 'file://../aaf-templates' + repository: 'file://../aaf-templates'
\ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-fs/templates/deployment.yaml b/kubernetes/aaf/components/aaf-fs/templates/deployment.yaml index c36750809c..5d40538e49 100644 --- a/kubernetes/aaf/components/aaf-fs/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-fs/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Orange # Modifications © 2020 Orange # @@ -12,5 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/components/aaf-fs/templates/service.yaml b/kubernetes/aaf/components/aaf-fs/templates/service.yaml index e54c4f3057..ea95e44497 100644 --- a/kubernetes/aaf/components/aaf-fs/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-fs/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Orange # Modifications © 2020 Orange # @@ -12,5 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.service" . }} diff --git a/kubernetes/aaf/components/aaf-fs/values.yaml b/kubernetes/aaf/components/aaf-fs/values.yaml index 9bffb95724..e911a10828 100644 --- a/kubernetes/aaf/components/aaf-fs/values.yaml +++ b/kubernetes/aaf/components/aaf-fs/values.yaml @@ -15,25 +15,13 @@ global: nodePortPrefix: 302 - # Readiness image - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - # Ubuntu Init image - ubuntuInitRepository: registry.hub.docker.com - ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 - # Logging image - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - # BusyBox image - busyboxRepository: registry.hub.docker.com - busyboxImage: library/busybox:1.31 persistence: enabled: true # Standard OOM pullPolicy: "Always" - repository: "nexus3.onap.org:10001" aaf: + image: onap/aaf/aaf_core:2.1.23 config: image: onap/aaf/aaf_config:2.1.23 diff --git a/kubernetes/aaf/components/aaf-gui/requirements.yaml b/kubernetes/aaf/components/aaf-gui/requirements.yaml index 08ef7fe836..004107e10f 100644 --- a/kubernetes/aaf/components/aaf-gui/requirements.yaml +++ b/kubernetes/aaf/components/aaf-gui/requirements.yaml @@ -16,6 +16,9 @@ - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' - name: aaf-templates version: ~6.x-0 repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/components/aaf-gui/templates/deployment.yaml b/kubernetes/aaf/components/aaf-gui/templates/deployment.yaml index c36750809c..5d40538e49 100644 --- a/kubernetes/aaf/components/aaf-gui/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-gui/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Orange # Modifications © 2020 Orange # @@ -12,5 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/components/aaf-gui/templates/service.yaml b/kubernetes/aaf/components/aaf-gui/templates/service.yaml index e54c4f3057..ea95e44497 100644 --- a/kubernetes/aaf/components/aaf-gui/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-gui/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Orange # Modifications © 2020 Orange # @@ -12,5 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.service" . }} diff --git a/kubernetes/aaf/components/aaf-gui/values.yaml b/kubernetes/aaf/components/aaf-gui/values.yaml index 8639d6c0f0..e239e615ed 100644 --- a/kubernetes/aaf/components/aaf-gui/values.yaml +++ b/kubernetes/aaf/components/aaf-gui/values.yaml @@ -15,25 +15,13 @@ global: nodePortPrefix: 302 - # Readiness image - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - # Ubuntu Init image - ubuntuInitRepository: registry.hub.docker.com - ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 - # Logging image - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - # BusyBox image - busyboxRepository: registry.hub.docker.com - busyboxImage: library/busybox:1.31 persistence: enabled: true # Standard OOM pullPolicy: "Always" - repository: "nexus3.onap.org:10001" aaf: + image: onap/aaf/aaf_core:2.1.23 config: image: onap/aaf/aaf_config:2.1.23 diff --git a/kubernetes/aaf/components/aaf-hello/requirements.yaml b/kubernetes/aaf/components/aaf-hello/requirements.yaml index 08ef7fe836..004107e10f 100644 --- a/kubernetes/aaf/components/aaf-hello/requirements.yaml +++ b/kubernetes/aaf/components/aaf-hello/requirements.yaml @@ -16,6 +16,9 @@ - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' - name: aaf-templates version: ~6.x-0 repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/components/aaf-hello/templates/deployment.yaml b/kubernetes/aaf/components/aaf-hello/templates/deployment.yaml index 891b829f43..60e7c6bcc8 100644 --- a/kubernetes/aaf/components/aaf-hello/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-hello/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications © 2020 Orange # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment metadata: {{- include "common.resourceMetadata" . | nindent 2 }} @@ -26,7 +28,7 @@ spec: containers: - name: {{ include "common.name" . }} command: ["bash","-c","cd /opt/app/aaf && if [ ! -d /opt/app/osaaf/etc ]; then cp -Rf etc logs /opt/app/osaaf; fi && exec bin/hello"] - image: {{ .Values.global.repository }}/{{.Values.image }} + image: {{ include "repositoryGenerator.repository" . }}/{{.Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: {{ include "common.containerPorts" . | nindent 10 }} volumeMounts: {{ include "common.aaf-config-volume-mountpath" . | nindent 8 }} diff --git a/kubernetes/aaf/components/aaf-hello/templates/secret.yaml b/kubernetes/aaf/components/aaf-hello/templates/secret.yaml index f8c32e0670..9a3f011e80 100644 --- a/kubernetes/aaf/components/aaf-hello/templates/secret.yaml +++ b/kubernetes/aaf/components/aaf-hello/templates/secret.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/aaf/components/aaf-hello/templates/service.yaml b/kubernetes/aaf/components/aaf-hello/templates/service.yaml index 8f80ee12a2..149a8708a6 100644 --- a/kubernetes/aaf/components/aaf-hello/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-hello/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications © 2020 Orange # @@ -12,5 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.service" . }} diff --git a/kubernetes/aaf/components/aaf-locate/requirements.yaml b/kubernetes/aaf/components/aaf-locate/requirements.yaml index 08ef7fe836..004107e10f 100644 --- a/kubernetes/aaf/components/aaf-locate/requirements.yaml +++ b/kubernetes/aaf/components/aaf-locate/requirements.yaml @@ -16,6 +16,9 @@ - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' - name: aaf-templates version: ~6.x-0 repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/components/aaf-locate/templates/deployment.yaml b/kubernetes/aaf/components/aaf-locate/templates/deployment.yaml index 5074c8bc08..656aa1746d 100644 --- a/kubernetes/aaf/components/aaf-locate/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-locate/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs # Modifications © 2020 Orange # @@ -12,5 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/components/aaf-locate/templates/service.yaml b/kubernetes/aaf/components/aaf-locate/templates/service.yaml index e54c4f3057..ea95e44497 100644 --- a/kubernetes/aaf/components/aaf-locate/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-locate/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Orange # Modifications © 2020 Orange # @@ -12,5 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.service" . }} diff --git a/kubernetes/aaf/components/aaf-locate/values.yaml b/kubernetes/aaf/components/aaf-locate/values.yaml index 7bcf10dabb..0a3e4d432b 100644 --- a/kubernetes/aaf/components/aaf-locate/values.yaml +++ b/kubernetes/aaf/components/aaf-locate/values.yaml @@ -15,25 +15,13 @@ global: nodePortPrefix: 302 - # Readiness image - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - # Ubuntu Init image - ubuntuInitRepository: registry.hub.docker.com - ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 - # Logging image - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - # BusyBox image - busyboxRepository: registry.hub.docker.com - busyboxImage: library/busybox:1.31 persistence: enabled: true # Standard OOM pullPolicy: "Always" - repository: "nexus3.onap.org:10001" aaf: + image: onap/aaf/aaf_core:2.1.23 config: image: onap/aaf/aaf_config:2.1.23 diff --git a/kubernetes/aaf/components/aaf-oauth/requirements.yaml b/kubernetes/aaf/components/aaf-oauth/requirements.yaml index 08ef7fe836..004107e10f 100644 --- a/kubernetes/aaf/components/aaf-oauth/requirements.yaml +++ b/kubernetes/aaf/components/aaf-oauth/requirements.yaml @@ -16,6 +16,9 @@ - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' - name: aaf-templates version: ~6.x-0 repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/components/aaf-oauth/templates/deployment.yaml b/kubernetes/aaf/components/aaf-oauth/templates/deployment.yaml index 5074c8bc08..656aa1746d 100644 --- a/kubernetes/aaf/components/aaf-oauth/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-oauth/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs # Modifications © 2020 Orange # @@ -12,5 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/components/aaf-oauth/templates/service.yaml b/kubernetes/aaf/components/aaf-oauth/templates/service.yaml index e54c4f3057..ea95e44497 100644 --- a/kubernetes/aaf/components/aaf-oauth/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-oauth/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Orange # Modifications © 2020 Orange # @@ -12,5 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.service" . }} diff --git a/kubernetes/aaf/components/aaf-oauth/values.yaml b/kubernetes/aaf/components/aaf-oauth/values.yaml index 8771041778..2e9b6d42fa 100644 --- a/kubernetes/aaf/components/aaf-oauth/values.yaml +++ b/kubernetes/aaf/components/aaf-oauth/values.yaml @@ -15,25 +15,13 @@ global: nodePortPrefix: 302 - # Readiness image - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - # Ubuntu Init image - ubuntuInitRepository: registry.hub.docker.com - ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 - # Logging image - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - # BusyBox image - busyboxRepository: registry.hub.docker.com - busyboxImage: library/busybox:1.31 persistence: enabled: true # Standard OOM pullPolicy: "Always" - repository: "nexus3.onap.org:10001" aaf: + image: onap/aaf/aaf_core:2.1.23 config: image: onap/aaf/aaf_config:2.1.23 diff --git a/kubernetes/aaf/components/aaf-service/requirements.yaml b/kubernetes/aaf/components/aaf-service/requirements.yaml index 08ef7fe836..004107e10f 100644 --- a/kubernetes/aaf/components/aaf-service/requirements.yaml +++ b/kubernetes/aaf/components/aaf-service/requirements.yaml @@ -16,6 +16,9 @@ - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' - name: aaf-templates version: ~6.x-0 repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/components/aaf-service/templates/deployment.yaml b/kubernetes/aaf/components/aaf-service/templates/deployment.yaml index 5074c8bc08..656aa1746d 100644 --- a/kubernetes/aaf/components/aaf-service/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-service/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs # Modifications © 2020 Orange # @@ -12,5 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/components/aaf-service/templates/service.yaml b/kubernetes/aaf/components/aaf-service/templates/service.yaml index e54c4f3057..ea95e44497 100644 --- a/kubernetes/aaf/components/aaf-service/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-service/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Orange # Modifications © 2020 Orange # @@ -12,5 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.service" . }} diff --git a/kubernetes/aaf/components/aaf-service/values.yaml b/kubernetes/aaf/components/aaf-service/values.yaml index d924bb4f54..8d8da0db4a 100644 --- a/kubernetes/aaf/components/aaf-service/values.yaml +++ b/kubernetes/aaf/components/aaf-service/values.yaml @@ -15,25 +15,13 @@ global: nodePortPrefix: 302 - # Readiness image - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - # Ubuntu Init image - ubuntuInitRepository: registry.hub.docker.com - ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 - # Logging image - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - # BusyBox image - busyboxRepository: registry.hub.docker.com - busyboxImage: library/busybox:1.31 persistence: enabled: true # Standard OOM pullPolicy: "Always" - repository: "nexus3.onap.org:10001" aaf: + image: onap/aaf/aaf_core:2.1.23 config: image: onap/aaf/aaf_config:2.1.23 diff --git a/kubernetes/aaf/components/aaf-sms/Makefile b/kubernetes/aaf/components/aaf-sms/Makefile new file mode 100644 index 0000000000..4c79718d02 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/aaf/components/aaf-sms/components/Makefile b/kubernetes/aaf/components/aaf-sms/components/Makefile new file mode 100644 index 0000000000..bf267b7720 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/components/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/Chart.yaml index 2dc3d49b66..2dc3d49b66 100644 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml +++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/Chart.yaml diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/requirements.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/requirements.yaml index 7fdc969094..26bc7a64d8 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/requirements.yaml +++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/requirements.yaml @@ -1,4 +1,4 @@ -# Copyright © 2020 Samung Electronics + # Copyright © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,6 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' - - name: mariadb-galera + - name: repositoryGenerator version: ~6.x-0 repository: '@local' diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/resources/config/config.json index 3a43f00019..3a43f00019 100644 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json +++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/resources/config/config.json diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/templates/configmap.yaml index 02f1080f29..471c9094aa 100644 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml +++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright 2018 Intel Corporation, Inc # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/templates/pv.yaml index d855ae6fdf..d855ae6fdf 100644 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml +++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/templates/pv.yaml diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/templates/statefulset.yaml index bf1179d49a..0e9e66dc47 100644 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml +++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright 2018 Intel Corporation, Inc # Modifications © 2020 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet @@ -28,7 +30,7 @@ spec: selector: matchLabels: app: {{ include "common.name" . }} - serviceName: + serviceName: {{ include "common.servicename" . }} template: metadata: labels: @@ -47,14 +49,14 @@ spec: - | chmod -R 775 /quorumclient/auth chown -R 100:1000 /quorumclient/auth - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /quorumclient/auth name: {{ include "common.fullname" . }}-data {{- end }} containers: - - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} name: {{ include "common.name" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/quorumclient/bin/quorumclient"] diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/values.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/values.yaml index 1459624536..d41d31ce82 100644 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/values.yaml +++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/values.yaml @@ -23,7 +23,6 @@ global: # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 image: onap/aaf/smsquorumclient:4.0.2 pullPolicy: Always @@ -39,6 +38,9 @@ nodeSelector: {} affinity: {} +service: + name: aaf-sms + persistence: enabled: true volumeReclaimPolicy: Retain diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/Chart.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/Chart.yaml index 074958ff70..074958ff70 100644 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/Chart.yaml +++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/Chart.yaml diff --git a/kubernetes/aaf/components/aaf-cert-service/requirements.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/requirements.yaml index 6afaa06e8a..26bc7a64d8 100644 --- a/kubernetes/aaf/components/aaf-cert-service/requirements.yaml +++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/requirements.yaml @@ -12,7 +12,10 @@ # See the License for the specific language governing permissions and # limitations under the License. - dependencies: +dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/configmap.yaml index 2c70c23e03..0d09221644 100644 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml +++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright 2018 Intel Corporation, Inc # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/pv.yaml index d855ae6fdf..d855ae6fdf 100644 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml +++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/pv.yaml diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/service.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/service.yaml index a3a7591b02..b642e39540 100644 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright 2018 Intel Corporation, Inc # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/statefulset.yaml index 45bf399437..994e1555d3 100644 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml +++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright 2018 Intel Corporation, Inc # Modifications © 2020 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet @@ -28,7 +30,7 @@ spec: selector: matchLabels: app: {{ include "common.name" . }} - serviceName: + serviceName: {{ include "common.servicename" . }} template: metadata: labels: @@ -45,14 +47,14 @@ spec: - | chmod -R 775 /consul/data chown -R 100:1000 /consul/data - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /consul/data name: {{ include "common.fullname" . }}-data {{- end }} containers: - - image: "{{ include "common.repository" . }}/{{ .Values.image.vault }}" + - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.vault }} name: {{ include "common.name" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} args: ["server"] @@ -67,7 +69,7 @@ spec: readOnly: true resources: {{ include "common.resources" . | indent 10 }} - - image: "{{ include "common.repository" . }}/{{ .Values.image.consul }}" + - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.consul }} name: {{ include "common.name" . }}-backend imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} args: ["agent","-server","-bind","0.0.0.0","-bootstrap-expect=1","-config-file","/consul/config/config.json"] diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/values.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/values.yaml index 7787f0b85d..750363c8f4 100644 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/values.yaml +++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/values.yaml @@ -20,7 +20,6 @@ global: persistence: {} # application image -repository: nexus3.onap.org:10001 image: consul: library/consul:1.7.1 vault: library/vault:1.3.3 diff --git a/kubernetes/aaf/components/aaf-sms/requirements.yaml b/kubernetes/aaf/components/aaf-sms/requirements.yaml index 7152c37ff0..a306ac63bf 100644 --- a/kubernetes/aaf/components/aaf-sms/requirements.yaml +++ b/kubernetes/aaf/components/aaf-sms/requirements.yaml @@ -16,6 +16,15 @@ - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' - name: certInitializer version: ~6.x-0 repository: '@local' + - name: aaf-sms-quorumclient + version: ~6.x-0 + repository: 'file://components/aaf-sms-quorumclient' + - name: aaf-sms-vault + version: ~6.x-0 + repository: 'file://components/aaf-sms-vault' diff --git a/kubernetes/aaf/components/aaf-sms/templates/deployment.yaml b/kubernetes/aaf/components/aaf-sms/templates/deployment.yaml index 2d3b641659..cfe54cf07b 100644 --- a/kubernetes/aaf/components/aaf-sms/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-sms/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright 2018 Intel Corporation, Inc # Modifications © 2020 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -45,7 +47,7 @@ spec: - -c - | cat /int-certs/intermediate_root_ca.pem >> {{ .Values.certInitializer.mountPath }}/local/org.onap.aaf-sms.crt - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }} - mountPath: /int-certs @@ -60,16 +62,16 @@ spec: - | chmod -R 775 /sms/auth chown -R 1000:1000 /sms/auth - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /sms/auth name: {{ include "common.fullname" . }}-auth - name: {{ include "common.name" . }}-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - "aaf-sms-vault" @@ -82,7 +84,7 @@ spec: apiVersion: v1 fieldPath: metadata.namespace containers: - - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }} command: ["/sms/bin/sms"] diff --git a/kubernetes/aaf/components/aaf-sms/templates/job.yaml b/kubernetes/aaf/components/aaf-sms/templates/job.yaml index 315d068676..1341889af3 100644 --- a/kubernetes/aaf/components/aaf-sms/templates/job.yaml +++ b/kubernetes/aaf/components/aaf-sms/templates/job.yaml @@ -25,7 +25,6 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: - replicas: {{ .Values.replicaCount }} template: metadata: labels: @@ -137,14 +136,14 @@ spec: name: {{ include "common.name" . }}-preload-input - mountPath: /config/ name: {{ include "common.name" . }}-preload - image: "{{ .Values.global.envsubstImage }}" + image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config - - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + - image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness command: - - /root/ready.py + - /app/ready.py args: - --container-name - "aaf-sms" @@ -157,7 +156,7 @@ spec: apiVersion: v1 fieldPath: metadata.namespace containers: - - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-preload command: diff --git a/kubernetes/aaf/components/aaf-sms/templates/service.yaml b/kubernetes/aaf/components/aaf-sms/templates/service.yaml index 9c94202fe3..8f30164fec 100644 --- a/kubernetes/aaf/components/aaf-sms/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-sms/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright 2018 Intel Corporation, Inc # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/aaf/components/aaf-sms/values.yaml b/kubernetes/aaf/components/aaf-sms/values.yaml index dccf57ca96..3b777c64f6 100644 --- a/kubernetes/aaf/components/aaf-sms/values.yaml +++ b/kubernetes/aaf/components/aaf-sms/values.yaml @@ -18,10 +18,7 @@ ################################################################# global: nodePortPrefix: 302 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 persistence: {} - envsubstImage: dibi/envsubst aafEnabled: true flavor: small @@ -58,7 +55,6 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 image: onap/aaf/sms:4.0.2 pullPolicy: Always @@ -104,6 +100,11 @@ service: internalPort: 10443 externalPort: 10443 +#define value for aaf-sms-quorumclient subchart +aaf-sms-quorumclient: + service: + name: aaf-sms + persistence: enabled: true volumeReclaimPolicy: Retain diff --git a/kubernetes/aaf/components/aaf-sshsm/Makefile b/kubernetes/aaf/components/aaf-sshsm/Makefile new file mode 100644 index 0000000000..4c79718d02 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/aaf/components/aaf-sshsm/components/Makefile b/kubernetes/aaf/components/aaf-sshsm/components/Makefile new file mode 100644 index 0000000000..bf267b7720 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/components/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/Chart.yaml index 499b82caaf..499b82caaf 100644 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/Chart.yaml diff --git a/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/requirements.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/requirements.yaml new file mode 100644 index 0000000000..771a327656 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/templates/configmap.yaml index 99176fcdf6..8555a3c153 100644 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/templates/configmap.yaml @@ -14,7 +14,7 @@ # limitations under the License. */}} -{{- if .Values.global.distcenter.enabled -}} +{{- if .Values.global.tpm.enabled -}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/templates/deployment.yaml index c624ccfc4d..a2df4e53b9 100644 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/templates/deployment.yaml @@ -14,10 +14,10 @@ # limitations under the License. */}} -{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}} +{{- if .Values.global.tpm.enabled -}} apiVersion: apps/v1 -kind: StatefulSet +kind: Deployment metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: selector: {{- include "common.selectors" . | nindent 4 }} @@ -27,11 +27,11 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + - image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-job-complete command: - - /root/job_complete.py + - /app/ready.py args: - -j - "{{ include "common.fullname" . }}-init" @@ -49,7 +49,7 @@ spec: cpu: 3m memory: 20Mi containers: - - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} name: {{ include "common.name" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/abrmd/bin/run_abrmd.sh"] @@ -67,14 +67,14 @@ spec: resources: {{ include "common.resources" . | nindent 10 }} nodeSelector: {{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end -}} + {{ toYaml .Values.nodeSelector | indent 8 | trim }} + {{- end }} {{- if .Values.global.tpm.enabled }} {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} - {{- end -}} - {{- if .Values.affinity }} - affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} + {{- end }} volumes: - name: localtime hostPath: diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/templates/job.yaml index 23fe79d716..8a8b6bd8fe 100644 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/templates/job.yaml @@ -14,7 +14,7 @@ # limitations under the License. */}} -{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}} +{{- if .Values.global.tpm.enabled -}} apiVersion: batch/v1 kind: Job @@ -27,7 +27,7 @@ spec: restartPolicy: Never containers: - name: {{ include "common.name" . }}-job - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/abrmd/bin/initialize_tpm.sh"] workingDir: /abrmd/bin @@ -48,17 +48,16 @@ spec: - name: {{ include "common.fullname" . }}-tpmconfig mountPath: "/abrmd/cred/" readOnly: true - resources: {{ toYaml .Values.resources | nindent 10 }} + resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} - {{- end -}} {{- if .Values.global.tpm.enabled }} {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} {{- end -}} + {{- end -}} {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} - resources: {{ include "common.resources" . | nindent 10 }} volumes: - name: {{ include "common.fullname" . }}-data persistentVolumeClaim: diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/values.yaml index 2a733632bf..e97519aa3e 100644 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/values.yaml @@ -15,12 +15,18 @@ ################################################################# # Global configuration defaults. ################################################################# +global: + tpm: + enabled: true + # if enabled, nodeselector will use the below + # values in the nodeselector section of the pod + nodeLabel: "tpm-node" + nodeLabelValue: "true" ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 image: onap/aaf/abrmd:4.0.0 pullPolicy: Always diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/Chart.yaml index 22ba3da019..22ba3da019 100644 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/Chart.yaml diff --git a/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/requirements.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/requirements.yaml new file mode 100644 index 0000000000..771a327656 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/configmap.yaml index 8d1faf7e32..2e82f5bd26 100644 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/configmap.yaml @@ -14,12 +14,8 @@ # limitations under the License. */}} -{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}} - apiVersion: v1 kind: ConfigMap metadata: {{- include "common.resourceMetadata" . | nindent 2 }} data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} - -{{- end -}} +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/job.yaml index fb48c7df4a..f74b5c8f2d 100644 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/job.yaml @@ -14,13 +14,10 @@ # limitations under the License. */}} -{{- if .Values.global.distcenter.enabled -}} - apiVersion: batch/v1 kind: Job metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - replicas: {{ .Values.replicaCount }} serviceName: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} @@ -28,11 +25,11 @@ spec: restartPolicy: Never initContainers: {{- if .Values.global.tpm.enabled }} - - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + - image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness command: - - /root/job_complete.py + - /app/ready.py args: - -j - "{{ include "common.release" . }}-aaf-sshsm-abrmd-init" @@ -50,7 +47,7 @@ spec: cpu: 3m memory: 20Mi {{ else }} - - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-gen-passphrase command: ["sh", "-c", "/usr/bin/openssl rand -base64 12 >/distcenter/data/passphrase"] @@ -75,7 +72,7 @@ spec: memory: 20Mi {{- end }} containers: - - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} name: {{ include "common.name" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/entrypoint.sh"] @@ -102,5 +99,3 @@ spec: claimName: {{ include "common.release" . }}-aaf-sshsm imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" - -{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/pv.yaml index bf0ef74be2..22acb2a609 100644 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/pv.yaml @@ -14,6 +14,4 @@ # limitations under the License. */}} -{{- if .Values.global.distcenter.enabled -}} {{ include "common.PV" . }} -{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/pvc.yaml index a13b7f353b..1c7f6ffe4a 100644 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/pvc.yaml @@ -14,6 +14,4 @@ # limitations under the License. */}} -{{- if .Values.global.distcenter.enabled -}} {{ include "common.PVC" . }} -{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/values.yaml index 94791be713..fb42843cb7 100644 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/values.yaml @@ -17,12 +17,13 @@ ################################################################# global: persistence: {} + tpm: + enabled: true ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 image: onap/aaf/distcenter:4.0.0 pullPolicy: Always diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/Chart.yaml index b64e0c331a..b64e0c331a 100644 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/Chart.yaml diff --git a/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/requirements.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/requirements.yaml new file mode 100644 index 0000000000..771a327656 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/templates/job.yaml index a64f483d74..71e7c299bc 100644 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/templates/job.yaml @@ -14,23 +14,20 @@ # limitations under the License. */}} -{{- if .Values.global.testca.enabled -}} - apiVersion: batch/v1 kind: Job metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - replicas: {{ .Values.replicaCount }} template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: restartPolicy: Never initContainers: - - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + - image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-distcenter-ready command: - - /root/job_complete.py + - /app/ready.py args: - -j - "{{ include "common.release" . }}-aaf-sshsm-distcenter" @@ -48,7 +45,7 @@ spec: cpu: 3m memory: 20Mi {{- if .Values.global.tpm.enabled }} - - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-abrmd-ready command: ["sh", "/sshsm/bin/abrmd_ready.sh", "300"] @@ -71,7 +68,7 @@ spec: memory: 20Mi {{- end }} containers: - - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} name: {{ include "common.name" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["./import.sh"] @@ -104,7 +101,7 @@ spec: resources: {{ include "common.resources" . | nindent 10 }} nodeSelector: {{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} + {{ toYaml .Values.nodeSelector | indent 8 | trim }} {{- end -}} {{- if .Values.global.tpm.enabled }} {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} @@ -127,5 +124,3 @@ spec: secretName: {{ include "common.release" . }}-aaf-sshsm imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" - -{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/values.yaml index dd04c93bd7..f116c6d5e9 100644 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/values.yaml @@ -16,13 +16,18 @@ # Global configuration defaults. ################################################################# -enabled: true +global: + tpm: + enabled: true + # if enabled, nodeselector will use the below + # values in the nodeselector section of the pod + nodeLabel: "tpm-node" + nodeLabelValue: "true" ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 image: onap/aaf/testcaservice:4.0.0 pullPolicy: Always diff --git a/kubernetes/aaf/components/aaf-sshsm/requirements.yaml b/kubernetes/aaf/components/aaf-sshsm/requirements.yaml index 0704a2c9df..bb76d59c04 100644 --- a/kubernetes/aaf/components/aaf-sshsm/requirements.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/requirements.yaml @@ -16,3 +16,18 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' + - name: aaf-sshsm-abrmd + version: ~6.x-0 + repository: 'file://components/aaf-sshsm-abrmd' + condition: aaf-sshsm-abrmd.enabled + - name: aaf-sshsm-distcenter + version: ~6.x-0 + repository: 'file://components/aaf-sshsm-distcenter' + condition: aaf-sshsm-distcenter.enabled + - name: aaf-sshsm-testca + version: ~6.x-0 + repository: 'file://components/aaf-sshsm-testca' + condition: aaf-sshsm-testca.testca.enabled diff --git a/kubernetes/aaf/components/aaf-sshsm/templates/secret.yaml b/kubernetes/aaf/components/aaf-sshsm/templates/secret.yaml index 50b6f36cd3..4be63fa18b 100644 --- a/kubernetes/aaf/components/aaf-sshsm/templates/secret.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/templates/secret.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright 2018 Intel Corporation, Inc # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Secret diff --git a/kubernetes/aaf/components/aaf-sshsm/values.yaml b/kubernetes/aaf/components/aaf-sshsm/values.yaml index 30fb0d2f2f..7e8d4f1352 100644 --- a/kubernetes/aaf/components/aaf-sshsm/values.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/values.yaml @@ -18,21 +18,8 @@ ################################################################# global: nodePortPrefix: 302 - # Readiness image - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - # Ubuntu Init image - ubuntuInitRepository: registry.hub.docker.com - ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 - # Logging image - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - # BusyBox image - busyboxRepository: registry.hub.docker.com - busyboxImage: library/busybox:1.31 # Standard OOM pullPolicy: "Always" - repository: "nexus3.onap.org:10001" tpm: enabled: false @@ -40,14 +27,15 @@ global: # values in the nodeselector section of the pod nodeLabel: "tpm-node" nodeLabelValue: "true" - abrmd: - enabled: true - distcenter: - enabled: true - testca: - enabled: true persistence: {} +aaf-sshsm-abrmd: + enabled: true +aaf-sshsm-distcenter: + enabled: true +aaf-sshsm-testca: + enabled: true + persistence: enabled: true data: diff --git a/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl b/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl index bf6931a8e3..25a05a5e2f 100644 --- a/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl +++ b/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl @@ -28,7 +28,7 @@ spec: - name: {{ include "common.name" . }} workingDir: /opt/app/aaf command: ["bin/{{ .Values.binary }}"] - image: {{ include "common.repository" . }}/{{.Values.global.aaf.image}} + image: {{ include "repositoryGenerator.repository" . }}/{{.Values.global.aaf.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: {{ include "common.containerPorts" . | nindent 10 }} volumeMounts: diff --git a/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl b/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl index 43c511fd6d..7cdf4d072e 100644 --- a/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl +++ b/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl @@ -23,7 +23,7 @@ - | chown -R 1000:1000 /opt/app/aaf chown -R 1000:1000 /opt/app/osaaf - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /opt/app/osaaf @@ -39,7 +39,7 @@ {{- define "aaf.podConfiguration" }} - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} + image: {{ include "repositoryGenerator.repository" . }}/{{.Values.global.aaf.config.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /bin/bash @@ -96,7 +96,7 @@ initContainers: {{- if .Values.sequence_order }} - name: {{ include "common.name" . }}-aaf-readiness command: - - /root/ready.py + - /app/ready.py args: {{- range $container := .Values.sequence_order }} - --container-name @@ -108,7 +108,7 @@ initContainers: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: limits: diff --git a/kubernetes/aaf/requirements.yaml b/kubernetes/aaf/requirements.yaml index ccbe14c7a3..7a7103fc09 100644 --- a/kubernetes/aaf/requirements.yaml +++ b/kubernetes/aaf/requirements.yaml @@ -1,6 +1,7 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # Modifications Copyright © 2020 Orange +# Modifications Copyright © 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,9 +19,6 @@ dependencies: - name: aaf-cass version: ~6.x-0 repository: 'file://components/aaf-cass' - - name: aaf-cert-service - version: ~6.x-0 - repository: 'file://components/aaf-cert-service' - name: aaf-cm version: ~6.x-0 repository: 'file://components/aaf-cm' diff --git a/kubernetes/aaf/values.yaml b/kubernetes/aaf/values.yaml index df4dcf3723..9d032b599a 100644 --- a/kubernetes/aaf/values.yaml +++ b/kubernetes/aaf/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications © 2020 AT&T +# Modifications Copyright © 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,27 +20,10 @@ global: nodePortPrefix: 302 - # Readiness image - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - # Ubuntu Init image - ubuntuInitRepository: registry.hub.docker.com - ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 - # Logging image - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - # BusyBox image - busyboxRepository: registry.hub.docker.com - busyboxImage: library/busybox:1.31 persistence: enabled: true # Standard OOM pullPolicy: "Always" - repository: "nexus3.onap.org:10001" - - # Use Local - #pullPolicy: IfNotPresent - #repository: "nexus3.onap.org:10003" cmpv2Enabled: true addTestingComponents: false @@ -76,10 +60,6 @@ global: public_port: 31112 # Note: as hello is a sample app, find values in charts/aaf-hello/values.yaml - certServiceClient: - secret: - name: aaf-cert-service-client-tls-secret - ################################################################# # Application configuration defaults. ################################################################# diff --git a/kubernetes/aai b/kubernetes/aai -Subproject f1e329c458c48530da36dd1c6b38b7548116bd6 +Subproject 540b846831e2053ccdcce9fa620cb7eeb7f5db4 diff --git a/kubernetes/appc/Makefile b/kubernetes/appc/Makefile new file mode 100644 index 0000000000..4c79718d02 --- /dev/null +++ b/kubernetes/appc/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/appc/components/Makefile b/kubernetes/appc/components/Makefile new file mode 100644 index 0000000000..f2e7a1fb82 --- /dev/null +++ b/kubernetes/appc/components/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := soHelpers +HELM_BIN := helm +HELM_CHARTS := soHelpers $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/appc/charts/appc-ansible-server/.helmignore b/kubernetes/appc/components/appc-ansible-server/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/appc/charts/appc-ansible-server/.helmignore +++ b/kubernetes/appc/components/appc-ansible-server/.helmignore diff --git a/kubernetes/appc/charts/appc-ansible-server/Chart.yaml b/kubernetes/appc/components/appc-ansible-server/Chart.yaml index 9c47c9eaef..9c47c9eaef 100644 --- a/kubernetes/appc/charts/appc-ansible-server/Chart.yaml +++ b/kubernetes/appc/components/appc-ansible-server/Chart.yaml diff --git a/kubernetes/appc/charts/appc-ansible-server/requirements.yaml b/kubernetes/appc/components/appc-ansible-server/requirements.yaml index 33afc43aa5..2fa99a9484 100644 --- a/kubernetes/appc/charts/appc-ansible-server/requirements.yaml +++ b/kubernetes/appc/components/appc-ansible-server/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/appc/charts/appc-ansible-server/resources/config/RestServer_config b/kubernetes/appc/components/appc-ansible-server/resources/config/RestServer_config index 8a417fcb1f..dc0859985e 100644 --- a/kubernetes/appc/charts/appc-ansible-server/resources/config/RestServer_config +++ b/kubernetes/appc/components/appc-ansible-server/resources/config/RestServer_config @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} # Host definition ip: 0.0.0.0 diff --git a/kubernetes/appc/charts/appc-ansible-server/templates/configmap.yaml b/kubernetes/appc/components/appc-ansible-server/templates/configmap.yaml index 103bc2fde1..3bfe84c6e7 100644 --- a/kubernetes/appc/charts/appc-ansible-server/templates/configmap.yaml +++ b/kubernetes/appc/components/appc-ansible-server/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/appc/charts/appc-ansible-server/templates/pv.yaml b/kubernetes/appc/components/appc-ansible-server/templates/pv.yaml index b2acf37393..b2acf37393 100644 --- a/kubernetes/appc/charts/appc-ansible-server/templates/pv.yaml +++ b/kubernetes/appc/components/appc-ansible-server/templates/pv.yaml diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/service.yaml b/kubernetes/appc/components/appc-ansible-server/templates/service.yaml index 85f3840002..e952357c4c 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/service.yaml +++ b/kubernetes/appc/components/appc-ansible-server/templates/service.yaml @@ -32,4 +32,4 @@ spec: name: {{ .Values.service.name }} selector: app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + release: {{ include "common.release" . }}
\ No newline at end of file diff --git a/kubernetes/appc/charts/appc-ansible-server/templates/statefulset.yaml b/kubernetes/appc/components/appc-ansible-server/templates/statefulset.yaml index 882372e9c7..0e9e60ab5f 100644 --- a/kubernetes/appc/charts/appc-ansible-server/templates/statefulset.yaml +++ b/kubernetes/appc/components/appc-ansible-server/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet @@ -23,6 +25,7 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: + serviceName: {{ include "common.servicename" . }} selector: matchLabels: app: {{ include "common.name" . }} @@ -35,7 +38,7 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-chown - image: "busybox" + image: {{ include "repositoryGenerator.image.busybox" . }} command: ["sh", "-c", "chown -R {{ .Values.config.ansibleUid }}:{{ .Values.config.ansibleGid}} {{ .Values.persistence.playbookPath }}"] volumeMounts: - mountPath: {{ .Values.persistence.playbookPath }} @@ -44,7 +47,7 @@ spec: - name: {{ include "common.name" . }} command: ["/bin/bash"] args: ["-c", "cd /opt/onap/ccsdk && ./startAnsibleServer.sh"] - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} diff --git a/kubernetes/appc/charts/appc-ansible-server/values.yaml b/kubernetes/appc/components/appc-ansible-server/values.yaml index b6bf77f3f7..1588bc52d6 100644 --- a/kubernetes/appc/charts/appc-ansible-server/values.yaml +++ b/kubernetes/appc/components/appc-ansible-server/values.yaml @@ -17,10 +17,7 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 + persistence: {} ################################################################# # Application configuration defaults. @@ -28,7 +25,6 @@ global: flavor: small # application image -repository: nexus3.onap.org:10001 image: onap/ccsdk-ansible-server-image:0.4.4 pullPolicy: Always diff --git a/kubernetes/appc/charts/appc-cdt/.helmignore b/kubernetes/appc/components/appc-cdt/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/appc/charts/appc-cdt/.helmignore +++ b/kubernetes/appc/components/appc-cdt/.helmignore diff --git a/kubernetes/appc/charts/appc-cdt/Chart.yaml b/kubernetes/appc/components/appc-cdt/Chart.yaml index 3d83bc945c..3d83bc945c 100644 --- a/kubernetes/appc/charts/appc-cdt/Chart.yaml +++ b/kubernetes/appc/components/appc-cdt/Chart.yaml diff --git a/kubernetes/appc/charts/appc-cdt/requirements.yaml b/kubernetes/appc/components/appc-cdt/requirements.yaml index a7089ea6b3..fa92c63e34 100644 --- a/kubernetes/appc/charts/appc-cdt/requirements.yaml +++ b/kubernetes/appc/components/appc-cdt/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/appc/charts/appc-cdt/templates/NOTES.txt b/kubernetes/appc/components/appc-cdt/templates/NOTES.txt index 1a7dbc5d13..1a7dbc5d13 100644 --- a/kubernetes/appc/charts/appc-cdt/templates/NOTES.txt +++ b/kubernetes/appc/components/appc-cdt/templates/NOTES.txt diff --git a/kubernetes/appc/charts/appc-cdt/templates/deployment.yaml b/kubernetes/appc/components/appc-cdt/templates/deployment.yaml index 9cf2a10a38..ebcabf5112 100644 --- a/kubernetes/appc/charts/appc-cdt/templates/deployment.yaml +++ b/kubernetes/appc/components/appc-cdt/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -36,7 +38,7 @@ spec: initContainers: containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /opt/startCdt.sh diff --git a/kubernetes/appc/charts/appc-cdt/templates/ingress.yaml b/kubernetes/appc/components/appc-cdt/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/appc/charts/appc-cdt/templates/ingress.yaml +++ b/kubernetes/appc/components/appc-cdt/templates/ingress.yaml diff --git a/kubernetes/appc/charts/appc-cdt/templates/service.yaml b/kubernetes/appc/components/appc-cdt/templates/service.yaml index 6affc0b421..54e239ebc5 100644 --- a/kubernetes/appc/charts/appc-cdt/templates/service.yaml +++ b/kubernetes/appc/components/appc-cdt/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/appc/charts/appc-cdt/values.yaml b/kubernetes/appc/components/appc-cdt/values.yaml index e8508204bc..b3dab719bd 100644 --- a/kubernetes/appc/charts/appc-cdt/values.yaml +++ b/kubernetes/appc/components/appc-cdt/values.yaml @@ -25,7 +25,6 @@ global: flavor: small # application image -repository: nexus3.onap.org:10001 image: onap/appc-cdt-image:1.7.2 pullPolicy: Always diff --git a/kubernetes/appc/requirements.yaml b/kubernetes/appc/requirements.yaml index d512a7ee08..be72cc2b99 100644 --- a/kubernetes/appc/requirements.yaml +++ b/kubernetes/appc/requirements.yaml @@ -22,3 +22,14 @@ dependencies: - name: dgbuilder version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' + - name: appc-ansible-server + version: ~6.x-0 + repository: 'file://components/appc-ansible-server' + condition: appc-ansible-server.enabled + - name: appc-cdt + version: ~6.x-0 + repository: 'file://components/appc-cdt' + condition: appc-cdt.enabled
\ No newline at end of file diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh index 825f7ab56a..6e35ca894c 100755 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh @@ -1,4 +1,5 @@ #!/bin/bash -x +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} waiting_bundles=$(/opt/opendaylight/current/bin/client bundle:list | grep Waiting | wc -l) run_level=$(/opt/opendaylight/current/bin/client system:start-level) diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/installAppcDb.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/installAppcDb.sh index 46d0e119be..10e538a19a 100755 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/installAppcDb.sh +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/installAppcDb.sh @@ -1,3 +1,4 @@ +{{/* ### # ============LICENSE_START======================================================= # APPC @@ -18,6 +19,7 @@ # limitations under the License. # ============LICENSE_END========================================================= ### +*/}} SDNC_HOME=${SDNC_HOME:-/opt/onap/ccsdk} APPC_HOME=${APPC_HOME:-/opt/onap/appc} diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh index 512f38020b..25a5c319bd 100755 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh @@ -1,4 +1,5 @@ #!/bin/bash -x +{{/* ### # ============LICENSE_START======================================================= @@ -27,6 +28,7 @@ # if not already installed, and starts the APPC Docker Container # #set -x +*/}} function enable_odl_cluster(){ if [ -z $APPC_REPLICAS ]; then diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaiclient.properties b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaiclient.properties index 70285069ff..bf5432163c 100644 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaiclient.properties +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaiclient.properties @@ -1,3 +1,4 @@ +{{/* ### # ============LICENSE_START======================================================= # APPC @@ -26,6 +27,7 @@ # # Certificate keystore and truststore # +*/}} org.onap.ccsdk.sli.adaptors.aai.ssl.trust=/opt/onap/appc/data/stores/truststoreONAPall.jks org.onap.ccsdk.sli.adaptors.aai.ssl.trust.psswd=changeit org.onap.ccsdk.sli.adaptors.aai.ssl.key=/opt/onap/appc/data/stores/truststoreONAPall.jks diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties index 542645683e..9fa4625049 100644 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties @@ -1,3 +1,4 @@ +{{/* ### # ============LICENSE_START======================================================= # APPC @@ -19,6 +20,7 @@ # ============LICENSE_END========================================================= # ECOMP is a trademark and service mark of AT&T Intellectual Property. ### +*/}} ### ### ### Properties for demo ### diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/cadi.properties b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/cadi.properties index 2986ee9e5b..1a2b1f6508 100644 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/cadi.properties +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/cadi.properties @@ -1,3 +1,4 @@ +{{/* ### # ============LICENSE_START======================================================= # APPC @@ -18,6 +19,7 @@ # ============LICENSE_END========================================================= ### #hostname=localhost +*/}} cadi_loglevel=DEBUG cadi_bath_convert=/opt/onap/appc/data/properties/bath_config.csv diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/dblib.properties b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/dblib.properties index 0c54883cd2..3c19fb44e3 100644 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/dblib.properties +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/dblib.properties @@ -1,3 +1,4 @@ +{{/* ### # ============LICENSE_START======================================================= # APPC @@ -18,6 +19,7 @@ # limitations under the License. # ============LICENSE_END========================================================= ### +*/}} # dblib.properrties org.onap.ccsdk.sli.dbtype=jdbc diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/svclogic.properties b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/svclogic.properties index 7bec30d11e..95f672c2e2 100644 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/svclogic.properties +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/svclogic.properties @@ -1,3 +1,4 @@ +{{/* ### # ============LICENSE_START======================================================= # APPC @@ -18,6 +19,7 @@ # limitations under the License. # ============LICENSE_END========================================================= ### +*/}} org.onap.ccsdk.sli.dbtype = dblib #Note : the next 4 fields are only used if org.onap.ccsdk.sli.dbtype = jdbc diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/svclogic/bin/showActiveGraphs.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/svclogic/bin/showActiveGraphs.sh index 79acc4042c..5e5103066b 100755 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/svclogic/bin/showActiveGraphs.sh +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/svclogic/bin/showActiveGraphs.sh @@ -1,3 +1,4 @@ +{{/* ### # ============LICENSE_START======================================================= # APPC @@ -19,6 +20,7 @@ # ============LICENSE_END========================================================= # ECOMP is a trademark and service mark of AT&T Intellectual Property. ### +*/}} MYSQL_USER=${SDNC_DB_USER} MYSQL_PWD=${SDNC_DB_PASSWD} diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/svclogic/config/svclogic.properties b/kubernetes/appc/resources/config/appc/opt/onap/appc/svclogic/config/svclogic.properties index 2a4b4328f4..a6f7f50026 100644 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/svclogic/config/svclogic.properties +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/svclogic/config/svclogic.properties @@ -1,3 +1,4 @@ +{{/* ### # ============LICENSE_START======================================================= # APPC @@ -19,6 +20,7 @@ # ============LICENSE_END========================================================= # ECOMP is a trademark and service mark of AT&T Intellectual Property. ### +*/}} org.onap.ccsdk.sli.dbtype = jdbc org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}} diff --git a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh index 6e9eef33ac..29761a0200 100755 --- a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh +++ b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh @@ -1,4 +1,5 @@ #!/bin/bash +{{/* ### # ============LICENSE_START======================================================= @@ -21,6 +22,7 @@ # limitations under the License. # ============LICENSE_END========================================================= ### +*/}} SDNC_HOME=${SDNC_HOME:-/opt/onap/ccsdk} MYSQL_PASSWD=${MYSQL_ROOT_PASSWORD} diff --git a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/aaiclient.properties b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/aaiclient.properties index 80c470310f..9e76b27acf 100644 --- a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/aaiclient.properties +++ b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/aaiclient.properties @@ -1,3 +1,4 @@ +{{/* ### # ============LICENSE_START======================================================= # APPC @@ -18,6 +19,7 @@ # limitations under the License. # ============LICENSE_END========================================================= ### +*/}} # # Configuration file for A&AI Client diff --git a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/dblib.properties b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/dblib.properties index 5d65be7c28..a46920f001 100644 --- a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/dblib.properties +++ b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/dblib.properties @@ -1,3 +1,4 @@ +{{/* ### # ============LICENSE_START======================================================= # openECOMP : SDN-C @@ -19,6 +20,7 @@ # limitations under the License. # ============LICENSE_END========================================================= ### +*/}} # dblib.properrties org.onap.ccsdk.sli.dbtype=jdbc diff --git a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/svclogic.properties b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/svclogic.properties index 485b935459..a0df862636 100644 --- a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/svclogic.properties +++ b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/svclogic.properties @@ -1,3 +1,4 @@ +{{/* ### # ============LICENSE_START======================================================= # openECOMP : SDN-C @@ -19,6 +20,7 @@ # limitations under the License. # ============LICENSE_END========================================================= ### +*/}} org.onap.ccsdk.sli.dbtype = dblib #Note : the next 4 fields are only used if org.onap.ccsdk.sli.dbtype = jdbc diff --git a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/svclogic/bin/showActiveGraphs.sh b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/svclogic/bin/showActiveGraphs.sh index 9359530a1a..72c5c8f482 100755 --- a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/svclogic/bin/showActiveGraphs.sh +++ b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/svclogic/bin/showActiveGraphs.sh @@ -1,3 +1,4 @@ +{{/* ### # ============LICENSE_START======================================================= # openECOMP : SDN-C @@ -19,6 +20,7 @@ # limitations under the License. # ============LICENSE_END========================================================= ### +*/}} MYSQL_USER=${SDNC_DB_USER} MYSQL_PWD=${SDNC_DB_PASSWD} diff --git a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/svclogic/config/svclogic.properties b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/svclogic/config/svclogic.properties index 1ec9f48758..5be5b8ddab 100644 --- a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/svclogic/config/svclogic.properties +++ b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/svclogic/config/svclogic.properties @@ -1,3 +1,4 @@ +{{/* ### # ============LICENSE_START======================================================= # openECOMP : SDN-C @@ -19,6 +20,7 @@ # limitations under the License. # ============LICENSE_END========================================================= ### +*/}} org.onap.ccsdk.sli.dbtype = jdbc org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}} diff --git a/kubernetes/appc/resources/config/log/filebeat/filebeat.yml b/kubernetes/appc/resources/config/log/filebeat/filebeat.yml index 85293c8275..98df709639 100644 --- a/kubernetes/appc/resources/config/log/filebeat/filebeat.yml +++ b/kubernetes/appc/resources/config/log/filebeat/filebeat.yml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} filebeat.prospectors: #it is mandatory, in our case it's log diff --git a/kubernetes/appc/resources/config/log/org.ops4j.pax.logging.cfg b/kubernetes/appc/resources/config/log/org.ops4j.pax.logging.cfg index e68057f87a..b74cc995fd 100644 --- a/kubernetes/appc/resources/config/log/org.ops4j.pax.logging.cfg +++ b/kubernetes/appc/resources/config/log/org.ops4j.pax.logging.cfg @@ -1,3 +1,4 @@ +{{/* ################################################################################ # # ============LICENSE_START======================================================= @@ -19,6 +20,7 @@ # ============LICENSE_END========================================================= # ################################################################################ +*/}} # Common pattern layout for appenders log4j2.pattern = %d{ISO8601} | %-5p | %-16t | %-32c{1} | %X{bundle.id} - %X{bundle.name} - %X{bundle.version} | %m%n diff --git a/kubernetes/appc/templates/configmap.yaml b/kubernetes/appc/templates/configmap.yaml index fe206a9322..6ebf0b1026 100644 --- a/kubernetes/appc/templates/configmap.yaml +++ b/kubernetes/appc/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/appc/templates/secrets.yaml b/kubernetes/appc/templates/secrets.yaml index c6aeb1e102..3cccd128eb 100644 --- a/kubernetes/appc/templates/secrets.yaml +++ b/kubernetes/appc/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} --- diff --git a/kubernetes/appc/templates/service.yaml b/kubernetes/appc/templates/service.yaml index bd181e1e57..eb95ffc405 100644 --- a/kubernetes/appc/templates/service.yaml +++ b/kubernetes/appc/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/appc/templates/statefulset.yaml b/kubernetes/appc/templates/statefulset.yaml index d9617fd299..208315495b 100644 --- a/kubernetes/appc/templates/statefulset.yaml +++ b/kubernetes/appc/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet @@ -67,13 +69,13 @@ spec: name: onap-sdnc-data-properties - mountPath: /config/sdnc-svclogic-config name: onap-sdnc-svclogic-config - image: "{{ .Values.global.envsubstImage }}" + image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config - name: {{ include "common.name" . }}-readiness command: - - /root/ready.py + - /app/ready.py args: - --container-name - {{.Values.config.mariadbGaleraContName}} @@ -83,17 +85,17 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-chown - image: "busybox" + image: {{ include "repositoryGenerator.image.busybox" . }} command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }}"] volumeMounts: - mountPath: {{ .Values.persistence.mdsalPath }} name: {{ include "common.fullname" . }}-data containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /opt/appc/bin/startODL.sh diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml index 1386a06493..92c9985c35 100644 --- a/kubernetes/appc/values.yaml +++ b/kubernetes/appc/values.yaml @@ -18,13 +18,7 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 centralizedLoggingEnabled: false - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - # envsusbt - envsubstImage: dibi/envsubst persistence: mountPath: /dockerdata-nfs @@ -56,7 +50,6 @@ secrets: ################################################################# flavor: small # application image -repository: nexus3.onap.org:10001 image: onap/appc-image:1.7.2 pullPolicy: Always @@ -112,12 +105,16 @@ config: dmaapServicePassword: onapappc appc-ansible-server: + enabled: true service: name: appc-ansible-server internalPort: 8000 config: mysqlServiceName: appc-dbhost +appc-cdt: + enabled: true + mariadb-galera: nameOverride: appc-db config: @@ -134,6 +131,8 @@ mariadb-galera: dgbuilder: nameOverride: appc-dgbuilder + certInitializer: + nameOverride: appc-dgbuilder-cert-initializer config: db: rootPasswordExternalSecret: '{{ include "common.release" . }}-appc-db-root-pass' diff --git a/kubernetes/cds/Makefile b/kubernetes/cds/Makefile new file mode 100644 index 0000000000..4c79718d02 --- /dev/null +++ b/kubernetes/cds/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/cds/charts/cds-sdc-listener/values.yaml b/kubernetes/cds/charts/cds-sdc-listener/values.yaml deleted file mode 100644 index 30f9451673..0000000000 --- a/kubernetes/cds/charts/cds-sdc-listener/values.yaml +++ /dev/null @@ -1,100 +0,0 @@ -# Copyright (c) 2019 Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -################################################################# -# Global configuration defaults. -################################################################# -global: - # Change to an unused port prefix range to prevent port conflicts - # with other instances running within the same k8s cluster - nodePortPrefix: 302 - - # image repositories - repository: nexus3.onap.org:10001 - - # readiness check - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - - # image pull policy - pullPolicy: Always - - persistence: - mountPath: /dockerdata-nfs - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/ccsdk-sdclistener:0.7.5 -name: sdc-listener -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -config: - appConfigDir: /opt/app/onap/config - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: ClusterIP - http: - portName: cds-sdc-listener-http - internalPort: 8080 - externalPort: 8080 - -persistence: - enabled: true - -ingress: - enabled: false - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory -# Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi diff --git a/kubernetes/cds/components/Makefile b/kubernetes/cds/components/Makefile new file mode 100644 index 0000000000..f2e7a1fb82 --- /dev/null +++ b/kubernetes/cds/components/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := soHelpers +HELM_BIN := helm +HELM_CHARTS := soHelpers $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/cds/charts/cds-blueprints-processor/Chart.yaml b/kubernetes/cds/components/cds-blueprints-processor/Chart.yaml index 64e3a952bc..64e3a952bc 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/Chart.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/Chart.yaml diff --git a/kubernetes/cds/components/cds-blueprints-processor/requirements.yaml b/kubernetes/cds/components/cds-blueprints-processor/requirements.yaml new file mode 100755 index 0000000000..b3805c7e41 --- /dev/null +++ b/kubernetes/cds/components/cds-blueprints-processor/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright (c) 2019 IBM, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/ONAP_RootCA.cer b/kubernetes/cds/components/cds-blueprints-processor/resources/config/ONAP_RootCA.cer index e9a50d7ea0..e9a50d7ea0 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/ONAP_RootCA.cer +++ b/kubernetes/cds/components/cds-blueprints-processor/resources/config/ONAP_RootCA.cer diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties b/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties index 453f906101..a3d32a9a03 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties +++ b/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties @@ -1,3 +1,4 @@ +{{/* # # Copyright (c) 2017-2019 AT&T, IBM, Bell Canada, Nordix Foundation. # @@ -16,6 +17,7 @@ # Web server config ### START -Controller Blueprints Properties # Load Resource Source Mappings +*/}} resourceSourceMappings=processor-db=source-db,input=source-input,default=source-default,sdnc=source-rest,aai-data=source-rest,capability=source-capability,rest=source-rest,vault-data=source-rest,script=source-capability # Blueprint Processor File Execution and Handling Properties @@ -151,3 +153,9 @@ cdslistener.healthcheck.mapping-service-name-with-service-link=[SDC Listener ser #Actuator properties management.endpoints.web.exposure.include=* management.endpoint.health.show-details=always + +#K8s Plugin properties +#Credentials are placeholders as k8s plugin has not authentication atm +blueprintprocessor.k8s.plugin.username=unused +blueprintprocessor.k8s.plugin.password=unused +blueprintprocessor.k8s.plugin.url=http://multicloud-k8s:9015/ diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/error-messages_en.properties b/kubernetes/cds/components/cds-blueprints-processor/resources/config/error-messages_en.properties index ef398784dd..0c657f1b4f 100644 --- a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/error-messages_en.properties +++ b/kubernetes/cds/components/cds-blueprints-processor/resources/config/error-messages_en.properties @@ -1,3 +1,4 @@ +{{/* # # Copyright © 2020 IBM, Bell Canada # @@ -13,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # +*/}} org.onap.ccsdk.cds.blueprintsprocessor.generic_failure=cause=Internal error in Blueprint Processor run time.,action=Contact CDS administrator team. org.onap.ccsdk.cds.blueprintsprocessor.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time. org.onap.ccsdk.cds.blueprintsprocessor.resource_writing_fail=cause=Fail to write resources files.,action=Please reload your files and make sure it is in the right format. diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/hazelcast.yaml b/kubernetes/cds/components/cds-blueprints-processor/resources/config/hazelcast.yaml index 3a3a1ce095..3a3a1ce095 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/hazelcast.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/resources/config/hazelcast.yaml diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/logback.xml b/kubernetes/cds/components/cds-blueprints-processor/resources/config/logback.xml index 349336ee79..88ac8d98df 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/logback.xml +++ b/kubernetes/cds/components/cds-blueprints-processor/resources/config/logback.xml @@ -30,13 +30,13 @@ </encoder> </appender> - <logger name="org.springframework" level="info"/> - <logger name="org.springframework.web" level="info"/> - <logger name="org.springframework.security.web.authentication" level="warn"/> - <logger name="org.hibernate" level="error"/> - <logger name="org.onap.ccsdk.cds" level="info"/> + <logger name="org.springframework" level="{{ .Values.logback.logger.springframework }}"/> + <logger name="org.springframework.web" level="{{ .Values.logback.logger.springframeworkWeb }}"/> + <logger name="org.springframework.security.web.authentication" level="{{ .Values.logback.logger.springframeworkSecurityWebauthentication }}"/> + <logger name="org.hibernate" level="{{ .Values.logback.logger.hibernate }}"/> + <logger name="org.onap.ccsdk.cds" level="{{ .Values.logback.logger.onapCcsdkCds }}"/> - <root level="info"> + <root level="{{ .Values.logback.rootLogLevel }}"> <appender-ref ref="STDOUT"/> </root> diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/configmap.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/configmap.yaml index 873acee237..15f611478b 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/templates/configmap.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright (c) 2019 IBM, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml index dbf531796d..f321e54fd1 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright (c) 2019 IBM, Bell Canada # Copyright (c) 2020 Samsung Electronics # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -67,12 +69,12 @@ spec: subPath: application.properties - mountPath: /config name: processed-config - image: "{{ .Values.global.envsubstImage }}" + image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config - command: - - /root/ready.py + - /app/ready.py args: - --container-name - cds-db @@ -86,7 +88,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - name: fix-permission @@ -95,14 +97,14 @@ spec: - -R - 1000:1000 - /opt/app/onap/blueprints/deploy - image: busybox:latest + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: {{ .Values.persistence.deployedBlueprint }} name: {{ include "common.fullname" . }}-blueprints containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: APP_CONFIG_HOME diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/ingress.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/cds/charts/cds-blueprints-processor/templates/ingress.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/templates/ingress.yaml diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/pv.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/pv.yaml index 6155ee9e28..6155ee9e28 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/templates/pv.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/templates/pv.yaml diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/pvc.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/pvc.yaml index 9da36c85e4..9da36c85e4 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/templates/pvc.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/templates/pvc.yaml diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/secrets.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/secrets.yaml index 34932b713d..34932b713d 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/templates/secrets.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/templates/secrets.yaml diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/service.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/service.yaml index 14c8b22121..5d2e438e1e 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/templates/service.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright (c) 2019 IBM, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml b/kubernetes/cds/components/cds-blueprints-processor/values.yaml index 2de835492f..629b8252cc 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/values.yaml @@ -21,22 +21,12 @@ global: # with other instances running within the same k8s cluster nodePortPrefixExt: 304 - # image repositories - repository: nexus3.onap.org:10001 - - # readiness check - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - # image pull policy pullPolicy: Always persistence: mountPath: /dockerdata-nfs - # envsusbt - envsubstImage: dibi/envsubst - #This configuration specifies Service and port for SDNC OAM interface sdncOamService: sdnc-oam sdncOamPort: 8282 @@ -61,8 +51,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/ccsdk-blueprintsprocessor:0.7.5 +image: onap/ccsdk-blueprintsprocessor:1.0.3 pullPolicy: Always # flag to enable debugging - application support required @@ -82,8 +71,8 @@ config: dbServer: cds-db dbPort: 3306 dbName: sdnctl - # dbUser: sdnctl - # dbPassword: sdnctl + dbUser: sdnctl + dbPassword: sdnctl # dbCredsExternalSecret: <some secret name> # dbRootPassword: password # dbRootPassExternalSecret @@ -159,21 +148,30 @@ ingress: config: ssl: "none" -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi +logback: + rootLogLevel: INFO + logger: + springframework: INFO + springframeworkWeb: INFO + springframeworkSecurityWebauthentication: INFO + hibernate: INFO + onapCcsdkCds: INFO + +flavor: small + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 4Gi + unlimited: {} diff --git a/kubernetes/cds/charts/cds-command-executor/Chart.yaml b/kubernetes/cds/components/cds-command-executor/Chart.yaml index 62fb5629d7..62fb5629d7 100755 --- a/kubernetes/cds/charts/cds-command-executor/Chart.yaml +++ b/kubernetes/cds/components/cds-command-executor/Chart.yaml diff --git a/kubernetes/cds/charts/cds-ui/requirements.yaml b/kubernetes/cds/components/cds-command-executor/requirements.yaml index b33ac701fe..7a0e74bfaf 100644..100755 --- a/kubernetes/cds/charts/cds-ui/requirements.yaml +++ b/kubernetes/cds/components/cds-command-executor/requirements.yaml @@ -15,4 +15,7 @@ dependencies: - name: common version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 repository: '@local'
\ No newline at end of file diff --git a/kubernetes/cds/charts/cds-command-executor/templates/deployment.yaml b/kubernetes/cds/components/cds-command-executor/templates/deployment.yaml index 39f37a4fe8..40238c2513 100755 --- a/kubernetes/cds/charts/cds-command-executor/templates/deployment.yaml +++ b/kubernetes/cds/components/cds-command-executor/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright (c) 2019 Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -35,7 +37,7 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - cds-blueprints-processor @@ -45,12 +47,12 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.grpc.internalPort }} diff --git a/kubernetes/cds/charts/cds-command-executor/templates/service.yaml b/kubernetes/cds/components/cds-command-executor/templates/service.yaml index 7533d83a72..2301902f56 100755 --- a/kubernetes/cds/charts/cds-command-executor/templates/service.yaml +++ b/kubernetes/cds/components/cds-command-executor/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright (c) 2019 Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/cds/charts/cds-command-executor/values.yaml b/kubernetes/cds/components/cds-command-executor/values.yaml index f194c279c9..c9e4354199 100755 --- a/kubernetes/cds/charts/cds-command-executor/values.yaml +++ b/kubernetes/cds/components/cds-command-executor/values.yaml @@ -22,13 +22,6 @@ global: # with other instances running within the same k8s cluster nodePortPrefix: 302 - # image repositories - repository: nexus3.onap.org:10001 - - # readiness check - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - # image pull policy pullPolicy: Always @@ -39,8 +32,7 @@ global: # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/ccsdk-commandexecutor:0.7.5 +image: onap/ccsdk-commandexecutor:1.0.3 pullPolicy: Always # application configuration diff --git a/kubernetes/cds/charts/cds-py-executor/Chart.yaml b/kubernetes/cds/components/cds-py-executor/Chart.yaml index 41b43c34a3..41b43c34a3 100755 --- a/kubernetes/cds/charts/cds-py-executor/Chart.yaml +++ b/kubernetes/cds/components/cds-py-executor/Chart.yaml diff --git a/kubernetes/cds/charts/cds-py-executor/requirements.yaml b/kubernetes/cds/components/cds-py-executor/requirements.yaml index 676fe8f6b2..722ecad6bf 100755 --- a/kubernetes/cds/charts/cds-py-executor/requirements.yaml +++ b/kubernetes/cds/components/cds-py-executor/requirements.yaml @@ -15,4 +15,7 @@ dependencies: - name: common version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 repository: '@local'
\ No newline at end of file diff --git a/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml b/kubernetes/cds/components/cds-py-executor/templates/deployment.yaml index f9c3377dd8..d7b2959fcb 100755 --- a/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml +++ b/kubernetes/cds/components/cds-py-executor/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright (c) 2020 Bell Canada, Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -23,7 +25,7 @@ spec: spec: containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} command: - bash args: @@ -51,9 +53,9 @@ spec: - name: AUTH_TYPE value: {{ .Values.config.authType }} - name: API_USERNAME - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "login") | nindent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-credentials" "key" "login") | nindent 12 }} - name: API_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "password") | nindent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-credentials" "key" "password") | nindent 12 }} - name: LOG_FILE value: {{ .Values.config.logFile }} - name: ARTIFACT_MANAGER_PORT diff --git a/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml b/kubernetes/cds/components/cds-py-executor/templates/secret.yaml index c36607b172..7916b3c233 100644 --- a/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml +++ b/kubernetes/cds/components/cds-py-executor/templates/secret.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright (c) 2020 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }}
\ No newline at end of file diff --git a/kubernetes/cds/charts/cds-py-executor/templates/service.yaml b/kubernetes/cds/components/cds-py-executor/templates/service.yaml index 1267791b6c..095d70d179 100755 --- a/kubernetes/cds/charts/cds-py-executor/templates/service.yaml +++ b/kubernetes/cds/components/cds-py-executor/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright (c) 2020 Bell Canada, Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/cds/charts/cds-py-executor/values.yaml b/kubernetes/cds/components/cds-py-executor/values.yaml index 9dbc5b7ff3..8941909db4 100755 --- a/kubernetes/cds/charts/cds-py-executor/values.yaml +++ b/kubernetes/cds/components/cds-py-executor/values.yaml @@ -20,13 +20,6 @@ global: # with other instances running within the same k8s cluster nodePortPrefix: 302 - # image repositories - repository: nexus3.onap.org:10001 - - # readiness check - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - # image pull policy pullPolicy: Always @@ -37,8 +30,7 @@ global: # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/ccsdk-py-executor:0.7.5 +image: onap/ccsdk-py-executor:1.0.3 pullPolicy: Always # default number of instances diff --git a/kubernetes/cds/charts/cds-sdc-listener/Chart.yaml b/kubernetes/cds/components/cds-sdc-listener/Chart.yaml index 975923ebbe..975923ebbe 100755 --- a/kubernetes/cds/charts/cds-sdc-listener/Chart.yaml +++ b/kubernetes/cds/components/cds-sdc-listener/Chart.yaml diff --git a/kubernetes/cds/charts/cds-sdc-listener/requirements.yaml b/kubernetes/cds/components/cds-sdc-listener/requirements.yaml index b33ac701fe..7a0e74bfaf 100755 --- a/kubernetes/cds/charts/cds-sdc-listener/requirements.yaml +++ b/kubernetes/cds/components/cds-sdc-listener/requirements.yaml @@ -15,4 +15,7 @@ dependencies: - name: common version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 repository: '@local'
\ No newline at end of file diff --git a/kubernetes/cds/charts/cds-sdc-listener/resources/config/application.yaml b/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml index b3e95a2a21..b3e95a2a21 100644 --- a/kubernetes/cds/charts/cds-sdc-listener/resources/config/application.yaml +++ b/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml diff --git a/kubernetes/cds/charts/cds-sdc-listener/resources/config/logback.xml b/kubernetes/cds/components/cds-sdc-listener/resources/config/logback.xml index 5715226eb2..b48cad75f1 100644 --- a/kubernetes/cds/charts/cds-sdc-listener/resources/config/logback.xml +++ b/kubernetes/cds/components/cds-sdc-listener/resources/config/logback.xml @@ -30,13 +30,13 @@ </encoder> </appender> - <logger name="org.springframework" level="info"/> - <logger name="org.springframework.web" level="info"/> - <logger name="org.springframework.security.web.authentication" level="warn"/> - <logger name="org.hibernate" level="error"/> - <logger name="org.onap.ccsdk.cds" level="info"/> + <logger name="org.springframework" level="{{ .Values.logback.logger.springframework }}"/> + <logger name="org.springframework.web" level="{{ .Values.logback.logger.springframeworkWeb }}"/> + <logger name="org.springframework.security.web.authentication" level="{{ .Values.logback.logger.springframeworkSecurityWebauthentication }}"/> + <logger name="org.hibernate" level="{{ .Values.logback.logger.hibernate }}"/> + <logger name="org.onap.ccsdk.cds" level="{{ .Values.logback.logger.onapCcsdkCds }}"/> - <root level="warn"> + <root level="{{ .Values.logback.rootLogLevel }}"> <appender-ref ref="STDOUT"/> </root> diff --git a/kubernetes/cds/charts/cds-sdc-listener/templates/configmap.yaml b/kubernetes/cds/components/cds-sdc-listener/templates/configmap.yaml index e82ac6f5dd..01e1b22ad5 100644 --- a/kubernetes/cds/charts/cds-sdc-listener/templates/configmap.yaml +++ b/kubernetes/cds/components/cds-sdc-listener/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright (c) 2019 Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/cds/charts/cds-sdc-listener/templates/deployment.yaml b/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml index f0db9faf5e..7dca49c761 100644 --- a/kubernetes/cds/charts/cds-sdc-listener/templates/deployment.yaml +++ b/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright (c) 2019 Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -35,7 +37,7 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - sdc-be @@ -49,12 +51,12 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: APP_CONFIG_HOME diff --git a/kubernetes/cds/charts/cds-sdc-listener/templates/service.yaml b/kubernetes/cds/components/cds-sdc-listener/templates/service.yaml index e4e8cf91c2..af837f2b3a 100644 --- a/kubernetes/cds/charts/cds-sdc-listener/templates/service.yaml +++ b/kubernetes/cds/components/cds-sdc-listener/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright (c) 2019 Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service metadata: diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/values.yaml b/kubernetes/cds/components/cds-sdc-listener/values.yaml index 61beab34c4..105e634408 100644 --- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/values.yaml +++ b/kubernetes/cds/components/cds-sdc-listener/values.yaml @@ -1,4 +1,4 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright (c) 2019 Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,31 +11,34 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - ################################################################# # Global configuration defaults. ################################################################# global: + # Change to an unused port prefix range to prevent port conflicts + # with other instances running within the same k8s cluster nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 + + # image pull policy + pullPolicy: Always + + persistence: + mountPath: /dockerdata-nfs ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/dcae-tosca-app:1.3.3 +image: onap/ccsdk-sdclistener:1.0.3 +name: sdc-listener pullPolicy: Always # flag to enable debugging - application support required debugEnabled: false +# application configuration config: - javaOptions: -XX:MaxPermSize=256m -Xmx1024m - cassandraSslEnabled: "false" + appConfigDir: /opt/app/onap/config # default number of instances replicaCount: 1 @@ -50,7 +53,7 @@ liveness: periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container - enabled: false + enabled: true readiness: initialDelaySeconds: 10 @@ -58,33 +61,41 @@ readiness: service: type: ClusterIP - name: sdc-dcae-tosca-lab - portName: sdc-dcae-tosca-lab-8085 - externalPort: 8085 - internalPort: 8085 - portName2: sdc-dcae-tosca-lab-8445 - externalPort2: 8445 - internalPort2: 8445 + http: + portName: cds-sdc-listener-http + internalPort: 8080 + externalPort: 8080 + +persistence: + enabled: true ingress: enabled: false -# Resource Limit flavor -By Default using small +logback: + rootLogLevel: INFO + logger: + springframework: INFO + springframeworkWeb: INFO + springframeworkSecurityWebauthentication: INFO + hibernate: INFO + onapCcsdkCds: INFO + flavor: small -# Segregation for Different environment (Small and Large) + resources: small: limits: - cpu: 1 + cpu: 2 memory: 4Gi requests: - cpu: 10m + cpu: 1 memory: 1Gi large: limits: - cpu: 2 + cpu: 4 memory: 8Gi requests: - cpu: 20m - memory: 2Gi + cpu: 2 + memory: 4Gi unlimited: {} diff --git a/kubernetes/cds/charts/cds-ui/Chart.yaml b/kubernetes/cds/components/cds-ui/Chart.yaml index 3ed3cf3717..3ed3cf3717 100644 --- a/kubernetes/cds/charts/cds-ui/Chart.yaml +++ b/kubernetes/cds/components/cds-ui/Chart.yaml diff --git a/kubernetes/cds/charts/cds-command-executor/requirements.yaml b/kubernetes/cds/components/cds-ui/requirements.yaml index b33ac701fe..7a0e74bfaf 100755..100644 --- a/kubernetes/cds/charts/cds-command-executor/requirements.yaml +++ b/kubernetes/cds/components/cds-ui/requirements.yaml @@ -15,4 +15,7 @@ dependencies: - name: common version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 repository: '@local'
\ No newline at end of file diff --git a/kubernetes/cds/charts/cds-ui/templates/deployment.yaml b/kubernetes/cds/components/cds-ui/templates/deployment.yaml index 7832f0f374..1c88f56d99 100644 --- a/kubernetes/cds/charts/cds-ui/templates/deployment.yaml +++ b/kubernetes/cds/components/cds-ui/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Orange # Modifications Copyright © 2018 Amdocs, Bell Canada # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -37,7 +39,7 @@ spec: spec: containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} diff --git a/kubernetes/cds/charts/cds-ui/templates/ingress.yaml b/kubernetes/cds/components/cds-ui/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/cds/charts/cds-ui/templates/ingress.yaml +++ b/kubernetes/cds/components/cds-ui/templates/ingress.yaml diff --git a/kubernetes/cds/charts/cds-ui/templates/service.yaml b/kubernetes/cds/components/cds-ui/templates/service.yaml index dcc7ccbedd..bfc3e30c84 100644 --- a/kubernetes/cds/charts/cds-ui/templates/service.yaml +++ b/kubernetes/cds/components/cds-ui/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/cds/charts/cds-ui/values.yaml b/kubernetes/cds/components/cds-ui/values.yaml index d8a87cc2ea..1c7f628b2c 100644 --- a/kubernetes/cds/charts/cds-ui/values.yaml +++ b/kubernetes/cds/components/cds-ui/values.yaml @@ -18,17 +18,12 @@ ################################################################# global: nodePortPrefixExt: 304 - readinessRepository: oomk8s - readinessImage: readiness-check:1.1.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 subChartsOnly: enabled: true # application image -repository: nexus3.onap.org:10001 -image: onap/ccsdk-cds-ui-server:0.7.5 +image: onap/ccsdk-cds-ui-server:1.0.3 pullPolicy: Always # application configuration diff --git a/kubernetes/cds/requirements.yaml b/kubernetes/cds/requirements.yaml index eafe11035e..122e403727 100644 --- a/kubernetes/cds/requirements.yaml +++ b/kubernetes/cds/requirements.yaml @@ -19,4 +19,24 @@ dependencies: repository: '@local' - name: mariadb-galera version: ~6.x-0 - repository: '@local'
\ No newline at end of file + repository: '@local' + - name: cds-blueprints-processor + version: ~6.x-0 + repository: 'file://components/cds-blueprints-processor' + condition: cds-blueprints-processor.enabled + - name: cds-blueprints-processor + version: ~6.x-0 + repository: 'file://components/cds-command-executor' + condition: cds-command-executor.enabled + - name: cds-py-executor + version: ~6.x-0 + repository: 'file://components/cds-py-executor' + condition: cds-py-executor.enabled + - name: cds-sdc-listener + version: ~6.x-0 + repository: 'file://components/cds-sdc-listener' + condition: cds-sdc-listener.enabled + - name: cds-ui + version: ~6.x-0 + repository: 'file://components/cds-ui' + condition: cds-ui.enabled
\ No newline at end of file diff --git a/kubernetes/cds/templates/secrets.yaml b/kubernetes/cds/templates/secrets.yaml index bd7eb8ea40..34932b713d 100644 --- a/kubernetes/cds/templates/secrets.yaml +++ b/kubernetes/cds/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/cds/values.yaml b/kubernetes/cds/values.yaml index d04c22beb0..0b7403e8ac 100644 --- a/kubernetes/cds/values.yaml +++ b/kubernetes/cds/values.yaml @@ -20,11 +20,6 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 - repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 persistence: mountPath: /dockerdata-nfs @@ -43,7 +38,6 @@ secrets: # Application configuration defaults. ################################################################# # application images -repository: nexus3.onap.org:10001 pullPolicy: Always @@ -92,6 +86,7 @@ mariadb-galera: mountSubPath: cds/data cds-blueprints-processor: + enabled: true config: cdsDB: dbServer: *dbServer @@ -99,6 +94,19 @@ cds-blueprints-processor: dbName: *mysqlDbName dbCredsExternalSecret: *dbUserSecretName +cds-command-executor: + enabled: true + +cds-py-executor: + enabled: true + +cds-sdc-listener: + enabled: true + +cds-ui: + enabled: true + + #Resource Limit flavor -By Default using small flavor: small #segregation for different envionment (Small and Large) diff --git a/kubernetes/clamp/.helmignore b/kubernetes/clamp/.helmignore new file mode 100644 index 0000000000..68ffb32406 --- /dev/null +++ b/kubernetes/clamp/.helmignore @@ -0,0 +1 @@ +components/ diff --git a/kubernetes/clamp/Makefile b/kubernetes/clamp/Makefile new file mode 100644 index 0000000000..89b2f465ec --- /dev/null +++ b/kubernetes/clamp/Makefile @@ -0,0 +1,56 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi +else + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi +endif + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/clamp/charts/clamp-backend/values.yaml b/kubernetes/clamp/charts/clamp-backend/values.yaml deleted file mode 100644 index 3e08bd606c..0000000000 --- a/kubernetes/clamp/charts/clamp-backend/values.yaml +++ /dev/null @@ -1,137 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2019 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: # global defaults - nodePortPrefix: 302 - repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ== - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - persistence: {} - -secrets: - - uid: db-secret - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' - login: '{{ .Values.db.user }}' - password: '{{ .Values.db.password }}' - passwordPolicy: required - -flavor: small - -# application image -repository: nexus3.onap.org:10001 -image: onap/clamp-backend:5.0.7 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# log configuration -log: - path: /var/log/onap - -################################################################# -# Application configuration defaults. -################################################################# - -db: {} - -config: - log: - logstashServiceName: log-ls - logstashPort: 5044 - mysqlPassword: strong_pitchou - dataRootDir: /dockerdata-nfs - springApplicationJson: > - { - "spring.datasource.username": "${MYSQL_USER}", - "spring.datasource.password": "${MYSQL_PASSWORD}", - "spring.datasource.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3", - "spring.profiles.active": "clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,legacy-operational-policy,default-dictionary-elements", - "clamp.config.files.sdcController": "file:/opt/clamp/sdc-controllers-config.json", - "clamp.config.dcae.inventory.url": "https4://inventory.{{ include "common.namespace" . }}:8080", - "clamp.config.dcae.dispatcher.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443", - "clamp.config.dcae.deployment.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443", - "clamp.config.dcae.deployment.userName": "none", - "clamp.config.dcae.deployment.password": "none", - "clamp.config.policy.api.url": "https4://policy-api.{{ include "common.namespace" . }}:6969", - "clamp.config.policy.api.userName": "healthcheck", - "clamp.config.policy.api.password": "zb!XztG34", - "clamp.config.policy.pap.url": "https4://policy-pap.{{ include "common.namespace" . }}:6969", - "clamp.config.policy.pap.userName": "healthcheck", - "clamp.config.policy.pap.password": "zb!XztG34", - "clamp.config.cadi.aafLocateUrl": "https://aaf-locate.{{ include "common.namespace" . }}:8095" - } - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 120 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - - -service: - type: ClusterIP - name: clamp-backend - portName: clamp-backend - internalPort: 8443 - externalPort: 443 - -ingress: - enabled: false - -#resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -resources: - small: - limits: - cpu: 1 - memory: 1.2Gi - requests: - cpu: 10m - memory: 800Mi - large: - limits: - cpu: 1 - memory: 1.2Gi - requests: - cpu: 10m - memory: 800Mi - unlimited: {} diff --git a/kubernetes/clamp/components/Makefile b/kubernetes/clamp/components/Makefile new file mode 100644 index 0000000000..bf267b7720 --- /dev/null +++ b/kubernetes/clamp/components/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/clamp/charts/clamp-backend/Chart.yaml b/kubernetes/clamp/components/clamp-backend/Chart.yaml index 89117ce205..89117ce205 100644 --- a/kubernetes/clamp/charts/clamp-backend/Chart.yaml +++ b/kubernetes/clamp/components/clamp-backend/Chart.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/requirements.yaml b/kubernetes/clamp/components/clamp-backend/requirements.yaml index caff1e5dc4..5b041a56f2 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/requirements.yaml +++ b/kubernetes/clamp/components/clamp-backend/requirements.yaml @@ -14,6 +14,9 @@ # limitations under the License. dependencies: - - name: common + - name: certInitializer version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/clamp/components/clamp-backend/resources/config/application.properties b/kubernetes/clamp/components/clamp-backend/resources/config/application.properties new file mode 100644 index 0000000000..8dd0fc796a --- /dev/null +++ b/kubernetes/clamp/components/clamp-backend/resources/config/application.properties @@ -0,0 +1,71 @@ +{{/* +### +# ============LICENSE_START======================================================= +# ONAP CLAMP +# ================================================================================ +# Copyright (C) 2017-2019 AT&T Intellectual Property. All rights +# reserved. +# ================================================================================ +# Modifications copyright (c) 2019 Nokia +# ================================================================================\ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END============================================ +# =================================================================== +# +### +*/}} +{{- if .Values.global.aafEnabled }} +server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} +server.ssl.key-store-password=${cadi_keystore_password_p12} +server.ssl.key-password=${cadi_key_password} +server.ssl.key-store-type=PKCS12 +server.ssl.key-alias={{ .Values.certInitializer.fqi }} + +# The key file used to decode the key store and trust store password +# If not defined, the key store and trust store password will not be decrypted +clamp.config.keyFile=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keyFile }} + +## Config part for Client certificates +server.ssl.client-auth=want +server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} +server.ssl.trust-store-password=${cadi_truststore_password} +{{- end }} + +#clds datasource connection details +spring.datasource.username=${MYSQL_USER} +spring.datasource.password=${MYSQL_PASSWORD} +spring.datasource.url=jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3 +spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,default-dictionary-elements + +#The log folder that will be used in logback.xml file +clamp.config.files.sdcController=file:/opt/clamp/sdc-controllers-config.json + +# +# Configuration Settings for Policy Engine Components +clamp.config.policy.api.url=https4://policy-api.{{ include "common.namespace" . }}:6969 +clamp.config.policy.api.userName=healthcheck +clamp.config.policy.api.password=zb!XztG34 +clamp.config.policy.pap.url=https4://policy-pap.{{ include "common.namespace" . }}:6969 +clamp.config.policy.pap.userName=healthcheck +clamp.config.policy.pap.password=zb!XztG34 + +#DCAE Inventory Url Properties +clamp.config.dcae.inventory.url=https4://inventory.{{ include "common.namespace" . }}:8080 +clamp.config.dcae.dispatcher.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443 +#DCAE Deployment Url Properties +clamp.config.dcae.deployment.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443 +clamp.config.dcae.deployment.userName=none +clamp.config.dcae.deployment.password=none + +#AAF related parameters +clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095 diff --git a/kubernetes/clamp/charts/clamp-backend/resources/config/log/filebeat/filebeat.yml b/kubernetes/clamp/components/clamp-backend/resources/config/log/filebeat/filebeat.yml index dab2e44f5e..8717e6f33a 100644 --- a/kubernetes/clamp/charts/clamp-backend/resources/config/log/filebeat/filebeat.yml +++ b/kubernetes/clamp/components/clamp-backend/resources/config/log/filebeat/filebeat.yml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} filebeat.prospectors: #it is mandatory, in our case it's log - input_type: log diff --git a/kubernetes/clamp/charts/clamp-backend/resources/config/sdc-controllers-config.json b/kubernetes/clamp/components/clamp-backend/resources/config/sdc-controllers-config.json index 3adda95c11..3adda95c11 100644 --- a/kubernetes/clamp/charts/clamp-backend/resources/config/sdc-controllers-config.json +++ b/kubernetes/clamp/components/clamp-backend/resources/config/sdc-controllers-config.json diff --git a/kubernetes/clamp/charts/clamp-backend/templates/NOTES.txt b/kubernetes/clamp/components/clamp-backend/templates/NOTES.txt index e36d6a5bfb..e36d6a5bfb 100644 --- a/kubernetes/clamp/charts/clamp-backend/templates/NOTES.txt +++ b/kubernetes/clamp/components/clamp-backend/templates/NOTES.txt diff --git a/kubernetes/clamp/charts/clamp-backend/templates/configmap.yaml b/kubernetes/clamp/components/clamp-backend/templates/configmap.yaml index f66312c741..1a5b0ce06a 100644 --- a/kubernetes/clamp/charts/clamp-backend/templates/configmap.yaml +++ b/kubernetes/clamp/components/clamp-backend/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap @@ -25,6 +27,5 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} - spring_application_json: {{ tpl .Values.config.springApplicationJson . | quote }} {{ include "common.log.configMap" . }} diff --git a/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml b/kubernetes/clamp/components/clamp-backend/templates/deployment.yaml index 9dfc460d1f..9153f9d0ff 100644 --- a/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml +++ b/kubernetes/clamp/components/clamp-backend/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -36,28 +38,37 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - - mariadb + - clamp-mariadb env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: # side car containers {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }} # main container - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + workingDir: "/opt/clamp/" args: - - "" + - -c + - | + {{- if .Values.global.aafEnabled }} + export $(grep '^cadi_' {{ .Values.certInitializer.credsPath }}/org.onap.clamp.cred.props | xargs -0) + {{- end }} + java -Djava.security.egd=file:/dev/./urandom ${JAVA_RAM_CONFIGURATION} -jar ./app.jar ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -74,12 +85,15 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: logs mountPath: {{ .Values.log.path }} - mountPath: /opt/clamp/sdc-controllers-config.json name: {{ include "common.fullname" . }}-config subPath: sdc-controllers-config.json + - mountPath: /opt/clamp/application.properties + name: {{ include "common.fullname" . }}-config + subPath: application.properties env: - name: MYSQL_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} @@ -87,28 +101,26 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} - name: MYSQL_DATABASE value: {{ tpl .Values.db.databaseName .}} - - name: SPRING_APPLICATION_JSON - valueFrom: - configMapKeyRef: - name: {{ template "common.fullname" . }} - key: spring_application_json - resources: -{{ include "common.resources" . | indent 12 }} + {{- if ne "unlimited" (include "common.flavor" .) }} + - name: JAVA_RAM_CONFIGURATION + value: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=75 + {{- end }} + resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} items: - key: sdc-controllers-config.json path: sdc-controllers-config.json + - key: application.properties + path: application.properties - name: logs emptyDir: {} {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }} diff --git a/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml b/kubernetes/clamp/components/clamp-backend/templates/secrets.yaml index 57f88ce32d..4cf8155f6c 100644 --- a/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml +++ b/kubernetes/clamp/components/clamp-backend/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,5 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/clamp/charts/clamp-backend/templates/service.yaml b/kubernetes/clamp/components/clamp-backend/templates/service.yaml index b1a5465116..c01d36a53d 100644 --- a/kubernetes/clamp/charts/clamp-backend/templates/service.yaml +++ b/kubernetes/clamp/components/clamp-backend/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/clamp/components/clamp-backend/values.yaml b/kubernetes/clamp/components/clamp-backend/values.yaml new file mode 100644 index 0000000000..efd08ba4d0 --- /dev/null +++ b/kubernetes/clamp/components/clamp-backend/values.yaml @@ -0,0 +1,151 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018-2019 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: # global defaults + nodePortPrefix: 302 + persistence: {} + centralizedLoggingEnabled: true + #AAF service + aafEnabled: true + +################################################################# +# AAF part +################################################################# +certInitializer: + permission_user: 1000 + permission_group: 999 + keystoreFile: 'org.onap.clamp.p12' + truststoreFile: 'org.onap.clamp.trust.jks' + keyFile: 'org.onap.clamp.keyfile' + truststoreFileONAP: 'truststoreONAPall.jks' + nameOverride: clamp-backend-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: clamp + fqi: clamp@clamp.onap.org + public_fqdn: clamp.onap.org + cadi_longitude: '-72.0' + cadi_latitude: '38.0' + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop; + grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_truststore_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_truststore_password.pwd; + grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_key_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_key_password.pwd; + grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_keystore_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_keystore_password.pwd; + grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_keystore_password_p12=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_keystore_password_p12.pwd; + cd {{ .Values.credsPath }}; + chmod a+rx *; + +secrets: + - uid: db-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + passwordPolicy: required + +flavor: small + +# application image +image: onap/clamp-backend:5.1.5 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# log configuration +log: + path: /var/log/onap + +################################################################# +# Application configuration defaults. +################################################################# + +#####dummy values for db user and password to pass lint!!!####### + +db: + user: dummyclds + password: dummysidnnd83K + databaseName: dummycldsdb4 + +config: + log: + logstashServiceName: log-ls + logstashPort: 5044 + mysqlPassword: strong_pitchou + dataRootDir: /dockerdata-nfs + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 3 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 3 + +service: + type: ClusterIP + name: clamp-backend + portName: clamp-backend + internalPort: 8443 + externalPort: 443 + +ingress: + enabled: false + +#resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# +# Example: +# Configure resource requests and limits +# ref: http://kubernetes.io/docs/user-guide/compute-resources/ +# Minimum memory for development is 2 CPU cores and 4GB memory +# Minimum memory for production is 4 CPU cores and 8GB memory +resources: + small: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 1m + memory: 1Gi + large: + limits: + cpu: 1 + memory: 3Gi + requests: + cpu: 10m + memory: 3Gi + unlimited: {} diff --git a/kubernetes/clamp/charts/clamp-dash-es/Chart.yaml b/kubernetes/clamp/components/clamp-dash-es/Chart.yaml index b2f8624a4b..b2f8624a4b 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/Chart.yaml +++ b/kubernetes/clamp/components/clamp-dash-es/Chart.yaml diff --git a/kubernetes/clamp/components/clamp-dash-es/requirements.yaml b/kubernetes/clamp/components/clamp-dash-es/requirements.yaml new file mode 100644 index 0000000000..c388db3113 --- /dev/null +++ b/kubernetes/clamp/components/clamp-dash-es/requirements.yaml @@ -0,0 +1,25 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml b/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml index 1eb20fce89..9e04d5ae01 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml +++ b/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml @@ -106,14 +106,24 @@ transport.tcp.port: {{.Values.service.externalPort2}} ######## Start OpenDistro for Elasticsearch Security Demo Configuration ######## # WARNING: revise all the lines below before you go into production +{{- if .Values.global.aafEnabled }} +opendistro_security.ssl.transport.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }} +opendistro_security.ssl.transport.pemkey_filepath: {{ .Values.certInitializer.clamp_key }} +opendistro_security.ssl.transport.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }} +opendistro_security.ssl.http.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }} +opendistro_security.ssl.http.pemkey_filepath: {{ .Values.certInitializer.clamp_key }} +opendistro_security.ssl.http.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }} +{{- else }} opendistro_security.ssl.transport.pemcert_filepath: esnode.pem opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem -opendistro_security.ssl.transport.enforce_hostname_verification: false -opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}} opendistro_security.ssl.http.pemcert_filepath: esnode.pem opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem +{{- end }} +opendistro_security.ssl.transport.enforce_hostname_verification: false +opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}} + opendistro_security.allow_unsafe_democertificates: true opendistro_security.allow_default_init_securityindex: true opendistro_security.authcz.admin_dn: diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/configmap.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/configmap.yaml index 20ff6f27c2..fe0349ede9 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/templates/configmap.yaml +++ b/kubernetes/clamp/components/clamp-dash-es/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml index 0ec38b08e3..d7aa77cd01 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml +++ b/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -51,7 +53,7 @@ spec: fieldPath: metadata.namespace securityContext: privileged: true - image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.busyboxImage }} + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: init-sysctl volumeMounts: @@ -59,10 +61,22 @@ spec: mountPath: /usr/share/elasticsearch/logs/ - name: {{ include "common.fullname" . }}-data mountPath: /usr/share/elasticsearch/data/ +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_key }} + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_pem }} + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_ca_certs_pem }} + /usr/local/bin/docker-entrypoint.sh + {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} name: {{ include "common.servicename" . }} @@ -85,7 +99,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} env: - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -104,7 +118,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/pv.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/pv.yaml index 3669621b24..3669621b24 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/templates/pv.yaml +++ b/kubernetes/clamp/components/clamp-dash-es/templates/pv.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/pvc.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/pvc.yaml index 6ae4eea0d3..6ae4eea0d3 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/templates/pvc.yaml +++ b/kubernetes/clamp/components/clamp-dash-es/templates/pvc.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/service.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/service.yaml index 292fc31dc3..9c182edbc0 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/templates/service.yaml +++ b/kubernetes/clamp/components/clamp-dash-es/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/clamp/charts/clamp-dash-es/values.yaml b/kubernetes/clamp/components/clamp-dash-es/values.yaml index 27158a6668..1e2ae4778d 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/values.yaml +++ b/kubernetes/clamp/components/clamp-dash-es/values.yaml @@ -18,21 +18,52 @@ ################################################################# global: nodePortPrefix: 302 - repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ== persistence: {} -flavor: small + centralizedLoggingEnabled: true + #AAF service + aafEnabled: true ################################################################# -# Application configuration defaults. +# AAF part ################################################################# +certInitializer: + permission_user: 1000 + permission_group: 999 + addconfig: true + keystoreFile: "org.onap.clamp.p12" + truststoreFile: "org.onap.clamp.trust.jks" + keyFile: "org.onap.clamp.keyfile" + truststoreFileONAP: "truststoreONAPall.jks" + clamp_key: "org.onap.clamp.crt.key" + clamp_pem: "org.onap.clamp.key.pem" + clamp_ca_certs_pem: "clamp-ca-certs.pem" + nameOverride: clamp-es-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: clamp + fqi: clamp@clamp.onap.org + public_fqdn: clamp.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop; + export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0); + cd {{ .Values.credsPath }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }}; + chmod a+rx *; -# BusyBox image -busyboxRepository: registry.hub.docker.com -busyboxImage: library/busybox:latest +flavor: small +################################################################# +# Application configuration defaults. +################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/clamp-dashboard-elasticsearch:5.0.3 +image: onap/clamp-dashboard-elasticsearch:5.0.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/Chart.yaml b/kubernetes/clamp/components/clamp-dash-kibana/Chart.yaml index 5d897d96eb..5d897d96eb 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/Chart.yaml +++ b/kubernetes/clamp/components/clamp-dash-kibana/Chart.yaml diff --git a/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml b/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml new file mode 100644 index 0000000000..c388db3113 --- /dev/null +++ b/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml @@ -0,0 +1,25 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml b/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml index db81e3da00..b7a8fbf348 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml +++ b/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License.# Default Kibana configuration from kibana-docker. +*/}} server.name: "Clamp CL Dashboard" server.host: "0" @@ -18,9 +20,13 @@ server.host: "0" server.port: {{.Values.service.externalPort}} server.ssl.enabled: {{.Values.config.sslEnabled}} +{{- if .Values.global.aafEnabled }} +server.ssl.certificate: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }} +server.ssl.key: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }} +{{ else }} server.ssl.certificate: {{.Values.config.sslPemCertFilePath}} server.ssl.key: {{.Values.config.sslPemkeyFilePath}} - +{{- end }} # The URL of the Elasticsearch instance to use for all your queries. elasticsearch.hosts: ${elasticsearch_base_url} @@ -32,4 +38,4 @@ elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"] opendistro_security.multitenancy.enabled: true opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"] -opendistro_security.readonly_mode.roles: ["kibana_read_only"]
\ No newline at end of file +opendistro_security.readonly_mode.roles: ["kibana_read_only"] diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/configmap.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/configmap.yaml index 5d1b32258c..48d85478c4 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/templates/configmap.yaml +++ b/kubernetes/clamp/components/clamp-dash-kibana/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml index bf78eef2eb..8cb95cdf0b 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/templates/deployment.yaml +++ b/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -36,7 +38,7 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - clamp-dash-es @@ -46,12 +48,13 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -73,7 +76,7 @@ spec: env: - name: elasticsearch_base_url value: "{{ternary "https" "http" .Values.security.ssl.enabled}}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}" - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -90,7 +93,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/ingress.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml index 0cd8cfbd36..e5d7174e85 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/templates/ingress.yaml +++ b/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml @@ -1,4 +1,4 @@ -# Copyright © 2020 Samsung, Orange +{{/* # Copyright © 2020 Samsung, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,5 +11,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.ingress" . }} diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/service.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/service.yaml index 07d4a8f8ea..f1b6cf55c6 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/templates/service.yaml +++ b/kubernetes/clamp/components/clamp-dash-kibana/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml b/kubernetes/clamp/components/clamp-dash-kibana/values.yaml index 96a30f9e5f..9b5f1fc344 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml +++ b/kubernetes/clamp/components/clamp-dash-kibana/values.yaml @@ -18,23 +18,52 @@ ################################################################# global: nodePortPrefix: 302 - repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ== - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 persistence: {} -flavor: small + centralizedLoggingEnabled: true + #AAF service + aafEnabled: true ################################################################# -# Application configuration defaults. +# AAF part ################################################################# +certInitializer: + permission_user: 1000 + permission_group: 999 + addconfig: true + keystoreFile: "org.onap.clamp.p12" + truststoreFile: "org.onap.clamp.trust.jks" + keyFile: "org.onap.clamp.keyfile" + truststoreFileONAP: "truststoreONAPall.jks" + clamp_key: "org.onap.clamp.crt.key" + clamp_pem: "org.onap.clamp.key.pem" + clamp_ca_certs_pem: "clamp-ca-certs.pem" + nameOverride: clamp-kibana-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: clamp + fqi: clamp@clamp.onap.org + public_fqdn: clamp.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop; + export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0); + cd {{ .Values.credsPath }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }}; + chmod a+rx *; -# BusyBox image -busyboxRepository: registry.hub.docker.com -busyboxImage: library/busybox:latest +flavor: small +################################################################# +# Application configuration defaults. +################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/clamp-dashboard-kibana:5.0.3 +image: onap/clamp-dashboard-kibana:5.0.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/Chart.yaml b/kubernetes/clamp/components/clamp-dash-logstash/Chart.yaml index 9fc0317fd3..9fc0317fd3 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/Chart.yaml +++ b/kubernetes/clamp/components/clamp-dash-logstash/Chart.yaml diff --git a/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml b/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml new file mode 100644 index 0000000000..c388db3113 --- /dev/null +++ b/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml @@ -0,0 +1,25 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/logstash.yml b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/logstash.yml index cecd5b18c8..1e06e34cfb 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/logstash.yml +++ b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/logstash.yml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} http.host: "0.0.0.0" ## Path where pipeline configurations reside path.config: /usr/share/logstash/pipeline diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf index c005fcca3e..b978e766d3 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf +++ b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf @@ -1,3 +1,4 @@ +{{/* # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} input { http_poller { urls => { @@ -46,7 +48,11 @@ input { request_timeout => 30 schedule => { "every" => "1m" } codec => "plain" +{{- if .Values.global.aafEnabled }} + cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}" +{{- else }} cacert => "/certs.d/aafca.pem" +{{- end }} } } @@ -217,8 +223,13 @@ output { if "error" in [tags] { elasticsearch { + ilm_enabled => false codec => "json" +{{- if .Values.global.aafEnabled }} + cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}" +{{- else }} cacert => "/clamp-cert/ca-certs.pem" +{{- end }} ssl_certificate_verification => false hosts => ["${elasticsearch_base_url}"] user => ["${logstash_user}"] @@ -229,9 +240,14 @@ output { } else if "event-cl-aggs" in [tags] { elasticsearch { + ilm_enabled => false codec => "json" hosts => ["${elasticsearch_base_url}"] +{{- if .Values.global.aafEnabled }} + cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}" +{{- else }} cacert => "/clamp-cert/ca-certs.pem" +{{- end }} ssl_certificate_verification => false user => ["${logstash_user}"] password => ["${logstash_pwd}"] @@ -243,9 +259,14 @@ output { } else { elasticsearch { + ilm_enabled => false codec => "json" hosts => ["${elasticsearch_base_url}"] +{{- if .Values.global.aafEnabled }} + cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}" +{{- else }} cacert => "/clamp-cert/ca-certs.pem" +{{- end }} ssl_certificate_verification => false user => ["${logstash_user}"] password => ["${logstash_pwd}"] diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/templates/configmap.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/configmap.yaml index 4278a6e6d3..3e98246df1 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/templates/configmap.yaml +++ b/kubernetes/clamp/components/clamp-dash-logstash/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml index d0c737f047..f098338c7f 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml +++ b/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -36,7 +38,7 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - clamp-dash-es @@ -46,12 +48,13 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: dmaap_consumer_group @@ -91,7 +94,7 @@ spec: periodSeconds: {{ .Values.liveness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} {{ end -}} - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -111,7 +114,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/templates/service.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/service.yaml index 07d4a8f8ea..f1b6cf55c6 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/templates/service.yaml +++ b/kubernetes/clamp/components/clamp-dash-logstash/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml b/kubernetes/clamp/components/clamp-dash-logstash/values.yaml index 3ec5684f6b..9aab3af252 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml +++ b/kubernetes/clamp/components/clamp-dash-logstash/values.yaml @@ -18,10 +18,45 @@ ################################################################# global: nodePortPrefix: 302 - repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ== - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 persistence: {} + centralizedLoggingEnabled: true + #AAF service + aafEnabled: true + +################################################################# +# AAF part +################################################################# +certInitializer: + permission_user: 1000 + permission_group: 999 + addconfig: true + keystoreFile: "org.onap.clamp.p12" + truststoreFile: "org.onap.clamp.trust.jks" + keyFile: "org.onap.clamp.keyfile" + truststoreFileONAP: "truststoreONAPall.jks" + clamp_key: "org.onap.clamp.crt.key" + clamp_pem: "org.onap.clamp.key.pem" + clamp_ca_certs_pem: "clamp-ca-certs.pem" + nameOverride: clamp-logstash-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: clamp + fqi: clamp@clamp.onap.org + public_fqdn: clamp.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop; + export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0); + cd {{ .Values.credsPath }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }}; + chmod a+rx *; + flavor: small ################################################################# @@ -29,8 +64,7 @@ flavor: small ################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/clamp-dashboard-logstash:5.0.3 +image: onap/clamp-dashboard-logstash:5.0.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/clamp/charts/mariadb/Chart.yaml b/kubernetes/clamp/components/clamp-mariadb/Chart.yaml index eaad8b8440..91984c1014 100644 --- a/kubernetes/clamp/charts/mariadb/Chart.yaml +++ b/kubernetes/clamp/components/clamp-mariadb/Chart.yaml @@ -15,5 +15,5 @@ apiVersion: v1 description: MariaDB Service -name: mariadb +name: clamp-mariadb version: 6.0.0 diff --git a/kubernetes/clamp/charts/mariadb/NOTES.txt b/kubernetes/clamp/components/clamp-mariadb/NOTES.txt index 1103affff1..1103affff1 100644 --- a/kubernetes/clamp/charts/mariadb/NOTES.txt +++ b/kubernetes/clamp/components/clamp-mariadb/NOTES.txt diff --git a/kubernetes/portal/components/portal-zookeeper/requirements.yaml b/kubernetes/clamp/components/clamp-mariadb/requirements.yaml index c5d7864b9d..b5d66f3805 100644 --- a/kubernetes/portal/components/portal-zookeeper/requirements.yaml +++ b/kubernetes/clamp/components/clamp-mariadb/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh b/kubernetes/clamp/components/clamp-mariadb/resources/config/init/docker-entrypoint.sh index 6c69694011..71f32e2eff 100755 --- a/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh +++ b/kubernetes/clamp/components/clamp-mariadb/resources/config/init/docker-entrypoint.sh @@ -18,6 +18,11 @@ for arg; do esac done +prepare_password() +{ + echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g" +} + # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of @@ -36,7 +41,7 @@ file_env() { elif [ "${!fileVar:-}" ]; then val="$(< "${!fileVar}")" fi - val=`echo -n $val | sed -e "s/'/''/g"` + val=`prepare_password $val` export "$var"="$val" unset "$fileVar" } diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/conf.d/conf1/my.cnf b/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/conf.d/conf1/my.cnf index 612590cc6b..8b5dc2a021 100644 --- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/conf.d/conf1/my.cnf +++ b/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/conf.d/conf1/my.cnf @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,6 +21,7 @@ # In this file, you can use all long options that a program supports. # If you want to know which options a program supports, run the program # with the "--help" option. +*/}} # The following options will be passed to all MySQL clients ##[client] diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql b/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql index 1f153bce04..1f153bce04 100644 --- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql +++ b/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql diff --git a/kubernetes/clamp/charts/mariadb/templates/NOTES.txt b/kubernetes/clamp/components/clamp-mariadb/templates/NOTES.txt index 1103affff1..1103affff1 100644 --- a/kubernetes/clamp/charts/mariadb/templates/NOTES.txt +++ b/kubernetes/clamp/components/clamp-mariadb/templates/NOTES.txt diff --git a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/configmap.yaml index 01420aa97b..b8a774acbe 100644 --- a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml +++ b/kubernetes/clamp/components/clamp-mariadb/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} #{{ if not .Values.disableClampClampMariadb }} apiVersion: v1 diff --git a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/deployment.yaml index 7d6e162813..8ddf584988 100644 --- a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml +++ b/kubernetes/clamp/components/clamp-mariadb/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -36,7 +38,7 @@ spec: spec: containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} diff --git a/kubernetes/clamp/charts/mariadb/templates/pv.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/pv.yaml index 424987936d..424987936d 100644 --- a/kubernetes/clamp/charts/mariadb/templates/pv.yaml +++ b/kubernetes/clamp/components/clamp-mariadb/templates/pv.yaml diff --git a/kubernetes/clamp/charts/mariadb/templates/pvc.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/pvc.yaml index 6856c80540..6856c80540 100644 --- a/kubernetes/clamp/charts/mariadb/templates/pvc.yaml +++ b/kubernetes/clamp/components/clamp-mariadb/templates/pvc.yaml diff --git a/kubernetes/clamp/charts/mariadb/templates/secrets.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/secrets.yaml index 57f88ce32d..4cf8155f6c 100644 --- a/kubernetes/clamp/charts/mariadb/templates/secrets.yaml +++ b/kubernetes/clamp/components/clamp-mariadb/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,5 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/clamp/charts/mariadb/templates/service.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/service.yaml index 2533c26161..20a5065503 100644 --- a/kubernetes/clamp/charts/mariadb/templates/service.yaml +++ b/kubernetes/clamp/components/clamp-mariadb/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/clamp/charts/mariadb/values.yaml b/kubernetes/clamp/components/clamp-mariadb/values.yaml index df651dd9ea..60b2cfef4f 100644 --- a/kubernetes/clamp/charts/mariadb/values.yaml +++ b/kubernetes/clamp/components/clamp-mariadb/values.yaml @@ -21,8 +21,7 @@ global: # global defaults persistence: {} # application image -repository: nexus3.onap.org:10001 -image: mariadb:10.3.12 +image: mariadb:10.5.4 pullPolicy: Always flavor: small ################################################################# @@ -40,7 +39,11 @@ secrets: password: '{{ .Values.db.password }}' # Application configuration -db: {} +# dummy value db user pasword to pass lint!!! +db: + user: dummy-clds + password: dummy-sidnnd83K + databaseName: dummy-cldsdb4 # default number of instances replicaCount: 1 @@ -51,15 +54,17 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 10 + initialDelaySeconds: 30 periodSeconds: 10 + timeoutSeconds: 3 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: - initialDelaySeconds: 10 + initialDelaySeconds: 30 periodSeconds: 10 + timeoutSeconds: 3 ## Persist data to a persitent volume persistence: diff --git a/kubernetes/clamp/requirements.yaml b/kubernetes/clamp/requirements.yaml index d3c442d32e..fd71422f78 100644 --- a/kubernetes/clamp/requirements.yaml +++ b/kubernetes/clamp/requirements.yaml @@ -14,9 +14,24 @@ # limitations under the License. dependencies: - - name: common + - name: certInitializer version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' + - name: clamp-mariadb + version: ~6.x-0 + repository: 'file://components/clamp-mariadb' + - name: clamp-backend + version: ~6.x-0 + repository: 'file://components/clamp-backend' + - name: clamp-dash-es + version: ~6.x-0 + repository: 'file://components/clamp-dash-es' + - name: clamp-dash-logstash + version: ~6.x-0 + repository: 'file://components/clamp-dash-logstash' + - name: clamp-dash-kibana + version: ~6.x-0 + repository: 'file://components/clamp-dash-kibana'
\ No newline at end of file diff --git a/kubernetes/clamp/resources/config/default.conf b/kubernetes/clamp/resources/config/default.conf index 84beff8d5a..3e6fde9d0d 100644 --- a/kubernetes/clamp/resources/config/default.conf +++ b/kubernetes/clamp/resources/config/default.conf @@ -2,8 +2,14 @@ server { listen 2443 default ssl; ssl_protocols TLSv1.2; + {{ if .Values.global.aafEnabled }} + ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}}; + ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}}; + {{ else }} ssl_certificate /etc/ssl/clamp.pem; ssl_certificate_key /etc/ssl/clamp.key; + {{ end }} + ssl_verify_client optional_no_ca; location /restservices/clds/ { proxy_pass https://clamp-backend:443; diff --git a/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml b/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml index dab2e44f5e..8717e6f33a 100644 --- a/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml +++ b/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} filebeat.prospectors: #it is mandatory, in our case it's log - input_type: log diff --git a/kubernetes/clamp/templates/configmap.yaml b/kubernetes/clamp/templates/configmap.yaml index 3fce850140..1a5b0ce06a 100644 --- a/kubernetes/clamp/templates/configmap.yaml +++ b/kubernetes/clamp/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/clamp/templates/deployment.yaml b/kubernetes/clamp/templates/deployment.yaml index 97637b058d..51b864b986 100644 --- a/kubernetes/clamp/templates/deployment.yaml +++ b/kubernetes/clamp/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -36,7 +38,7 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - clamp-backend @@ -46,15 +48,16 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness +{{ include "common.certInitializer.initContainer" . | nindent 6 }} containers: # side car containers {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }} # main container - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -72,7 +75,7 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: logs mountPath: {{ .Values.log.path }} - mountPath: /etc/nginx/conf.d/default.conf @@ -88,7 +91,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} diff --git a/kubernetes/clamp/templates/secrets.yaml b/kubernetes/clamp/templates/secrets.yaml index 57f88ce32d..4cf8155f6c 100644 --- a/kubernetes/clamp/templates/secrets.yaml +++ b/kubernetes/clamp/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,5 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/clamp/templates/service.yaml b/kubernetes/clamp/templates/service.yaml index 800cc36535..31f4380eb8 100644 --- a/kubernetes/clamp/templates/service.yaml +++ b/kubernetes/clamp/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml index 2a27c140eb..b2b37d3755 100644 --- a/kubernetes/clamp/values.yaml +++ b/kubernetes/clamp/values.yaml @@ -18,11 +18,43 @@ ################################################################# global: # global defaults nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - centralizedLoggingEnabled: false + centralizedLoggingEnabled: true + #AAF service + aafEnabled: true + +################################################################# +# AAF part +################################################################# +certInitializer: + permission_user: 1000 + permission_group: 999 + addconfig: true + keystoreFile: "org.onap.clamp.p12" + truststoreFile: "org.onap.clamp.trust.jks" + keyFile: "org.onap.clamp.keyfile" + truststoreFileONAP: "truststoreONAPall.jks" + clamp_key: "clamp.key" + clamp_pem: "clamp.pem" + clamp_ca_certs_pem: "clamp-ca-certs.pem" + nameOverride: clamp-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: clamp + fqi: clamp@clamp.onap.org + public_fqdn: clamp.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop; + export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0); + cd {{ .Values.credsPath }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }}; + chmod a+rx *; secrets: - uid: db-root-pass @@ -45,7 +77,7 @@ clamp-backend: db: userCredsExternalSecret: *dbUserPass databaseName: *dbName -mariadb: +clamp-mariadb: db: rootCredsExternalSecret: *dbRootPass userCredsExternalSecret: *dbUserPass @@ -57,8 +89,7 @@ subChartsOnly: flavor: small # application image -repository: nexus3.onap.org:10001 -image: onap/clamp-frontend:5.0.7 +image: onap/clamp-frontend:5.1.5 pullPolicy: Always # flag to enable debugging - application support required @@ -88,6 +119,7 @@ affinity: {} liveness: initialDelaySeconds: 120 periodSeconds: 10 + timeoutSeconds: 3 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true @@ -95,7 +127,7 @@ liveness: readiness: initialDelaySeconds: 10 periodSeconds: 10 - + timeoutSeconds: 3 service: type: NodePort @@ -139,7 +171,7 @@ resources: cpu: 1 memory: 200Mi requests: - cpu: 10m + cpu: 1m memory: 50Mi large: limits: diff --git a/kubernetes/cli/templates/deployment.yaml b/kubernetes/cli/templates/deployment.yaml index 539279f93d..0823daffb6 100644 --- a/kubernetes/cli/templates/deployment.yaml +++ b/kubernetes/cli/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment diff --git a/kubernetes/cli/templates/secrets.yaml b/kubernetes/cli/templates/secrets.yaml index ab7fb6673a..213b709026 100644 --- a/kubernetes/cli/templates/secrets.yaml +++ b/kubernetes/cli/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright 2020 Huawei Technologies Co., Ltd. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Secret diff --git a/kubernetes/cli/templates/service.yaml b/kubernetes/cli/templates/service.yaml index 6d89ffe3fb..eaa85086b3 100644 --- a/kubernetes/cli/templates/service.yaml +++ b/kubernetes/cli/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml index e5484dff5b..bf3ba5b099 100644 --- a/kubernetes/cli/values.yaml +++ b/kubernetes/cli/values.yaml @@ -17,14 +17,13 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 + readinessImage: onap/oom/readiness:3.0.1 ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/cli:5.0.4 +image: onap/cli:6.0.0 pullPolicy: Always flavor: small diff --git a/kubernetes/common/Makefile b/kubernetes/common/Makefile index 941c2f84df..43d62f1a82 100644 --- a/kubernetes/common/Makefile +++ b/kubernetes/common/Makefile @@ -20,9 +20,15 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets COMMON_CHARTS_DIR := common EXCLUDES := -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +PROCESSED_LAST := cert-wrapper repository-wrapper +PROCESSED_FIRST := repositoryGenerator certInitializer +TO_FILTER := $(PROCESSED_FIRST) $(EXCLUDES) $(PROCESSED_LAST) -.PHONY: $(EXCLUDES) $(HELM_CHARTS) +HELM_BIN := helm +HELM_CHARTS := $(PROCESSED_FIRST) $(filter-out $(TO_FILTER), $(sort $(patsubst %/.,%,$(wildcard */.)))) $(PROCESSED_LAST) +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") + +.PHONY: $(HELM_CHARTS) $(TO_FILTER) all: $(COMMON_CHARTS_DIR) $(HELM_CHARTS) @@ -34,15 +40,19 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi - @helm repo index $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi +else + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi +endif + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/common/cassandra/requirements.yaml b/kubernetes/common/cassandra/requirements.yaml index 90e6621aa3..62e1158c12 100644 --- a/kubernetes/common/cassandra/requirements.yaml +++ b/kubernetes/common/cassandra/requirements.yaml @@ -17,3 +17,6 @@ dependencies: - name: common version: ~6.x-0 repository: 'file://../common' + - name: repositoryGenerator + version: ~6.x-0 + repository: 'file://../repositoryGenerator' diff --git a/kubernetes/common/cassandra/resources/exec.py b/kubernetes/common/cassandra/resources/exec.py index 5b3ae33371..a7f297399e 100644 --- a/kubernetes/common/cassandra/resources/exec.py +++ b/kubernetes/common/cassandra/resources/exec.py @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/env python import getopt import logging import os @@ -7,7 +7,7 @@ import time from kubernetes import config from kubernetes.client import Configuration -from kubernetes.client.apis import core_v1_api +from kubernetes.client.api import core_v1_api from kubernetes.client.rest import ApiException from kubernetes.stream import stream diff --git a/kubernetes/common/cassandra/resources/restore.sh b/kubernetes/common/cassandra/resources/restore.sh index b9deb32316..798ab6c53c 100644 --- a/kubernetes/common/cassandra/resources/restore.sh +++ b/kubernetes/common/cassandra/resources/restore.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # Initialize variables ss_dir="" diff --git a/kubernetes/common/cassandra/templates/backup/cronjob.yaml b/kubernetes/common/cassandra/templates/backup/cronjob.yaml index e4f2aabfa0..27f3cc690d 100644 --- a/kubernetes/common/cassandra/templates/backup/cronjob.yaml +++ b/kubernetes/common/cassandra/templates/backup/cronjob.yaml @@ -35,7 +35,7 @@ spec: restartPolicy: Never initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - {{ include "common.name" . }} @@ -45,11 +45,11 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - name: "cassandra-backup-init" - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /bin/bash @@ -59,7 +59,7 @@ spec: curr_time=$1 echo "Clearing snapshots!!!" command="nodetool clearsnapshot -t $curr_time" - /root/exec.py -p "cassandra" -c "$command" + /app/exec.py -p "{{ include "common.name" . }}" -c "$command" } {{ $root := . }} curr_time=`date +%s` @@ -75,11 +75,11 @@ spec: echo "Executing cleanup!!" command="nodetool cleanup" - /root/exec.py -p "cassandra" -c "$command" + /app/exec.py -p "{{ include "common.name" . }}" -c "$command" echo "Cleaned Node!! Backing up database now!!!" command="nodetool snapshot -t $curr_time" - /root/exec.py -p "cassandra" -c "$command" + /app/exec.py -p "{{ include "common.name" . }}" -c "$command" retCode=$? if [ $retCode -ne 0 ]; then echo "Backup Failed!!!" @@ -95,7 +95,7 @@ spec: d=$(echo $d | sed 's:/*$::') keyspace_name=$(echo "$d" | awk -F/ '{ print $NF }') if [ 1 ] {{- range $t, $keyspace := $root.Values.backup.keyspacesToSkip }} && [ "{{ $keyspace.name }}" != "$keyspace_name" ] {{- end }}; then - /root/restore.sh -b $backup_dir/cassandra-{{ $i }}/data -s /onap-data/cassandra-{{ $i }}/data/$keyspace_name -k $keyspace_name -t $curr_time & + /app/restore.sh -b $backup_dir/cassandra-{{ $i }}/data -s /onap-data/cassandra-{{ $i }}/data/$keyspace_name -k $keyspace_name -t $curr_time & pids="$pids $!" fi done @@ -142,14 +142,14 @@ spec: - mountPath: /backup name: backup-dir - name: scripts - mountPath: /root/restore.sh + mountPath: /app/restore.sh subPath: restore.sh - name: scripts - mountPath: /root/exec.py + mountPath: /app/exec.py subPath: exec.py containers: - name: cassandra-backup-validate - image: "{{ .Values.image }}" + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /bin/bash diff --git a/kubernetes/common/cassandra/templates/pv.yaml b/kubernetes/common/cassandra/templates/pv.yaml index 76a224ab5f..a0d998cd07 100644 --- a/kubernetes/common/cassandra/templates/pv.yaml +++ b/kubernetes/common/cassandra/templates/pv.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.replicaPV" . }} diff --git a/kubernetes/common/cassandra/templates/service.yaml b/kubernetes/common/cassandra/templates/service.yaml index 0b91076f82..8934d41c33 100644 --- a/kubernetes/common/cassandra/templates/service.yaml +++ b/kubernetes/common/cassandra/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, AT&T, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.headlessService" . }} diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml index 96139ce988..471f88f735 100644 --- a/kubernetes/common/cassandra/templates/statefulset.yaml +++ b/kubernetes/common/cassandra/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, AT&T, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet @@ -28,7 +30,7 @@ spec: hostNetwork: {{ .Values.hostNetwork }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: {{ include "common.containerPorts" . | nindent 8 }} volumeMounts: @@ -48,7 +50,7 @@ spec: {{- if eq .Values.liveness.enabled true }} livenessProbe: exec: - command: + command: - /bin/bash - -c - nodetool status | grep $POD_IP | awk '$1!="UN" { exit 1; }' @@ -110,15 +112,12 @@ spec: {{- else }} command: ["/bin/sh", "-c", "PID=$(pidof java) && kill $PID && while ps -p $PID > /dev/null; do sleep 1; done"] {{- end }} - resources: -{{ toYaml .Values.resources | indent 10 }} + resources: {{ toYaml .Values.resources | nindent 10 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} volumes: - name: localtime diff --git a/kubernetes/common/cassandra/values.yaml b/kubernetes/common/cassandra/values.yaml index 090dbcc2a2..fbdf8e3e19 100644 --- a/kubernetes/common/cassandra/values.yaml +++ b/kubernetes/common/cassandra/values.yaml @@ -21,13 +21,9 @@ global: # global defaults mountPath: /dockerdata-nfs backup: mountPath: /dockerdata-nfs/backup - repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 # application image -repository: nexus3.onap.org:10001 -image: library/cassandra:3.11.4 +image: cassandra:3.11.4 pullPolicy: Always # flag to enable debugging - application support required @@ -132,7 +128,7 @@ persistence: configOverrides: {} -resources: {} +# resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -143,13 +139,13 @@ resources: {} # ref: http://kubernetes.io/docs/user-guide/compute-resources/ # Minimum memory for development is 2 CPU cores and 4GB memory # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi +resources: + limits: + cpu: 0.8 + memory: 4Gi + requests: + cpu: 0.2 + memory: 2.5Gi backup: enabled: false cron: "00 00 * * *" diff --git a/kubernetes/common/cert-wrapper/Chart.yaml b/kubernetes/common/cert-wrapper/Chart.yaml new file mode 100644 index 0000000000..68d5400743 --- /dev/null +++ b/kubernetes/common/cert-wrapper/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Wrapper chart to allow truststore to be shared among cert-initializer instances +name: cert-wrapper +version: 6.0.0 diff --git a/kubernetes/common/cert-wrapper/requirements.yaml b/kubernetes/common/cert-wrapper/requirements.yaml new file mode 100644 index 0000000000..b6a667e448 --- /dev/null +++ b/kubernetes/common/cert-wrapper/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: 'file://../certInitializer' diff --git a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh new file mode 100755 index 0000000000..7e2fa91363 --- /dev/null +++ b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh @@ -0,0 +1,63 @@ +#!/bin/bash +{{/* + +# Copyright © 2020 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +CERTS_DIR=${CERTS_DIR:-/certs} +WORK_DIR=${WORK_DIR:-/updatedTruststore} +ONAP_TRUSTSTORE=${ONAP_TRUSTSTORE:-truststoreONAPall.jks} +JRE_TRUSTSTORE=${JRE_TRUSTSTORE:-$JAVA_HOME/lib/security/cacerts} +TRUSTSTORE_OUTPUT_FILENAME=${TRUSTSTORE_OUTPUT_FILENAME:-truststore.jks} + +mkdir -p $WORK_DIR + +# Decrypt and move relevant files to WORK_DIR +for f in $CERTS_DIR/*; do + if [[ $AAF_ENABLED == false ]] && [[ $f == *$ONAP_TRUSTSTORE* ]]; then + # Dont use onap truststore when aaf is disabled + continue + fi + if [[ $f == *.sh ]]; then + continue + fi + if [[ $f == *.b64 ]] + then + base64 -d $f > $WORK_DIR/`basename $f .b64` + else + cp $f $WORK_DIR/. + fi +done + +# Prepare truststore output file +if [[ $AAF_ENABLED == true ]] + then + mv $WORK_DIR/$ONAP_TRUSTSTORE $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME + else + echo "AAF is disabled, using JRE truststore" + cp $JRE_TRUSTSTORE $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME +fi + +# Import Custom Certificates +for f in $WORK_DIR/*; do + if [[ $f == *.pem ]]; then + echo "importing certificate: $f" + keytool -import -file $f -alias `basename $f` -keystore $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME -storepass $TRUSTSTORE_PASSWORD -noprompt + if [[ $? != 0 ]]; then + echo "failed importing certificate: $f" + exit 1 + fi + fi +done diff --git a/kubernetes/common/certInitializer/resources/truststoreONAP.p12.b64 b/kubernetes/common/cert-wrapper/resources/truststoreONAP.p12.b64 index 71b6782c58..71b6782c58 100644 --- a/kubernetes/common/certInitializer/resources/truststoreONAP.p12.b64 +++ b/kubernetes/common/cert-wrapper/resources/truststoreONAP.p12.b64 diff --git a/kubernetes/common/certInitializer/resources/truststoreONAPall.jks.b64 b/kubernetes/common/cert-wrapper/resources/truststoreONAPall.jks.b64 index 17b051268f..17b051268f 100644 --- a/kubernetes/common/certInitializer/resources/truststoreONAPall.jks.b64 +++ b/kubernetes/common/cert-wrapper/resources/truststoreONAPall.jks.b64 diff --git a/kubernetes/common/cert-wrapper/templates/configmap.yaml b/kubernetes/common/cert-wrapper/templates/configmap.yaml new file mode 100644 index 0000000000..117a4ab718 --- /dev/null +++ b/kubernetes/common/cert-wrapper/templates/configmap.yaml @@ -0,0 +1,22 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +{{- $suffix := "certs" }} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . ) | nindent 2 }} +data: +{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/cert-wrapper/values.yaml b/kubernetes/common/cert-wrapper/values.yaml new file mode 100644 index 0000000000..fcece0e3f5 --- /dev/null +++ b/kubernetes/common/cert-wrapper/values.yaml @@ -0,0 +1,17 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +certInitializer: + nameOverride: cert-initializer + createCertsCM: true diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml index 1250c1225e..800364f1a2 100644 --- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml +++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2020 Samsung Electronics +# Copyright © 2020 Bell Canada, Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -96,13 +96,73 @@ value: "{{ $initRoot.public_fqdn | default "" }}" {{- end -}} +{{/* + This init container will import custom .pem certificates to truststoreONAPall.jks + Custom certificates must be placed in common/certInitializer/resources directory. + + The feature is enabled by setting Values.global.importCustomCertsEnabled = true + It can be used independently of aafEnabled, however it requires the same includes + as describe above for _initContainer. + + When AAF is enabled the truststoreONAPAll.jks (which contains AAF CA) will be used + to import custom certificates, otherwise the default java keystore will be used. + + The updated truststore file will be placed in /updatedTruststore and can be mounted per component + to a specific path by defining Values.certInitializer.truststoreMountpath (see _trustStoreVolumeMount) + The truststore file will be available to mount even if no custom certificates were imported. +*/}} +{{- define "common.certInitializer._initImportCustomCertsContainer" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.certInitializer .initRoot -}} +{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} +- name: {{ include "common.name" $dot }}-import-custom-certs + image: {{ $subchartDot.Values.global.jreImage }} + imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }} + securityContext: + runAsUser: 0 + command: + - /bin/bash + - -c + - /root/import-custom-certs.sh + env: + - name: AAF_ENABLED + value: "{{ $subchartDot.Values.global.aafEnabled }}" + - name: TRUSTSTORE_OUTPUT_FILENAME + value: "{{ $initRoot.truststoreOutputFileName }}" + - name: TRUSTSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "truststore-creds" "key" "password") | indent 6 }} + volumeMounts: + - mountPath: /certs + name: aaf-agent-certs + - mountPath: /root/import-custom-certs.sh + name: aaf-agent-certs + subPath: import-custom-certs.sh + - mountPath: /updatedTruststore + name: updated-truststore +{{- end -}} + {{- define "common.certInitializer._volumeMount" -}} {{- $dot := default . .dot -}} {{- $initRoot := default $dot.Values.certInitializer .initRoot -}} -- mountPath: {{ $initRoot.mountPath }} +- mountPath: {{ $initRoot.appMountPath }} name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }} {{- end -}} +{{/* + This is used together with _initImportCustomCertsContainer + It mounts the updated truststore (with imported custom certificates) to the + truststoreMountpath defined in the values file for the component. +*/}} +{{- define "common.certInitializer._trustStoreVolumeMount" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.certInitializer .initRoot -}} +{{- if gt (len $initRoot.truststoreMountpath) 0 }} +- mountPath: {{ $initRoot.truststoreMountpath }}/{{ $initRoot.truststoreOutputFileName }} + name: updated-truststore + subPath: {{ $initRoot.truststoreOutputFileName }} +{{- end -}} +{{- end -}} + {{- define "common.certInitializer._volumes" -}} {{- $dot := default . .dot -}} {{- $initRoot := default $dot.Values.certInitializer .initRoot -}} @@ -112,7 +172,7 @@ medium: Memory - name: aaf-agent-certs configMap: - name: {{ include "common.fullname" $subchartDot }}-certs + name: {{ tpl $subchartDot.Values.certsCMName $subchartDot }} defaultMode: 0700 {{- if $initRoot.aaf_add_config }} @@ -121,10 +181,17 @@ name: {{ include "common.fullname" $subchartDot }}-add-config defaultMode: 0700 {{- end -}} +{{- if $dot.Values.global.importCustomCertsEnabled }} +- name: updated-truststore + emptyDir: {} +{{- end -}} {{- end -}} {{- define "common.certInitializer.initContainer" -}} {{- $dot := default . .dot -}} + {{- if $dot.Values.global.importCustomCertsEnabled }} + {{ include "common.certInitializer._initImportCustomCertsContainer" . }} + {{- end -}} {{- if $dot.Values.global.aafEnabled }} {{ include "common.certInitializer._initContainer" . }} {{- end -}} @@ -135,11 +202,14 @@ {{- if $dot.Values.global.aafEnabled }} {{- include "common.certInitializer._volumeMount" . }} {{- end -}} + {{- if $dot.Values.global.importCustomCertsEnabled }} + {{- include "common.certInitializer._trustStoreVolumeMount" . }} + {{- end -}} {{- end -}} {{- define "common.certInitializer.volumes" -}} {{- $dot := default . .dot -}} - {{- if $dot.Values.global.aafEnabled }} + {{- if or ($dot.Values.global.aafEnabled ) ($dot.Values.global.importCustomCertsEnabled) }} {{- include "common.certInitializer._volumes" . }} {{- end -}} {{- end -}} diff --git a/kubernetes/common/certInitializer/templates/configmap.yaml b/kubernetes/common/certInitializer/templates/configmap.yaml index a89a33152b..7eae899cc1 100644 --- a/kubernetes/common/certInitializer/templates/configmap.yaml +++ b/kubernetes/common/certInitializer/templates/configmap.yaml @@ -21,12 +21,5 @@ kind: ConfigMap metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} data: aaf-add-config.sh: | - {{ tpl .Values.aaf_add_config . | indent 4 }} + {{ tpl .Values.aaf_add_config . | indent 4 | trim }} {{- end }} ---- -apiVersion: v1 -kind: ConfigMap -{{- $suffix := "certs" }} -metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . ) | nindent 2 }} -data: -{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml index 416282f72a..66251fa29a 100644 --- a/kubernetes/common/certInitializer/values.yaml +++ b/kubernetes/common/certInitializer/values.yaml @@ -1,4 +1,4 @@ -# Copyright © 2020 Samsung Electronics +# Copyright © 2020 Bell Canada, Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ global: repository: nexus3.onap.org:10001 aafAgentImage: onap/aaf/aaf_agent:2.1.20 aafEnabled: true + jreImage: registry.gitlab.com/onap-integration/docker/onap-java pullPolicy: Always @@ -26,6 +27,11 @@ secrets: login: '{{ .Values.aafDeployFqi }}' password: '{{ .Values.aafDeployPass }}' passwordPolicy: required + - uid: truststore-creds + type: password + externalSecret: '{{ tpl (default "" .Values.truststoreCredsExternalSecret) . }}' + password: '{{ .Values.truststorePassword }}' + passwordPolicy: required readinessCheck: wait_for: @@ -45,3 +51,14 @@ cadi_latitude: "38.0" cadi_longitude: "-72.0" aaf_add_config: "" mountPath: "/opt/app/osaaf" +appMountPath: "/opt/app/osaaf" +importCustomCertsEnabled: false +truststoreMountpath: "" +truststoreOutputFileName: truststore.jks +truststorePassword: changeit + +# This introduces implicit dependency on cert-wrapper +# if you are using cert initializer cert-wrapper has to be also deployed. +# We had to move this CM to a separate chart to reduce the total size of our charts +# as it exceeds the default helm limits. +certsCMName: '{{ include "common.release" . }}-cert-wrapper-certs' diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml index cf866571c7..f6feee6e06 100644 --- a/kubernetes/common/cmpv2Config/values.yaml +++ b/kubernetes/common/cmpv2Config/values.yaml @@ -12,9 +12,10 @@ # See the License for the specific language governing permissions and # limitations under the License. global: - aaf: + platform: certServiceClient: - image: onap/org.onap.aaf.certservice.aaf-certservice-client:1.2.0 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0 + secretName: oom-cert-service-client-tls-secret envVariables: # Certificate related cmpv2Organization: "Linux-Foundation" @@ -23,7 +24,10 @@ global: cmpv2State: "California" cmpv2Country: "US" # Client configuration related - requestURL: "https://aaf-cert-service:8443/v1/certificate/" + requestURL: "https://oom-cert-service:8443/v1/certificate/" requestTimeout: "30000" keystorePassword: "secret" truststorePassword: "secret" + certPostProcessor: + image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.1.0 + diff --git a/kubernetes/common/common/documentation.rst b/kubernetes/common/common/documentation.rst index d982ab09c6..fd416c0cc8 100644 --- a/kubernetes/common/common/documentation.rst +++ b/kubernetes/common/common/documentation.rst @@ -77,8 +77,6 @@ only give an overview. +----------------------------------------------------+-----------------------+ | `common.repository` | `_repository.tpl` | +----------------------------------------------------+-----------------------+ - | `common.repository.secret` | `_repository.tpl` | - +----------------------------------------------------+-----------------------+ | `common.flavor` | `_resources.tpl` | +----------------------------------------------------+-----------------------+ | `common.resources` | `_resources.tpl` | @@ -289,7 +287,7 @@ taken on mariadb-galera): ... containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} ... Namespace diff --git a/kubernetes/common/common/templates/_aafconfig.tpl b/kubernetes/common/common/templates/_aafconfig.tpl index e90f8aea5d..b1021ab9d7 100644 --- a/kubernetes/common/common/templates/_aafconfig.tpl +++ b/kubernetes/common/common/templates/_aafconfig.tpl @@ -59,10 +59,10 @@ {{- $aafRoot := default $dot.Values.aafConfig .aafRoot -}} {{- if $dot.Values.global.aafEnabled -}} - name: {{ include "common.name" $dot }}-aaf-readiness - image: "{{ $dot.Values.global.readinessRepository }}/{{ $dot.Values.global.readinessImage }}" + image: "{{ include "common.repository" $dot }}/{{ $dot.Values.global.readinessImage }}" imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - aaf-locate @@ -117,9 +117,9 @@ - name: aaf_locator_app_ns value: "{{ $aafRoot.app_ns }}" - name: DEPLOY_FQI - {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "login") | indent 6 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "login") | indent 6 }} - name: DEPLOY_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "password") | indent 6 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "password") | indent 6 }} #Note: want to put this on Nodes, eventually - name: cadi_longitude value: "{{ default "52.3" $aafRoot.cadi_longitude }}" diff --git a/kubernetes/common/common/templates/_createPassword.tpl b/kubernetes/common/common/templates/_createPassword.tpl index 8b2f1e274d..bfd0999e16 100644 --- a/kubernetes/common/common/templates/_createPassword.tpl +++ b/kubernetes/common/common/templates/_createPassword.tpl @@ -32,11 +32,26 @@ {{ else if eq "testRelease" (include "common.release" .) }} {{/* Special case for chart liniting. DON"T NAME YOUR PRODUCTION RELEASE testRelease */}} {{- printf "testRelease" -}} + {{ else if eq "test-release" .Release.Name }} + {{/* Special case for chart linting in helm3. DON"T NAME YOUR PRODUCTION RELEASE test-release */}} + {{- printf "testRelease" -}} {{ else }} {{ fail "masterPassword not provided" }} {{ end }} {{- end -}} +{{- define "common._defaultPasswordStrength" -}} + {{ if .Values.passwordStrengthOverride }} + {{- printf "%s" .Values.passwordStrengthOverride -}} + {{ else if .Values.global.passwordStrength }} + {{- printf "%s" .Values.global.passwordStrength -}} + {{ else if .Values.passwordStrength }} + {{- printf "%s" .Values.passwordStrength -}} + {{ else }} + {{- printf "long" }} + {{ end }} +{{- end -}} + {{/* Generate a new password based on masterPassword. The new password is not random, it is derived from masterPassword, fully qualified chart name and @@ -59,7 +74,8 @@ {{- define "common.createPassword" -}} {{- $dot := default . .dot -}} {{- $uid := default "onap" .uid -}} - {{- $strength := default "long" .strength -}} + {{- $defaultStrength := include "common._defaultPasswordStrength" $dot | trim -}} + {{- $strength := default $defaultStrength .strength -}} {{- $mp := include "common.masterPassword" $dot -}} {{- derivePassword 1 $strength $mp (include "common.fullname" $dot) $uid -}} {{- end -}} diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl index 6b4f0ed36e..e57d4bedaa 100644 --- a/kubernetes/common/common/templates/_ingress.tpl +++ b/kubernetes/common/common/templates/_ingress.tpl @@ -1,19 +1,28 @@ +{{- define "ingress.config.host" -}} +{{- $dot := default . .dot -}} +{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} +{{- $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}} +{{ printf "%s.%s" $baseaddr $burl }} +{{- end -}} + {{- define "ingress.config.port" -}} +{{- $dot := default . .dot -}} {{- if .Values.ingress -}} {{- if .Values.global.ingress -}} {{- if or (not .Values.global.ingress.virtualhost) (not .Values.global.ingress.virtualhost.enabled) -}} - http: paths: {{- range .Values.ingress.service }} - - path: {{ printf "/%s" (required "baseaddr" .baseaddr) }} +{{ $baseaddr := required "baseaddr" .baseaddr }} + - path: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} backend: serviceName: {{ .name }} servicePort: {{ .port }} {{- end -}} {{- else if .Values.ingress.service -}} -{{- $burl := (required "baseurl" .Values.global.ingress.virtualhost.baseurl) -}} {{ range .Values.ingress.service }} - - host: {{ printf "%s.%s" (required "baseaddr" .baseaddr) $burl }} +{{ $baseaddr := required "baseaddr" .baseaddr }} + - host: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} http: paths: - backend: @@ -95,7 +104,18 @@ spec: {{- if .Values.ingress.tls }} tls: {{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} +{{- end -}} +{{- if .Values.ingress.config -}} +{{- if .Values.ingress.config.tls -}} +{{- $dot := default . .dot -}} + tls: + - hosts: + {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }} + - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} + {{- end }} + secretName: {{ required "secret" (tpl (default "" .Values.ingress.config.tls.secret) $dot) }} +{{- end -}} +{{- end -}} {{- end -}} {{- end -}} {{- end -}} diff --git a/kubernetes/common/common/templates/_name.tpl b/kubernetes/common/common/templates/_name.tpl index e918cc1dd8..793fb3e07b 100644 --- a/kubernetes/common/common/templates/_name.tpl +++ b/kubernetes/common/common/templates/_name.tpl @@ -51,6 +51,11 @@ {{- $dot := default . .dot -}} {{- $suffix := default "" .suffix -}} {{- $name := default $dot.Chart.Name $dot.Values.nameOverride -}} + {{/* when linted, the name must be lower cased. When used from a component, + name should be overriden in order to avoid collision so no need to do it */}} + {{- if eq (printf "%s/templates" $name) $dot.Template.BasePath -}} + {{- $name = lower $name -}} + {{- end -}} {{- include "common.fullnameExplicit" (dict "dot" $dot "chartName" $name "suffix" $suffix) }} {{- end -}} diff --git a/kubernetes/common/common/templates/_repository.tpl b/kubernetes/common/common/templates/_repository.tpl index 272db42125..0316ae7050 100644 --- a/kubernetes/common/common/templates/_repository.tpl +++ b/kubernetes/common/common/templates/_repository.tpl @@ -15,6 +15,8 @@ */}} {{/* + /!\ DEPRECATED /!\ + Will be removed when transition to "repositoryGenerator" is finished. Resolve the name of the common image repository. The value for .Values.repository is used by default, unless either override mechanism is used. @@ -29,21 +31,3 @@ {{- default .Values.repository .Values.global.repository -}} {{end}} {{- end -}} - - -{{/* - Resolve the image repository secret token. - The value for .Values.global.repositoryCred is used: - repositoryCred: - user: user - password: password - mail: email (optional) -*/}} -{{- define "common.repository.secret" -}} - {{- $repo := include "common.repository" . }} - {{- $repo := default "nexus3.onap.org:10001" $repo }} - {{- $cred := .Values.global.repositoryCred }} - {{- $mail := default "@" $cred.mail }} - {{- $auth := printf "%s:%s" $cred.user $cred.password | b64enc }} - {{- printf "{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}" $repo $cred.user $cred.password $mail $auth | b64enc -}} -{{- end -}} diff --git a/kubernetes/common/common/templates/_secret.tpl b/kubernetes/common/common/templates/_secret.tpl index 990c476f29..2490debffb 100644 --- a/kubernetes/common/common/templates/_secret.tpl +++ b/kubernetes/common/common/templates/_secret.tpl @@ -137,6 +137,10 @@ type: Opaque {{- $uid := (default "" .uid) }} {{- $name := (default "" .name) }} {{- $fullname := ne (default "" .chartName) "" | ternary (include "common.fullnameExplicit" (dict "dot" $global "chartName" .chartName)) (include "common.fullname" $global) }} + {{- if eq "test-release" $global.Release.Name -}} + {{/* Special case for chart liniting in helm3. DON"T NAME YOUR PRODUCTION RELEASE test-release */}} + {{- $uid = lower $uid -}} + {{- end -}} {{- default (printf "%s-%s" $fullname $uid) $name }} {{- end -}} diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl index 3d745ed819..dddd63491d 100644 --- a/kubernetes/common/common/templates/_service.tpl +++ b/kubernetes/common/common/templates/_service.tpl @@ -94,6 +94,7 @@ annotations: "version": "{{ default "v1" $msb_information.version }}", "url": "{{ default "/" $msb_information.url }}", "protocol": "{{ default "REST" $msb_information.protocol }}", + "enable_ssl": {{ default false $msb_information.enable_ssl }}, "port": "{{ $msb_information.port }}", "visualRange":"{{ default "1" $msb_information.visualRange }}" } diff --git a/kubernetes/common/dgbuilder/requirements.yaml b/kubernetes/common/dgbuilder/requirements.yaml index 4735901dfa..8b7390802f 100644 --- a/kubernetes/common/dgbuilder/requirements.yaml +++ b/kubernetes/common/dgbuilder/requirements.yaml @@ -16,3 +16,9 @@ dependencies: - name: common version: ~6.x-0 repository: 'file://../common' + - name: certInitializer + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: 'file://../repositoryGenerator'
\ No newline at end of file diff --git a/kubernetes/common/dgbuilder/resources/config/customSettings.js b/kubernetes/common/dgbuilder/resources/config/customSettings.js index 42c2e5728b..b6a1a8636a 100644 --- a/kubernetes/common/dgbuilder/resources/config/customSettings.js +++ b/kubernetes/common/dgbuilder/resources/config/customSettings.js @@ -54,6 +54,8 @@ module.exports={ }, "uiHost": "0.0.0.0", "version": "0.9.1", - "performGitPull": "N", - "enableHttps" : true + {{ if .Values.global.aafEnabled }} + "enableHttps" : true, + {{ end }} + "performGitPull": "N" } diff --git a/kubernetes/common/dgbuilder/resources/config/svclogic.properties b/kubernetes/common/dgbuilder/resources/config/svclogic.properties index 28612a270b..01edb4d411 100644 --- a/kubernetes/common/dgbuilder/resources/config/svclogic.properties +++ b/kubernetes/common/dgbuilder/resources/config/svclogic.properties @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} org.onap.ccsdk.sli.dbtype=jdbc org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/{{.Values.config.db.dbName}} diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml index d0e298b7b6..ad3e4cf128 100644 --- a/kubernetes/common/dgbuilder/templates/deployment.yaml +++ b/kubernetes/common/dgbuilder/templates/deployment.yaml @@ -67,11 +67,12 @@ spec: name: config-input - mountPath: /config name: config - image: "{{ .Values.global.envsubstImage }}" + image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config +{{ include "common.certInitializer.initContainer" . | indent 6 }} - command: - - /root/ready.py + - /app/ready.py args: - --container-name - {{ .Values.config.dbPodName }} @@ -81,15 +82,15 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/bin/bash"] - args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && ./start.sh sdnc1.0 && wait"] + args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && {{ if .Values.global.aafEnabled}} cp /opt/app/osaaf/local/node-*.pem certs && {{end}}./start.sh sdnc1.0 && wait"] ports: - containerPort: {{ .Values.service.internalPort }} readinessProbe: @@ -101,6 +102,7 @@ spec: - name: SDNC_CONFIG_DIR value: /opt/onap/sdnc/data/properties volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -127,6 +129,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: +{{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/common/dgbuilder/templates/ingress.yaml b/kubernetes/common/dgbuilder/templates/ingress.yaml index 0cd8cfbd36..4392308e38 100644 --- a/kubernetes/common/dgbuilder/templates/ingress.yaml +++ b/kubernetes/common/dgbuilder/templates/ingress.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,5 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +*/}} {{ include "common.ingress" . }} diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml index a1f637b199..28880646fb 100644 --- a/kubernetes/common/dgbuilder/values.yaml +++ b/kubernetes/common/dgbuilder/values.yaml @@ -20,20 +20,6 @@ global: # with other instances running within the same k8s cluster nodePortPrefix: 302 - # image repositories - repository: nexus3.onap.org:10001 - - # readiness check - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - - # logging agent - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - - # envsusbt - envsubstImage: dibi/envsubst - # image pull policy pullPolicy: Always @@ -83,8 +69,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/ccsdk-dgbuilder-image:0.7.4 +image: onap/ccsdk-dgbuilder-image:1.0.2 pullPolicy: Always # flag to enable debugging - application support required @@ -159,21 +144,45 @@ ingress: config: ssl: "redirect" -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi + # dependency / sub-chart configuration +certInitializer: + nameOverride: dgbuilder-cert-initializer + truststoreMountpath: /opt/onap/ccsdk/dgbuilder/certs + fqdn: "sdnc" + app_ns: "org.osaaf.aaf" + fqi: "sdnc@sdnc.onap.org" + fqi_namespace: org.onap.sdnc + public_fqdn: "dgbuilder.onap.org" + aafDeployFqi: "deployer@people.osaaf.org" + aafDeployPass: demo123456! + cadi_latitude: "38.0" + cadi_longitude: "-72.0" + credsPath: /opt/app/osaaf/local + aaf_add_config: > + cd /opt/app/osaaf/local; + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1 ; + cp {{ .Values.fqi_namespace }}.crt node-cert.pem; + cp {{ .Values.fqi_namespace }}.key node-key.pem; + chmod go+r node-*.pem + +#Resource Limit flavor -By Default using small +flavor: small +#segregation for different envionment (Small and Large) + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 2Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 4Gi + unlimited: {} + diff --git a/kubernetes/common/elasticsearch/.helmignore b/kubernetes/common/elasticsearch/.helmignore new file mode 100644 index 0000000000..68ffb32406 --- /dev/null +++ b/kubernetes/common/elasticsearch/.helmignore @@ -0,0 +1 @@ +components/ diff --git a/kubernetes/common/elasticsearch/Makefile b/kubernetes/common/elasticsearch/Makefile new file mode 100644 index 0000000000..4c79718d02 --- /dev/null +++ b/kubernetes/common/elasticsearch/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/common/elasticsearch/components/Makefile b/kubernetes/common/elasticsearch/components/Makefile new file mode 100644 index 0000000000..f2e7a1fb82 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := soHelpers +HELM_BIN := helm +HELM_CHARTS := soHelpers $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml index 7e73420e13..e1d6cbabbb 100644 --- a/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml +++ b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.enabled }} {{- range $kind, $enabled := .Values.hooks }} {{- if $enabled }} @@ -45,7 +47,7 @@ spec: {{- end }} containers: - name: {{ template "common.fullname" . }}-curator - image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + image: {{printf "%s/%s" (include "repositoryGenerator.repository" .) .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: config-volume diff --git a/kubernetes/common/elasticsearch/components/curator/requirements.yaml b/kubernetes/common/elasticsearch/components/curator/requirements.yaml index e9a5a5f61a..fbdf7b8489 100644 --- a/kubernetes/common/elasticsearch/components/curator/requirements.yaml +++ b/kubernetes/common/elasticsearch/components/curator/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: 'file://../../../common' + - name: repositoryGenerator + version: ~6.x-0 + repository: 'file://../../../repositoryGenerator' diff --git a/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml b/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml index dc2a430922..2af57aae77 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.enabled }} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml index 901c0a5c06..ff63cf00b1 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.enabled }} {{ $role := "curator" -}} {{ $suffix := $role -}} @@ -74,7 +76,7 @@ spec: {{- end }} containers: - name: {{ template "common.fullname" . }}-curator - image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + image: {{printf "%s/%s" (include "repositoryGenerator.repository" .) .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: config-volume diff --git a/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml b/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml index 6fe032d818..628cdd1d73 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if and .Values.enabled .Values.psp.create }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy diff --git a/kubernetes/common/elasticsearch/components/curator/templates/role.yaml b/kubernetes/common/elasticsearch/components/curator/templates/role.yaml index 0d189f448b..f124a44c85 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/role.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/role.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if and .Values.enabled .Values.rbac.enabled }} kind: Role apiVersion: rbac.authorization.k8s.io/v1 diff --git a/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml b/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml index b112468dc3..f10b14231f 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if and .Values.enabled .Values.rbac.enabled }} kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml index 0bd4ae0999..a1732cfedc 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if and .Values.enabled .Values.serviceAccount.create .Values.rbac.enabled }} apiVersion: v1 kind: ServiceAccount diff --git a/kubernetes/common/elasticsearch/components/curator/values.yaml b/kubernetes/common/elasticsearch/components/curator/values.yaml index 5e0d9668d3..62964ff973 100644 --- a/kubernetes/common/elasticsearch/components/curator/values.yaml +++ b/kubernetes/common/elasticsearch/components/curator/values.yaml @@ -22,7 +22,7 @@ global: mountPath: /dockerdata-nfs/backup storageClass: clusterName: cluster.local -repositoryOverride: docker.io + ################################################################# # Application configuration defaults. ################################################################# @@ -31,16 +31,14 @@ repositoryOverride: docker.io ## enabled: false name: curator -image: - imageName: bitnami/elasticsearch-curator - tag: 5.8.1-debian-9-r74 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName +image: bitnami/elasticsearch-curator:5.8.1-debian-9-r74 +pullPolicy: IfNotPresent +## Optionally specify an array of imagePullSecrets. +## Secrets must be manually created in the namespace. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +## +# pullSecrets: +# - myRegistryKeySecretName service: port: 9200 cronjob: diff --git a/kubernetes/common/elasticsearch/components/data/requirements.yaml b/kubernetes/common/elasticsearch/components/data/requirements.yaml index a1f72ffc60..ba64f9630e 100644 --- a/kubernetes/common/elasticsearch/components/data/requirements.yaml +++ b/kubernetes/common/elasticsearch/components/data/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: 'file://../../../common' + - name: repositoryGenerator + version: ~6.x-0 + repository: 'file://../../../repositoryGenerator' diff --git a/kubernetes/common/elasticsearch/components/data/templates/pv.yaml b/kubernetes/common/elasticsearch/components/data/templates/pv.yaml index c713ec81ac..133984c800 100644 --- a/kubernetes/common/elasticsearch/components/data/templates/pv.yaml +++ b/kubernetes/common/elasticsearch/components/data/templates/pv.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}} diff --git a/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml index 2ac3880886..4a8ef08946 100644 --- a/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml +++ b/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount diff --git a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml index 994b458e33..ea805c1813 100644 --- a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml +++ b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,11 +12,12 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet {{ $role := "data" -}} {{ $suffix := $role -}} -{{ $labels := (dict "role" $role "discovery" (include "elasticsearch.clustername" .)) -}} +{{ $labels := (dict "role" $role "discovery" .Values.cluster_name) -}} metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} spec: updateStrategy: @@ -32,7 +34,8 @@ spec: template: metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }} spec: -{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" {{- if .Values.affinity }} affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }} {{- end }} @@ -42,7 +45,6 @@ spec: {{- if .Values.tolerations }} tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }} {{- end }} - serviceAccountName: {{ template "elasticsearch.data.serviceAccountName" . }} {{- if .Values.securityContext.enabled }} securityContext: fsGroup: {{ .Values.securityContext.fsGroup }} @@ -52,7 +54,7 @@ spec: {{- if .Values.sysctlImage.enabled }} ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors) - name: sysctl - image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /bin/sh @@ -67,7 +69,7 @@ spec: {{- end }} {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - name: volume-permissions - image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /bin/sh @@ -85,8 +87,8 @@ spec: {{- end }} {{- end }} containers: - - name: {{ include "common.name" . }}-elasticsearch - image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + - name: {{ include "common.name" . }}-data + image: {{ printf "%s/%s" (include "repositoryGenerator.dockerHubRepository" .) .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} {{- if .Values.securityContext.enabled }} securityContext: @@ -94,9 +96,9 @@ spec: {{- end }} env: - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} + value: {{ ternary "true" "false" .Values.debug | quote }} - name: ELASTICSEARCH_CLUSTER_NAME - value: {{include "elasticsearch.clustername" .}} + value: {{ .Values.cluster_name }} - name: ELASTICSEARCH_CLUSTER_HOSTS value: {{ include "common.name" . }}-discovery {{- if .Values.plugins }} diff --git a/kubernetes/common/elasticsearch/components/data/values.yaml b/kubernetes/common/elasticsearch/components/data/values.yaml index cfb7f51da3..1328a20439 100644 --- a/kubernetes/common/elasticsearch/components/data/values.yaml +++ b/kubernetes/common/elasticsearch/components/data/values.yaml @@ -1,4 +1,5 @@ -# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# Copyright (c) 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# Modification Copyright (c) 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,10 +22,13 @@ global: backup: mountPath: /dockerdata-nfs/backup storageClass: -repositoryOverride: docker.io + ################################################################# # Application configuration defaults. ################################################################# + +cluster_name: onap + ## Init containers parameters: sysctlImage: enabled: true @@ -46,24 +50,22 @@ service: - name: http-transport port: 9300 -image: - imageName: bitnami/elasticsearch - tag: 6.8.6-debian-9-r23 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Set to true if you would like to see extra information on logs - ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging - ## - debug: false +image: bitnami/elasticsearch:7.9.3 +## Specify a imagePullPolicy +## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' +## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images +## +pullPolicy: IfNotPresent +## Optionally specify an array of imagePullSecrets. +## Secrets must be manually created in the namespace. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +## +# pullSecrets: +# - myRegistryKeySecretName +## Set to true if you would like to see extra information on logs +## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging +## +debug: false ## updateStrategy for ElasticSearch Data statefulset diff --git a/kubernetes/common/elasticsearch/components/master/requirements.yaml b/kubernetes/common/elasticsearch/components/master/requirements.yaml index a1f72ffc60..ba64f9630e 100644 --- a/kubernetes/common/elasticsearch/components/master/requirements.yaml +++ b/kubernetes/common/elasticsearch/components/master/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: 'file://../../../common' + - name: repositoryGenerator + version: ~6.x-0 + repository: 'file://../../../repositoryGenerator' diff --git a/kubernetes/common/elasticsearch/components/master/templates/pv.yaml b/kubernetes/common/elasticsearch/components/master/templates/pv.yaml index c713ec81ac..133984c800 100644 --- a/kubernetes/common/elasticsearch/components/master/templates/pv.yaml +++ b/kubernetes/common/elasticsearch/components/master/templates/pv.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}} diff --git a/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml index 05a3af37f2..323b9fc318 100644 --- a/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml +++ b/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.serviceAccount.create }} diff --git a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml index dfa3ccbacc..a35b4bf741 100644 --- a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml +++ b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,12 +12,13 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet {{ $role := "master" -}} {{ $suffix := $role -}} -{{ $labels := (dict "role" $role "discovery" (include "elasticsearch.clustername" .)) -}} +{{ $labels := (dict "role" $role "discovery" .Values.cluster_name) -}} metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} spec: updateStrategy: @@ -30,7 +32,8 @@ spec: template: metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }} spec: -{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" {{- if .Values.affinity }} affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }} {{- end }} @@ -40,7 +43,6 @@ spec: {{- if .Values.tolerations }} tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }} {{- end }} - serviceAccountName: {{ template "elasticsearch.serviceAccountName" . }} {{- if .Values.securityContext.enabled }} securityContext: fsGroup: {{ .Values.securityContext.fsGroup }} @@ -50,7 +52,7 @@ spec: {{- if .Values.sysctlImage.enabled }} ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors) - name: sysctl - image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /bin/sh @@ -65,7 +67,7 @@ spec: {{- end }} {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - name: volume-permissions - image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /bin/sh @@ -83,8 +85,8 @@ spec: {{- end }} {{- end }} containers: - - name: {{ include "common.name" . }}-elasticsearch - image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + - name: {{ include "common.name" . }}-master + image: {{ printf "%s/%s" (include "repositoryGenerator.dockerHubRepository" .) .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} {{- if .Values.securityContext.enabled }} securityContext: @@ -92,9 +94,9 @@ spec: {{- end }} env: - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} + value: {{ ternary "true" "false" .Values.debug | quote }} - name: ELASTICSEARCH_CLUSTER_NAME - value: {{ include "elasticsearch.clustername" . }} + value: {{ .Values.cluster_name }} - name: ELASTICSEARCH_CLUSTER_HOSTS value: {{ include "common.name" . }}-discovery - name: ELASTICSEARCH_CLUSTER_MASTER_HOSTS diff --git a/kubernetes/common/elasticsearch/components/master/templates/svc.yaml b/kubernetes/common/elasticsearch/components/master/templates/svc.yaml index 8d66ef082e..ca94e242a4 100644 --- a/kubernetes/common/elasticsearch/components/master/templates/svc.yaml +++ b/kubernetes/common/elasticsearch/components/master/templates/svc.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,9 +12,10 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ $role := "master" -}} {{ $labels := (dict "role" $role) -}} {{ $matchLabels := (dict "role" $role) }} -{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }}
\ No newline at end of file +{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }} diff --git a/kubernetes/common/elasticsearch/components/master/values.yaml b/kubernetes/common/elasticsearch/components/master/values.yaml index 2862692eef..33804494e9 100644 --- a/kubernetes/common/elasticsearch/components/master/values.yaml +++ b/kubernetes/common/elasticsearch/components/master/values.yaml @@ -1,4 +1,5 @@ -# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# Copyright (c) 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# Modification Copyright (c) 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,7 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. - ################################################################# # Global configuration defaults. ################################################################# @@ -22,10 +22,13 @@ global: backup: mountPath: /dockerdata-nfs/backup storageClass: -repositoryOverride: docker.io + ################################################################# # Application configuration defaults. ################################################################# + +cluster_name: onap + ## Init containers parameters: sysctlImage: enabled: true @@ -41,26 +44,24 @@ name: master ## replicaCount: 3 ## master acts as master only node, choose 'no' if no further data nodes are deployed) -dedicatednode: "yes" +dedicatednode: 'yes' ## dedicatednode: "no" -image: - imageName: bitnami/elasticsearch - tag: 6.8.6-debian-9-r23 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Set to true if you would like to see extra information on logs - ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging - ## - debug: false +image: bitnami/elasticsearch:7.9.3 +## Specify a imagePullPolicy +## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' +## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images +## +pullPolicy: IfNotPresent +## Optionally specify an array of imagePullSecrets. +## Secrets must be manually created in the namespace. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +## +# pullSecrets: +# - myRegistryKeySecretName +## Set to true if you would like to see extra information on logs +## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging +## +debug: false ## String to partially override common.fullname template (will maintain the release name) ## @@ -104,12 +105,14 @@ resources: ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. - limits: {} + limits: + cpu: 250m + memory: 1536Mi # cpu: 100m # memory: 128Mi requests: - cpu: 25m - memory: 256Mi + cpu: 5m + memory: 310Mi ## Elasticsearch master-eligible container's liveness and readiness probes ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## @@ -162,13 +165,13 @@ persistence: ## Service parameters for master-eligible node(s) ## service: - suffix: "service" - name: "" + suffix: 'service' + name: '' ## list of ports for "common.containerPorts" ## Elasticsearch transport port ports: - - name: http-transport - port: 9300 + - name: http-transport + port: 9300 ## master-eligible service type ## type: ClusterIP @@ -194,10 +197,6 @@ serviceAccount: ## If not set and create is true, a name is generated using the fullname template # name: - ## Elasticsearch cluster name ## clusterName: elastic-cluster - - - diff --git a/kubernetes/common/elasticsearch/requirements.yaml b/kubernetes/common/elasticsearch/requirements.yaml index 5900f412a1..4b7e88f51e 100644 --- a/kubernetes/common/elasticsearch/requirements.yaml +++ b/kubernetes/common/elasticsearch/requirements.yaml @@ -30,3 +30,6 @@ dependencies: - name: certInitializer version: ~6.x-0 repository: 'file://../certInitializer' + - name: repositoryGenerator + version: ~6.x-0 + repository: 'file://../repositoryGenerator' diff --git a/kubernetes/common/elasticsearch/templates/_helpers.tpl b/kubernetes/common/elasticsearch/templates/_helpers.tpl index fdbe82f855..1de2599af9 100644 --- a/kubernetes/common/elasticsearch/templates/_helpers.tpl +++ b/kubernetes/common/elasticsearch/templates/_helpers.tpl @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. @@ -69,35 +71,3 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- end -}} -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "elasticsearch.imagePullSecrets" -}} -{{- if .Values.global }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -{{- else }} -{{- $imagePullSecrets := coalesce .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.curator.image.pullSecrets .Values.sysctlImage.pullSecrets .Values.volumePermissions.image.pullSecrets -}} -{{- if $imagePullSecrets }} -imagePullSecrets: -{{- range $imagePullSecrets }} - - name: {{ . }} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "elasticsearch.curator.serviceAccountName" -}} -{{- if .Values.curator.serviceAccount.create -}} - {{ default (include "common.fullname" (dict "suffix" "currator" "dot" .)) .Values.curator.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.curator.serviceAccount.name }} -{{- end -}} -{{- end -}} diff --git a/kubernetes/common/elasticsearch/templates/configmap-es.yaml b/kubernetes/common/elasticsearch/templates/configmap-es.yaml index 38234da0cf..7138e4e094 100644 --- a/kubernetes/common/elasticsearch/templates/configmap-es.yaml +++ b/kubernetes/common/elasticsearch/templates/configmap-es.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.config }} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml index 1ab5b59855..22de4dbf37 100644 --- a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml +++ b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment {{ $role := "coordinating-only" -}} @@ -28,7 +30,8 @@ spec: template: metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }} spec: -{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" {{- if .Values.affinity }} affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }} {{- end }} @@ -48,7 +51,7 @@ spec: initContainers: {{- if .Values.sysctlImage.enabled }} - name: sysctl - image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /bin/sh @@ -65,7 +68,7 @@ spec: containers: - name: {{ include "common.name" . }}-nginx - image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.nginx.imageName .Values.nginx.tag }} + image: {{ include "repositoryGenerator.image.nginx" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.nginx.pullPolicy | quote }} ports: {{- include "common.containerPorts" . | indent 12 -}} {{- if .Values.nginx.livenessProbe }} @@ -85,7 +88,7 @@ spec: {{- include "common.certInitializer.volumeMount" . | nindent 10 }} - name: {{ include "common.name" . }}-elasticsearch - image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} {{- if .Values.securityContext.enabled }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} securityContext: @@ -93,7 +96,7 @@ spec: {{- end }} env: - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} + value: {{ ternary "true" "false" .Values.debug | quote }} - name: ELASTICSEARCH_CLUSTER_NAME value: {{ include "elasticsearch.clustername" .}} - name: ELASTICSEARCH_CLUSTER_HOSTS diff --git a/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml b/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml index 610c7d68c1..d7fd447846 100644 --- a/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml +++ b/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ $role := "coordinating-only" -}} {{ $labels := (dict "role" $role) -}} diff --git a/kubernetes/common/elasticsearch/templates/discovery-svc.yaml b/kubernetes/common/elasticsearch/templates/discovery-svc.yaml index fa79c29eca..9750be7b80 100644 --- a/kubernetes/common/elasticsearch/templates/discovery-svc.yaml +++ b/kubernetes/common/elasticsearch/templates/discovery-svc.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- $matchLabels := (dict "discovery" (include "elasticsearch.clustername" .) "nameNoMatch" "useDiscoveryService") }} {{ include "common.headlessService" (dict "matchLabels" $matchLabels "dot" .) }} diff --git a/kubernetes/common/elasticsearch/templates/secrets.yaml b/kubernetes/common/elasticsearch/templates/secrets.yaml index 359e8975e1..b8cd0686c4 100644 --- a/kubernetes/common/elasticsearch/templates/secrets.yaml +++ b/kubernetes/common/elasticsearch/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada # Copyright © 2019 Samsung Electronics # @@ -12,4 +13,5 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/common/elasticsearch/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/templates/serviceaccount.yaml index 49ad504da6..a9b54882f1 100644 --- a/kubernetes/common/elasticsearch/templates/serviceaccount.yaml +++ b/kubernetes/common/elasticsearch/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount diff --git a/kubernetes/common/elasticsearch/values.yaml b/kubernetes/common/elasticsearch/values.yaml index b1289431a5..b91ac76056 100644 --- a/kubernetes/common/elasticsearch/values.yaml +++ b/kubernetes/common/elasticsearch/values.yaml @@ -1,4 +1,5 @@ -# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# Copyright (c) 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# Modification Copyright (c) 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,12 +19,6 @@ global: aafEnabled: true nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - busyboxRepository: registry.hub.docker.com - busyboxImage: library/busybox:latest clusterName: cluster.local persistence: @@ -31,7 +26,6 @@ persistence: backup: mountPath: /dockerdata-nfs/backup storageClass: -repositoryOverride: docker.io ################################################################# # Application configuration defaults. @@ -41,24 +35,22 @@ sysctlImage: enabled: true # application image -image: - imageName: bitnami/elasticsearch - tag: 6.8.6-debian-9-r23 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Set to true if you would like to see extra information on logs - ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging - ## - debug: false +image: bitnami/elasticsearch:7.9.3 +## Specify a imagePullPolicy +## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' +## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images +## +pullPolicy: IfNotPresent +## Optionally specify an array of imagePullSecrets. +## Secrets must be manually created in the namespace. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +## +# pullSecrets: +# - myRegistryKeySecretName +## Set to true if you would like to see extra information on logs +## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging +## +debug: false ## String to partially override common.fullname template (will maintain the release name) ## @@ -136,13 +128,8 @@ serviceAccount: ## # name: -## Bitnami Minideb image version -## ref: https://hub.docker.com/r/bitnami/minideb/tags/ -## sysctlImage: enabled: true - imageName: bitnami/minideb - tag: stretch ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -157,8 +144,6 @@ sysctlImage: # nginx image nginx: - imageName: bitnami/nginx - tag: 1.16-debian-9 pullPolicy: IfNotPresent service: name: nginx @@ -320,7 +305,9 @@ master: # dedicatednode: "no" # handles master and data node functionality dedicatednode: "no" + cluster_name: elasticsearch data: enabled: false + cluster_name: elasticsearch curator: enabled: false diff --git a/kubernetes/common/etcd/requirements.yaml b/kubernetes/common/etcd/requirements.yaml index e90e615d73..733bc449cb 100644 --- a/kubernetes/common/etcd/requirements.yaml +++ b/kubernetes/common/etcd/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: 'file://../common' + - name: repositoryGenerator + version: ~6.x-0 + repository: 'file://../repositoryGenerator' diff --git a/kubernetes/common/etcd/templates/pv.yaml b/kubernetes/common/etcd/templates/pv.yaml index ed1344d4c1..ac5b7b975d 100644 --- a/kubernetes/common/etcd/templates/pv.yaml +++ b/kubernetes/common/etcd/templates/pv.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- $global := . }} {{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} diff --git a/kubernetes/common/etcd/templates/service.yaml b/kubernetes/common/etcd/templates/service.yaml index 4268dd6d2c..04fc93af00 100644 --- a/kubernetes/common/etcd/templates/service.yaml +++ b/kubernetes/common/etcd/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright 2019 Intel Corporation Inc # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml index fcab51cb59..f5592bd252 100644 --- a/kubernetes/common/etcd/templates/statefulset.yaml +++ b/kubernetes/common/etcd/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Intel Corporation Inc # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet metadata: @@ -48,7 +50,7 @@ spec: {{- end }} containers: - name: {{ include "common.fullname" . }} - image: "{{ .Values.repository }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.googleK8sRepository" . }}/{{ .Values.image }} imagePullPolicy: "{{ .Values.pullPolicy }}" ports: - containerPort: {{ .Values.service.peerInternalPort }} diff --git a/kubernetes/common/etcd/values.yaml b/kubernetes/common/etcd/values.yaml index d994f87ea4..3cfd4535f1 100644 --- a/kubernetes/common/etcd/values.yaml +++ b/kubernetes/common/etcd/values.yaml @@ -24,8 +24,7 @@ global: ################################################################# #repository: etcd -repository: "k8s.gcr.io" -image: "etcd-amd64:3.2.24" +image: etcd-amd64:3.2.24 pullPolicy: Always # default number of instances in the StatefulSet diff --git a/kubernetes/policy/charts/brmsgw/Chart.yaml b/kubernetes/common/logConfiguration/Chart.yaml index b09939d64c..1d13dcbd56 100644 --- a/kubernetes/policy/charts/brmsgw/Chart.yaml +++ b/kubernetes/common/logConfiguration/Chart.yaml @@ -1,5 +1,4 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,6 +13,6 @@ # limitations under the License. apiVersion: v1 -description: ONAP Policy BRMS GW -name: brmsgw +description: Template used to create same STDOUT log configuration +name: logConfiguration version: 6.0.0 diff --git a/kubernetes/cds/charts/cds-blueprints-processor/requirements.yaml b/kubernetes/common/logConfiguration/requirements.yaml index 72e8b3cd4a..237f1d1354 100755..100644 --- a/kubernetes/cds/charts/cds-blueprints-processor/requirements.yaml +++ b/kubernetes/common/logConfiguration/requirements.yaml @@ -1,4 +1,4 @@ -# Copyright (c) 2019 IBM, Bell Canada +# Copyright © 2018 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,4 +15,4 @@ dependencies: - name: common version: ~6.x-0 - repository: '@local'
\ No newline at end of file + repository: 'file://../common' diff --git a/kubernetes/common/logConfiguration/templates/_log.tpl b/kubernetes/common/logConfiguration/templates/_log.tpl new file mode 100644 index 0000000000..bf19f210e4 --- /dev/null +++ b/kubernetes/common/logConfiguration/templates/_log.tpl @@ -0,0 +1,41 @@ +{{/* +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* + Resolve the level of the logs. + The value for .Values.logLevel is used by default, + unless either override mechanism is used. + + - .Values.global.logLevel : override default log level for all components + - .Values.logLevelOverride : override global and default log level on a per + component basis + + The function can takes below arguments (inside a dictionary): + - .dot : environment (.) + - .initRoot : the root dictionary of logConfiguration submodule + (default to .Values.logConfiguration) +*/}} +{{- define "common.log.level" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.logConfiguration .initRoot -}} +{{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}} +{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} + {{- if $subchartDot.Values.logLevelOverride }} + {{- printf "%s" $subchartDot.Values.logLevelOverride -}} + {{- else }} + {{- default $subchartDot.Values.logLevel $subchartDot.Values.global.logLevel -}} + {{- end }} +{{- end -}} diff --git a/kubernetes/common/logConfiguration/values.yaml b/kubernetes/common/logConfiguration/values.yaml new file mode 100644 index 0000000000..7ebb0ff84e --- /dev/null +++ b/kubernetes/common/logConfiguration/values.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +logLevel: INFO diff --git a/kubernetes/common/mariadb-galera/requirements.yaml b/kubernetes/common/mariadb-galera/requirements.yaml index 4fbecbfab2..2509f7fcff 100644 --- a/kubernetes/common/mariadb-galera/requirements.yaml +++ b/kubernetes/common/mariadb-galera/requirements.yaml @@ -15,4 +15,7 @@ dependencies: - name: common version: ~6.x-0 - repository: 'file://../common'
\ No newline at end of file + repository: 'file://../common' + - name: repositoryGenerator + version: ~6.x-0 + repository: 'file://../repositoryGenerator'
\ No newline at end of file diff --git a/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh index 42c5c89726..b354efe86c 100755 --- a/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh +++ b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh @@ -1,8 +1,10 @@ #!/bin/bash +{{/* # # Adfinis SyGroup AG # openshift-mariadb-galera: mysql setup script # +*/}} set -eox pipefail @@ -32,8 +34,9 @@ if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql fi -function prepare_password { - echo -n $1 | sed -e "s/'/''/g" +prepare_password() +{ + echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g" } mysql_root_password=`prepare_password $MYSQL_ROOT_PASSWORD` diff --git a/kubernetes/common/mariadb-galera/resources/create-deployment.yml b/kubernetes/common/mariadb-galera/resources/create-deployment.yml index d81d640b0d..0f6bb5929e 100644 --- a/kubernetes/common/mariadb-galera/resources/create-deployment.yml +++ b/kubernetes/common/mariadb-galera/resources/create-deployment.yml @@ -13,7 +13,7 @@ spec: spec: containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} ports: - containerPort: {{ .Values.service.internalPort }} name: {{ .Values.service.portName }} diff --git a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml index 29d96748a3..1c780179be 100644 --- a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml +++ b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml @@ -35,7 +35,7 @@ spec: restartPolicy: Never initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - {{ include "common.name" . }} @@ -45,11 +45,11 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - name: mariadb-galera-backup-init - image: "{{ include "common.repository" . }}/{{ .Values.backupImage }}" + image: {{ include "repositoryGenerator.image.mariadb" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /bin/bash @@ -90,9 +90,11 @@ spec: volumeMounts: - name: backup-dir mountPath: /backup + - name: db-data + mountPath: /var/lib/mysql containers: - name: mariadb-backup-validate - image: "{{ include "common.repository" . }}/{{ .Values.backupImage }}" + image: {{ include "repositoryGenerator.image.mariadb" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: MYSQL_ROOT_PASSWORD @@ -164,4 +166,7 @@ spec: - name: backup-dir persistentVolumeClaim: claimName: {{ include "common.fullname" . }}-backup-data + - name: db-data + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-data-{{ include "common.fullname" . }}-{{ sub .Values.replicaCount 1 }} {{- end }} diff --git a/kubernetes/common/mariadb-galera/templates/job.yaml b/kubernetes/common/mariadb-galera/templates/job.yaml index db56f3e046..250279ace2 100644 --- a/kubernetes/common/mariadb-galera/templates/job.yaml +++ b/kubernetes/common/mariadb-galera/templates/job.yaml @@ -14,7 +14,7 @@ spec: runAsUser: 1001 containers: - name: mariadb-job-pre-upgrade - image: {{ .Values.global.kubectlImage}} + image: {{ include "repositoryGenerator.image.kubectl" . }} imagePullPolicy: IfNotPresent env: - name: NAMESPACE_ENV @@ -49,7 +49,7 @@ spec: fsGroup: 1001 runAsUser: 0 initContainers: - - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + - image: {{ include "repositoryGenerator.image.readiness" . }} name: mariadb-galera-upgrade-readiness env: - name: NAMESPACE @@ -58,13 +58,13 @@ spec: apiVersion: v1 fieldPath: metadata.namespace command: - - /root/ready.py + - /app/ready.py args: - --container-name - mariadb-galera containers: - name: mariadb-job-post-upgrade - image: {{ .Values.global.kubectlImage}} + image: {{ include "repositoryGenerator.image.kubectl" . }} imagePullPolicy: IfNotPresent env: - name: NAMESPACE_ENV @@ -99,7 +99,7 @@ spec: spec: containers: - name: mariadb-job-post-delete - image: {{ .Values.global.kubectlImage}} + image: {{ include "repositoryGenerator.image.kubectl" . }} imagePullPolicy: IfNotPresent command: ["/bin/bash", "-c", "--"] args: diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml index 47d1e0ef3d..eb21fe3182 100644 --- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml +++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml @@ -61,7 +61,7 @@ spec: - name: {{ include "common.namespace" . }}-docker-registry-key containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy | quote}} env: - name: POD_NAMESPACE @@ -119,7 +119,7 @@ spec: name: {{ include "common.fullname" . }}-data initContainers: - name: {{ include "common.name" . }}-prepare - image: "{{ include "common.repository" . }}/{{ .Values.imageInit }}" + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy | quote}} command: ["sh", "-c", "chown -R 27:27 /var/lib/mysql"] volumeMounts: diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index 4ccb0e5c6e..6b1676fba7 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -38,24 +38,12 @@ global: backup: mountPath: /dockerdata-nfs/backup - repository: nexus3.onap.org:10001 - - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - busyboxImage: busybox:1.30 - busyboxRepository: docker.io - # kubeclt image - kubectlImage: "bitnami/kubectl:1.15" - ################################################################# # Application configuration defaults. ################################################################# #repository: mysql -repository: nexus3.onap.org:10001 image: adfinissygroup/k8s-mariadb-galera-centos:v002 -backupImage: library/mariadb:10.1.38 -imageInit: busybox pullPolicy: IfNotPresent # application configuration @@ -132,10 +120,10 @@ ingress: ## Configure MariaDB-Galera with a custom my.cnf file ## ref: https://mariadb.com/kb/en/mariadb/configuring-mariadb-with-mycnf/#example-of-configuration-file ## -externalConfig: "" -# externalConfig: |- - # [mysqld] - # innodb_buffer_pool_size=2G +#externalConfig: "" +externalConfig: |- + [mysqld] + lower_case_table_names = 1 #resources: {} # We usually recommend not to specify default resources and to leave this as a conscious @@ -151,11 +139,11 @@ externalConfig: "" resources: small: limits: - cpu: 2 - memory: 4Gi + cpu: 500m + memory: 1.5Gi requests: - cpu: 1 - memory: 2Gi + cpu: 100m + memory: 750Mi large: limits: cpu: 2 diff --git a/kubernetes/common/mariadb-init/requirements.yaml b/kubernetes/common/mariadb-init/requirements.yaml index 4fbecbfab2..2509f7fcff 100644 --- a/kubernetes/common/mariadb-init/requirements.yaml +++ b/kubernetes/common/mariadb-init/requirements.yaml @@ -15,4 +15,7 @@ dependencies: - name: common version: ~6.x-0 - repository: 'file://../common'
\ No newline at end of file + repository: 'file://../common' + - name: repositoryGenerator + version: ~6.x-0 + repository: 'file://../repositoryGenerator'
\ No newline at end of file diff --git a/kubernetes/common/mariadb-init/resources/config/db_init.sh b/kubernetes/common/mariadb-init/resources/config/db_init.sh index 40254d469b..fa4b007a5a 100755 --- a/kubernetes/common/mariadb-init/resources/config/db_init.sh +++ b/kubernetes/common/mariadb-init/resources/config/db_init.sh @@ -1,4 +1,5 @@ #!/bin/bash +{{/* # Copyright © 2019 Orange # Copyright © 2020 Samsung Electronics # @@ -13,6 +14,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} # make sure the script fails if any of commands failed set -e diff --git a/kubernetes/common/mariadb-init/templates/_mariadb.tpl b/kubernetes/common/mariadb-init/templates/_mariadb.tpl index af9a4f5f02..5563fe714d 100644 --- a/kubernetes/common/mariadb-init/templates/_mariadb.tpl +++ b/kubernetes/common/mariadb-init/templates/_mariadb.tpl @@ -1,5 +1,6 @@ {{/* # Copyright © 2019 Orange +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,3 +21,15 @@ {{- define "mariadbInit.mariadbClusterSecret" -}} {{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride)) -}} {{- end -}} + +{{- define "mariadbInit._updateSecrets" -}} + {{- if not .Values.secretsUpdated }} + {{- $global := . }} + {{- range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }} + {{- $item := dict "uid" $db "type" "basicAuth" "externalSecret" (default "" $dbInfos.externalSecret) "login" (default "" $dbInfos.user) "password" (default "" $dbInfos.password) "passwordPolicy" "required" }} + {{- $newList := append $global.Values.secrets $item }} + {{- $_ := set $global.Values "secrets" $newList }} + {{- end -}} + {{ $_ := set $global.Values "secretsUpdated" true }} + {{- end -}} +{{- end -}} diff --git a/kubernetes/common/mariadb-init/templates/configmap.yaml b/kubernetes/common/mariadb-init/templates/configmap.yaml index 0144ec1907..6708efdb60 100644 --- a/kubernetes/common/mariadb-init/templates/configmap.yaml +++ b/kubernetes/common/mariadb-init/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Orange # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap @@ -25,3 +27,19 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +--- +{{ if .Values.dbScript }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-dbscript + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: + db_cmd.sh: | + {{ tpl .Values.dbScript . | indent 4 }} +{{- end }} diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml index 5202d572a2..ad97cd4ed6 100644 --- a/kubernetes/common/mariadb-init/templates/job.yaml +++ b/kubernetes/common/mariadb-init/templates/job.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Orange # Copyright © 2020 Samsung Electronics # @@ -12,6 +13,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} + +{{ include "mariadbInit._updateSecrets" . -}} apiVersion: batch/v1 kind: Job @@ -35,42 +39,45 @@ spec: initContainers: - name: {{ include "common.name" . }}-readiness command: - - /root/ready.py + - /app/ready.py args: - --container-name - - {{ .Values.global.mariadbGalera.nameOverride }} + - {{ default .Values.global.mariadbGalera.nameOverride .Values.mariadbGalera.containerName }} env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.image.mariadb" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - bash - - /db_init/db_init.sh + - /bin/sh + - -c + - | + /db_init/db_init.sh {{ if or .Values.dbScriptConfigMap .Values.dbScript }} && + /db_config/db_cmd.sh{{ end }} env: - name: DB_HOST - value: "{{ .Values.global.mariadbGalera.nameOverride }}" + value: "{{ default .Values.global.mariadbGalera.nameOverride .Values.mariadbGalera.serviceName }}" - name: DB_PORT - value: "{{ .Values.global.mariadbGalera.servicePort }}" + value: "{{ default .Values.global.mariadbGalera.servicePort .Values.mariadbGalera.servicePort }}" - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }} - name: {{ printf "MYSQL_USER_%s" .Values.config.mysqlDatabase | upper }} - {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "login") | indent 10 }} - name: {{ printf "MYSQL_PASSWORD_%s" .Values.config.mysqlDatabase | upper }} - {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "password") | indent 10 }} {{- $root := . }} {{ range $db, $_values := .Values.config.mysqlAdditionalDatabases }} - name: {{ printf "MYSQL_USER_%s" $db | upper }} - {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "login") | indent 10 }} - name: {{ printf "MYSQL_PASSWORD_%s" $db | upper }} - {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "password") | indent 10 }} {{ end }} volumeMounts: - mountPath: /etc/localtime @@ -78,7 +85,10 @@ spec: readOnly: true - name: mariadb-conf mountPath: /db_init/ - readOnly: true +{{- if or .Values.dbScriptConfigMap .Values.dbScript }} + - name: mariadb-init + mountPath: /db_config/ +{{- end }} resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -90,12 +100,23 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: - - name: mariadb-conf - configMap: - name: {{ include "mariadbInit.configMap" . }} - name: localtime hostPath: path: /etc/localtime +{{- if or .Values.dbScriptConfigMap .Values.dbScript }} + - name: mariadb-init + configMap: +{{- if .Values.dbScriptConfigMap }} + name: {{ tpl .Values.dbScriptConfigMap . }} +{{- else -}} + name: {{ include "common.fullname" . }}-dbscript +{{- end }} + defaultMode: 0755 +{{- end }} + - name: mariadb-conf + configMap: + name: {{ include "mariadbInit.configMap" . }} + defaultMode: 0755 restartPolicy: Never imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/common/mariadb-init/templates/secret.yaml b/kubernetes/common/mariadb-init/templates/secret.yaml index 71a89d019b..a9d9e0b704 100644 --- a/kubernetes/common/mariadb-init/templates/secret.yaml +++ b/kubernetes/common/mariadb-init/templates/secret.yaml @@ -1,4 +1,6 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada, Orange +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,27 +13,8 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -{{- define "mariadb-init._update-secrets" -}} - {{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }} -{{ printf "- uid: %s" $db }} -{{ printf " type: basicAuth" }} - {{- if $dbInfos.externalSecret }} -{{ printf " externalSecret: %s" $dbInfos.externalSecret }} - {{- end }} -{{ printf " login: %s" $dbInfos.user }} -{{ printf " password: %s" $dbInfos.password }} -{{ printf " passwordPolicy: required" }} - {{- end -}} -{{- end -}} +{{ include "mariadbInit._updateSecrets" . -}} -{{ $global := . }} -{{ $secretsString := .Values.secrets | toYaml | indent 2 }} -{{ $additionalSecretsString := (include "mariadb-init._update-secrets" .) | indent 2 }} -{{ $finalSecretsString := (cat "\nsecrets:\n" $secretsString $additionalSecretsString) | replace " -" " -" }} -{{ $finalSecrets := ($finalSecretsString | fromYaml).secrets }} - -{{ $newValues := set $global.Values "secrets" $finalSecrets }} -{{ $tmpGlobal := set $global "Values" $newValues }} - -{{ include "common.secret" $tmpGlobal }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/common/mariadb-init/tests/job_test.yaml b/kubernetes/common/mariadb-init/tests/job_test.yaml index 7523ee1c6e..170eaf3c96 100644 --- a/kubernetes/common/mariadb-init/tests/job_test.yaml +++ b/kubernetes/common/mariadb-init/tests/job_test.yaml @@ -36,7 +36,7 @@ tests: content: mariadb-galera - equal: path: spec.template.spec.initContainers[0].image - value: oomk8s/readiness-check:2.0.2 + value: nexus3.onap.org:10001/onap/oom/readiness:3.0.1 - equal: path: spec.template.spec.initContainers[0].imagePullPolicy value: IfNotPresent diff --git a/kubernetes/common/mariadb-init/values.yaml b/kubernetes/common/mariadb-init/values.yaml index f6ce95a65f..b2c0a05e46 100644 --- a/kubernetes/common/mariadb-init/values.yaml +++ b/kubernetes/common/mariadb-init/values.yaml @@ -16,9 +16,6 @@ # Global configuration defaults. ################################################################# global: - repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 mariadbGalera: nameOverride: mariadb-galera servicePort: 3306 @@ -33,8 +30,8 @@ global: secrets: - uid: root-password type: password - externalSecret: '{{ tpl (default (include "mariadbInit.mariadbClusterSecret" .) .Values.global.mariadbGalera.userRootSecret) . }}' - password: '{{ tpl (default "" .global.mariadbGalera.userRootPassword) . }}' + externalSecret: '{{ tpl (ternary (default "" .Values.mariadbGalera.userRootSecret) (default (include "mariadbInit.mariadbClusterSecret" .) .Values.global.mariadbGalera.userRootSecret) (not (empty (default "" .Values.mariadbGalera.serviceName)))) . }}' + password: '{{ tpl (ternary (default "" .Values.mariadbGalera.userRootPassword) (default "" .Values.global.mariadbGalera.userRootPassword) (not (empty (default "" .Values.mariadbGalera.serviceName)))) . }}' - uid: '{{ .Values.config.mysqlDatabase }}' type: basicAuth externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}' @@ -46,12 +43,27 @@ secrets: # Application configuration defaults. ################################################################# -image: mariadb:10.1.38 pullPolicy: IfNotPresent +# These two values are used to supply commands that are run after the DB is created. +# Components using the shared DB can either pass a string which has a set of commands +# or a config map that contains a shell script. If both are specified only the config +# map will be executed. For reference, please see the VID components for config map +dbScript: "" +dbScriptConfigMap: "" + # Set it if you want to change the name of the different components # nameOverride: +mariadbGalera: {} +# serviceName: some-name +# containerName: some-name +# servicePort: 3306 +# userRootPassword: some-password +# userRootSecret: some-secret-name +# userRootSecretKey: password + + config: userPassword: Ci@shsOd3pky1Vji userName: u5WZ1GMSIS1wHZF diff --git a/kubernetes/common/mongo/requirements.yaml b/kubernetes/common/mongo/requirements.yaml index 6ba617e990..09c09d698b 100644 --- a/kubernetes/common/mongo/requirements.yaml +++ b/kubernetes/common/mongo/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: 'file://../common' + - name: repositoryGenerator + version: ~6.x-0 + repository: 'file://../repositoryGenerator' diff --git a/kubernetes/common/mongo/templates/statefulset.yaml b/kubernetes/common/mongo/templates/statefulset.yaml index 111bc80586..73186b392d 100644 --- a/kubernetes/common/mongo/templates/statefulset.yaml +++ b/kubernetes/common/mongo/templates/statefulset.yaml @@ -36,10 +36,15 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: +{{ include "common.podSecurityContext" . | indent 6 }} containers: - name: {{ include "common.name" . }} - image: "{{ .Values.dockerHubRepository }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - docker-entrypoint.sh + args: + - --nounixsocket env: - name: MONGO_INITDB_DATABASE value: "{{ .Values.config.dbName }}" @@ -66,8 +71,8 @@ spec: volumeMounts: - name: {{ include "common.fullname" . }}-data mountPath: /var/lib/mongo - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} +{{ include "common.containerSecurityContext" . | indent 10 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} diff --git a/kubernetes/common/mongo/values.yaml b/kubernetes/common/mongo/values.yaml index 3c04b429cd..ee1d8c72fa 100644 --- a/kubernetes/common/mongo/values.yaml +++ b/kubernetes/common/mongo/values.yaml @@ -18,15 +18,12 @@ global: nodePortPrefix: 302 persistence: {} - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 ################################################################# # Application configuration defaults. ################################################################# -dockerHubRepository: registry.hub.docker.com image: library/mongo:4.0.8 pullPolicy: Always @@ -84,10 +81,13 @@ service: rpcbindPort: 111 rpcbindUdpPort: 111 +securityContext: + user_id: 999 + group_id: 999 + ingress: enabled: false -resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -98,13 +98,22 @@ resources: {} # ref: http://kubernetes.io/docs/user-guide/compute-resources/ # Minimum memory for development is 2 CPU cores and 4GB memory # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi +resources: + small: + limits: + cpu: 100m + memory: 200Mi + requests: + cpu: 10m + memory: 50Mi + large: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 2Gi + unlimited: {} sdnctlPrefix: mongo diff --git a/kubernetes/common/music/charts/music-cassandra-job/templates/job.yaml b/kubernetes/common/music/charts/music-cassandra-job/templates/job.yaml index 46310fb0fb..2c6c3379c2 100644 --- a/kubernetes/common/music/charts/music-cassandra-job/templates/job.yaml +++ b/kubernetes/common/music/charts/music-cassandra-job/templates/job.yaml @@ -34,10 +34,10 @@ spec: restartPolicy: Never initContainers: - name: {{ include "common.name" . }}-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --timeout - "{{ .Values.global.readinessTimeout }}" diff --git a/kubernetes/common/music/charts/music-cassandra-job/values.yaml b/kubernetes/common/music/charts/music-cassandra-job/values.yaml index ac18195939..eee1a3a522 100644 --- a/kubernetes/common/music/charts/music-cassandra-job/values.yaml +++ b/kubernetes/common/music/charts/music-cassandra-job/values.yaml @@ -20,9 +20,8 @@ global: repository: nexus3.onap.org:10001 # readiness check - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - # Set default to 4 hrs. + readinessImage: onap/oom/readiness:3.0.1 + # Set default to 4 hrs. # On slow environments dealys this long have been seen. readinessTimeout: 240 # logging agent @@ -34,9 +33,9 @@ global: job: host: music-cassandra port: 9042 - busybox: + busybox: image: library/busybox:latest - cassandra: + cassandra: image: onap/music/cassandra_job:3.0.24 timeout: 30 delay: 120 @@ -45,10 +44,10 @@ cql: replicationClass: "SimpleStrategy" replicationFactor: 3 adminUser: - username: nelson24 - password: nelson24 + username: nelson24 + password: nelson24 passwordReplace: A2C4E6G8I0J2L4O6Q8S0U2W4Y6 - + podManagementPolicy: OrderedReady updateStrategy: type: OnDelete diff --git a/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml b/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml index fbdac61a9e..5ae944a568 100644 --- a/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml +++ b/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml @@ -26,17 +26,6 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - {{ .Chart.Name }} - topologyKey: kubernetes.io/hostname serviceName: {{ include "common.servicename" . }} replicas: {{ .Values.replicaCount }} selector: @@ -133,5 +122,3 @@ spec: requests: storage: {{ .Values.persistence.size | quote }} {{- end }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/common/music/charts/music-cassandra/values.yaml b/kubernetes/common/music/charts/music-cassandra/values.yaml index 460671d839..0402a3207c 100644 --- a/kubernetes/common/music/charts/music-cassandra/values.yaml +++ b/kubernetes/common/music/charts/music-cassandra/values.yaml @@ -21,8 +21,7 @@ global: repository: nexus3.onap.org:10001 # readiness check - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 + readinessImage: onap/oom/readiness:3.0.1 # logging agent loggingRepository: docker.elastic.co diff --git a/kubernetes/common/music/charts/music/resources/config/startup.sh b/kubernetes/common/music/charts/music/resources/config/startup.sh index 7ab32558b4..37bb84de8b 100755 --- a/kubernetes/common/music/charts/music/resources/config/startup.sh +++ b/kubernetes/common/music/charts/music/resources/config/startup.sh @@ -1,4 +1,5 @@ #!/bin/bash +{{/* # # ============LICENSE_START========================================== # org.onap.music @@ -19,6 +20,7 @@ # # ============LICENSE_END============================================= # ==================================================================== +*/}} echo "Running startup script to get password from certman" PWFILE=/opt/app/aafcertman/.password diff --git a/kubernetes/common/music/charts/music/templates/configmap.yaml b/kubernetes/common/music/charts/music/templates/configmap.yaml index 4023f343df..d42cf2e7e0 100644 --- a/kubernetes/common/music/charts/music/templates/configmap.yaml +++ b/kubernetes/common/music/charts/music/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017-2020 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/common/music/charts/music/templates/deployment.yaml b/kubernetes/common/music/charts/music/templates/deployment.yaml index c3b30b22b7..63b5ab0974 100644 --- a/kubernetes/common/music/charts/music/templates/deployment.yaml +++ b/kubernetes/common/music/charts/music/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017-2020 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -23,10 +25,10 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-cassandra-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/job_complete.py + - /app/ready.py args: - -j - "{{ include "common.release" . }}-music-cassandra-job-config" @@ -77,7 +79,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} resources: -{{ toYaml .Values.resources | indent 12 }} +{{ include "common.resources" . | indent 12 }} env: - name: SPRING_OPTS value: "{{ .Values.springOpts }}" diff --git a/kubernetes/common/music/charts/music/templates/secrets.yaml b/kubernetes/common/music/charts/music/templates/secrets.yaml index 5d5f5bb397..15791a85d7 100644 --- a/kubernetes/common/music/charts/music/templates/secrets.yaml +++ b/kubernetes/common/music/charts/music/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 AT&T, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/common/music/charts/music/templates/service.yaml b/kubernetes/common/music/charts/music/templates/service.yaml index ca774c9b5b..3bd32a9419 100644 --- a/kubernetes/common/music/charts/music/templates/service.yaml +++ b/kubernetes/common/music/charts/music/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017-2020 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.service" . }} diff --git a/kubernetes/common/music/charts/music/values.yaml b/kubernetes/common/music/charts/music/values.yaml index faa5a6223d..bf3ad2279c 100644 --- a/kubernetes/common/music/charts/music/values.yaml +++ b/kubernetes/common/music/charts/music/values.yaml @@ -23,8 +23,7 @@ global: envsubstImage: dibi/envsubst # readiness check - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 + readinessImage: onap/oom/readiness:3.0.1 # logging agent loggingRepository: docker.elastic.co diff --git a/kubernetes/common/music/values.yaml b/kubernetes/common/music/values.yaml index fe4cbaee9c..7e89b02e02 100644 --- a/kubernetes/common/music/values.yaml +++ b/kubernetes/common/music/values.yaml @@ -19,8 +19,7 @@ global: nodePortPrefix: 302 repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 + readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 diff --git a/kubernetes/common/network-name-gen/templates/deployment.yaml b/kubernetes/common/network-name-gen/templates/deployment.yaml index 87dd622c35..c97c0488ac 100644 --- a/kubernetes/common/network-name-gen/templates/deployment.yaml +++ b/kubernetes/common/network-name-gen/templates/deployment.yaml @@ -36,16 +36,14 @@ spec: release: {{ include "common.release" . }} spec: initContainers: -{{- if .Values.global.mariadbGalera.localCluster }} - - command: - - /root/ready.py + - name: {{ include "common.name" . }}-readiness + command: + - /app/ready.py args: +{{- if .Values.global.mariadbGalera.localCluster }} - --container-name - {{ index .Values "mariadb-galera" "nameOverride" }} {{- else }} - - command: - - /root/job_complete.py - args: - --job-name - {{ include "common.release" . }}-{{ index .Values "mariadb-init" "nameOverride" }}-config-job {{- end }} @@ -55,9 +53,8 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} command: diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml index 81c596c6c9..ade8a20df6 100644 --- a/kubernetes/common/network-name-gen/values.yaml +++ b/kubernetes/common/network-name-gen/values.yaml @@ -26,8 +26,7 @@ global: # readiness check - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 + readinessImage: onap/oom/readiness:3.0.1 # image pull policy pullPolicy: IfNotPresent @@ -79,7 +78,7 @@ mariadb-init: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-apps-ms-neng:0.7.1 +image: onap/ccsdk-apps-ms-neng:1.0.2 pullPolicy: IfNotPresent # application configuration diff --git a/kubernetes/common/postgres/requirements.yaml b/kubernetes/common/postgres/requirements.yaml index 6f898b6171..19a4513f52 100644 --- a/kubernetes/common/postgres/requirements.yaml +++ b/kubernetes/common/postgres/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: 'file://../common' + - name: repositoryGenerator + version: ~6.x-0 + repository: 'file://../repositoryGenerator' diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl index 456aa32bc0..6142baa63f 100644 --- a/kubernetes/common/postgres/templates/_deployment.tpl +++ b/kubernetes/common/postgres/templates/_deployment.tpl @@ -30,7 +30,6 @@ metadata: heritage: {{ $dot.Release.Service }} name: "{{ index $dot.Values "container" "name" $pgMode }}" spec: - serviceName: {{ $dot.Values.service.name }} replicas: 1 selector: matchLabels: @@ -74,7 +73,7 @@ spec: subPath: setup.sql - mountPath: /config name: pgconf - image: "{{ $dot.Values.global.envsubstImage }}" + image: {{ include "repositoryGenerator.image.envsubst" $dot }} imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} name: {{ include "common.name" $dot }}-update-config @@ -85,14 +84,14 @@ spec: - | chown 26:26 /podroot/; chmod 700 /podroot/; - image: {{ $dot.Values.global.busyboxRepository | default $dot.Values.busyboxRepository }}/{{ $dot.Values.busyboxImage }} + image: {{ include "repositoryGenerator.image.busybox" $dot }} imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" $dot }}-data mountPath: /podroot/ containers: - name: {{ include "common.name" $dot }} - image: "{{ $dot.Values.postgresRepository }}/{{ $dot.Values.image }}" + image: {{ include "repositoryGenerator.image.postgres" $dot }} imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} ports: - containerPort: {{ $dot.Values.service.internalPort }} @@ -147,8 +146,7 @@ spec: - mountPath: /backup name: {{ include "common.fullname" $dot }}-backup readOnly: true - resources: -{{ include "common.resources" $dot | indent 12 }} + resources: {{ include "common.resources" $dot | nindent 12 }} {{- if $dot.Values.nodeSelector }} nodeSelector: {{ toYaml $dot.Values.nodeSelector | indent 10 }} diff --git a/kubernetes/common/postgres/templates/configmap.yaml b/kubernetes/common/postgres/templates/configmap.yaml index 26ba390040..e8bfd1194a 100644 --- a/kubernetes/common/postgres/templates/configmap.yaml +++ b/kubernetes/common/postgres/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Amdocs, Bell Canada, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml index a5a416329b..f815847f06 100644 --- a/kubernetes/common/postgres/values.yaml +++ b/kubernetes/common/postgres/values.yaml @@ -18,11 +18,6 @@ global: nodePortPrefix: 302 persistence: {} - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - - # envsusbt - envsubstImage: dibi/envsubst ################################################################# # Secrets metaconfig @@ -46,12 +41,6 @@ secrets: # Application configuration defaults. ################################################################# -# BusyBox image -busyboxRepository: registry.hub.docker.com -busyboxImage: library/busybox:latest - -postgresRepository: crunchydata -image: crunchy-postgres:centos7-10.11-4.2.1 pullPolicy: Always # application configuration @@ -126,21 +115,32 @@ service: ingress: enabled: false -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi +flavor: small + +#resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# +# Example: +# Configure resource requests and limits +# ref: http://kubernetes.io/docs/user-guide/compute-resources/ +# Minimum memory for development is 2 CPU cores and 4GB memory +# Minimum memory for production is 4 CPU cores and 8GB memory +resources: + small: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 10m + memory: 90Mi + large: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 2Gi + unlimited: {} diff --git a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl index 3cdf13a362..6a1a1eb82a 100644 --- a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl +++ b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl @@ -56,10 +56,10 @@ {{- $containers := index (ternary (dict "containers" $wait_for) $wait_for (kindIs "slice" $wait_for)) "containers" -}} {{- $namePart := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "name" -}} - name: {{ include "common.name" $dot }}{{ ternary "" (printf "-%s" $namePart) (empty $namePart) }}-readiness - image: "{{ $subchartDot.Values.global.readinessRepository }}/{{ $subchartDot.Values.global.readinessImage }}" + image: "{{ include "common.repository" $subchartDot }}/{{ $subchartDot.Values.global.readinessImage }}" imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: {{- range $container := $containers }} - --container-name diff --git a/kubernetes/common/readinessCheck/values.yaml b/kubernetes/common/readinessCheck/values.yaml index 8417407a99..7bd0c3d679 100644 --- a/kubernetes/common/readinessCheck/values.yaml +++ b/kubernetes/common/readinessCheck/values.yaml @@ -13,8 +13,7 @@ # limitations under the License. global: - readinessRepository: oomk8s - readinessImage: readiness-check:2.2.1 + readinessImage: onap/oom/readiness:3.0.1 pullPolicy: Always limits: diff --git a/kubernetes/policy/charts/drools/Chart.yaml b/kubernetes/common/repository-wrapper/Chart.yaml index 3cc791d36b..7f48d16877 100644 --- a/kubernetes/policy/charts/drools/Chart.yaml +++ b/kubernetes/common/repository-wrapper/Chart.yaml @@ -1,5 +1,4 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,6 +13,6 @@ # limitations under the License. apiVersion: v1 -description: ONAP Drools Policy Engine -name: drools +description: Wrapper chart to allow docker secret to be shared all instances +name: repository-wrapper version: 6.0.0 diff --git a/kubernetes/esr/charts/esr-server/requirements.yaml b/kubernetes/common/repository-wrapper/requirements.yaml index a999e38749..02d40a57d9 100644 --- a/kubernetes/esr/charts/esr-server/requirements.yaml +++ b/kubernetes/common/repository-wrapper/requirements.yaml @@ -15,7 +15,7 @@ dependencies: - name: common version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local'
\ No newline at end of file + repository: 'file://../common' + - name: repositoryGenerator + version: ~6.x-0 + repository: 'file://../repositoryGenerator' diff --git a/kubernetes/onap/templates/secrets.yaml b/kubernetes/common/repository-wrapper/templates/secrets.yaml index 42a263db97..21b56fadcd 100644 --- a/kubernetes/onap/templates/secrets.yaml +++ b/kubernetes/common/repository-wrapper/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Secret @@ -23,5 +25,5 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: - .dockercfg: {{ include "common.repository.secret" . }} + .dockercfg: {{ include "repositoryGenerator.secret" . }} type: kubernetes.io/dockercfg diff --git a/kubernetes/policy/resources/config/pe/pap-tweaks.sh b/kubernetes/common/repository-wrapper/values.yaml index 1930b98f77..66f679c830 100644 --- a/kubernetes/policy/resources/config/pe/pap-tweaks.sh +++ b/kubernetes/common/repository-wrapper/values.yaml @@ -1,4 +1,4 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T +# Copyright © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -#! /bin/bash +global: {}
\ No newline at end of file diff --git a/kubernetes/policy/charts/pdp/Chart.yaml b/kubernetes/common/repositoryGenerator/Chart.yaml index 25301ee483..5ff53fa3d4 100644 --- a/kubernetes/policy/charts/pdp/Chart.yaml +++ b/kubernetes/common/repositoryGenerator/Chart.yaml @@ -1,5 +1,4 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,6 +13,6 @@ # limitations under the License. apiVersion: v1 -description: ONAP Policy PDP -name: pdp +description: Template used to generate the right repository link +name: repositoryGenerator version: 6.0.0 diff --git a/kubernetes/common/repositoryGenerator/requirements.yaml b/kubernetes/common/repositoryGenerator/requirements.yaml new file mode 100644 index 0000000000..70ab2ecce6 --- /dev/null +++ b/kubernetes/common/repositoryGenerator/requirements.yaml @@ -0,0 +1,14 @@ +# Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. diff --git a/kubernetes/common/repositoryGenerator/templates/_repository.tpl b/kubernetes/common/repositoryGenerator/templates/_repository.tpl new file mode 100644 index 0000000000..c351db1ba0 --- /dev/null +++ b/kubernetes/common/repositoryGenerator/templates/_repository.tpl @@ -0,0 +1,177 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- define "repositoryGenerator._repositoryHelper" -}} + {{- $dot := default . .dot -}} + {{- $initRoot := default $dot.Values.repositoryGenerator .initRoot -}} + {{- $repoName := .repoName }} + {{- $overrideName := printf "%s%s" $repoName "Override" }} + {{- if (hasKey $dot.Values $overrideName) -}} + {{- printf "%s" (first (pluck $overrideName $dot.Values)) -}} + {{- else -}} + {{- first (pluck $repoName $dot.Values.global $initRoot.global) -}} + {{- end }} +{{- end -}} + +{{/* + Resolve the name of the common image repository. + + - .Values.global.repository : default image repository for all ONAP images + - .Values.repositoryOverride : override global repository on a per chart basis +*/}} +{{- define "repositoryGenerator.repository" -}} + {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "repository") .) }} +{{- end -}} + +{{/* + Resolve the name of the dockerHub image repository. + + - .Values.global.dockerHubRepository : default image dockerHubRepository for all dockerHub images + - .Values.dockerHubRepositoryOverride : override global dockerHub repository on a per chart basis +*/}} +{{- define "repositoryGenerator.dockerHubRepository" -}} + {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "dockerHubRepository") .) }} +{{- end -}} + +{{/* + Resolve the name of the elasticRepository image repository. + + - .Values.global.elasticRepository : default image elasticRepository for all images using elastic repository + - .Values.elasticRepositoryOverride : override global elasticRepository repository on a per chart basis +*/}} +{{- define "repositoryGenerator.elasticRepository" -}} + {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "elasticRepository") .) }} +{{- end -}} + +{{/* + Resolve the name of the googleK8sRepository image repository. + + - .Values.global.googleK8sRepository : default image dockerHubRepository for all dockerHub images + - .Values.googleK8sRepositoryOverride : override global dockerHub repository on a per chart basis +*/}} +{{- define "repositoryGenerator.googleK8sRepository" -}} + {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "googleK8sRepository") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image._helper" -}} + {{- $dot := default . .dot -}} + {{- $initRoot := default $dot.Values.repositoryGenerator .initRoot -}} + {{- $image := .image }} + {{- $repoName := first (pluck $image $initRoot.imageRepoMapping) }} + {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" $repoName ) .) }}/{{- first (pluck $image $dot.Values.global $initRoot.global) -}} +{{- end -}} + +{{- define "repositoryGenerator.image.busybox" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "busyboxImage") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image.curl" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "curlImage") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image.envsubst" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "envsubstImage") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image.htpasswd" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "htpasswdImage") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image.kubectl" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "kubectlImage") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image.logging" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "loggingImage") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image.mariadb" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "mariadbImage") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image.nginx" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "nginxImage") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image.postgres" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "postgresImage") .) }} +{{- end -}} + +{{- define "repositoryGenerator.image.readiness" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "readinessImage") .) }} +{{- end -}} + +{{/* + Resolve the image repository secret token. + The value for .Values.global.repositoryCred is used if provided: + repositoryCred: + user: user + password: password + mail: email (optional) + You can also set the same things for dockerHub, elastic and googleK8s if + needed. +*/}} +{{- define "repositoryGenerator.secret" -}} + {{- $dot := default . .dot -}} + {{- $initRoot := default $dot.Values.repositoryGenerator .initRoot -}} + {{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}} + {{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} + {{- $repoCreds := "" }} + {{- if $subchartDot.Values.global.dockerHubRepositoryCred }} + {{- $repo := $subchartDot.Values.global.repository }} + {{- $cred := $subchartDot.Values.global.repositoryCred }} + {{- $mail := default "@" $cred.mail }} + {{- $auth := printf "%s:%s" $cred.user $cred.password | b64enc }} + {{- $repoCreds = printf "\"%s\": {\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $repo $cred.user $cred.password $mail $auth }} + {{- end }} + {{- if $subchartDot.Values.global.dockerHubRepositoryCred }} + {{- $dhRepo := $subchartDot.Values.global.dockerHubRepository }} + {{- $dhCred := $subchartDot.Values.global.dockerHubRepositoryCred }} + {{- $dhMail := default "@" $dhCred.mail }} + {{- $dhAuth := printf "%s:%s" $dhCred.user $dhCred.password | b64enc }} + {{- $dhRepoCreds := printf "\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $dhRepo $dhCred.user $dhCred.password $dhMail $dhAuth }} + {{- if eq "" $repoCreds }} + {{- $repoCreds = $dhRepoCreds }} + {{- else }} + {{- $repoCreds = printf "%s, %s" $repoCreds $dhRepoCreds }} + {{- end }} + {{- end }} + {{- if $subchartDot.Values.global.elasticRepositoryCred }} + {{- $eRepo := $subchartDot.Values.global.elasticRepository }} + {{- $eCred := $subchartDot.Values.global.elasticRepositoryCred }} + {{- $eMail := default "@" $eCred.mail }} + {{- $eAuth := printf "%s:%s" $eCred.user $eCred.password | b64enc }} + {{- $eRepoCreds := printf "\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $eRepo $eCred.user $eCred.password $eMail $eAuth }} + {{- if eq "" $repoCreds }} + {{- $repoCreds = $eRepoCreds }} + {{- else }} + {{- $repoCreds = printf "%s, %s" $repoCreds $eRepoCreds }} + {{- end }} + {{- end }} + {{- if $subchartDot.Values.global.googleK8sRepositoryCred }} + {{- $gcrRepo := $subchartDot.Values.global.googleK8sRepository }} + {{- $gcrCred := $subchartDot.Values.global.googleK8sRepositoryCred }} + {{- $gcrMail := default "@" $gcrCred.mail }} + {{- $gcrAuth := printf "%s:%s" $gcrCred.user $gcrCred.password | b64enc }} + {{- $gcrRepoCreds := printf "\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $gcrRepo $gcrCred.user $gcrCred.password $gcrMail $gcrAuth }} + {{- if eq "" $repoCreds }} + {{- $repoCreds = $gcrRepoCreds }} + {{- else }} + {{- $repoCreds = printf "%s, %s" $repoCreds $gcrRepoCreds }} + {{- end }} + {{- end }} + {{- printf "{%s}" $repoCreds | b64enc -}} +{{- end -}} diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml new file mode 100644 index 0000000000..1ec3a35bd9 --- /dev/null +++ b/kubernetes/common/repositoryGenerator/values.yaml @@ -0,0 +1,62 @@ +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +global: + # Repositories used + repository: nexus3.onap.org:10001 + dockerHubRepository: docker.io + elasticRepository: docker.elastic.co + googleK8sRepository: k8s.gcr.io + + # common global images + busyboxImage: busybox:1.32 + curlImage: curlimages/curl:7.69.1 + envsubstImage: dibi/envsubst:1 + # there's only latest image for htpasswd + htpasswdImage: xmartlabs/htpasswd:latest + kubectlImage: bitnami/kubectl:1.19 + loggingImage: beats/filebeat:5.5.0 + mariadbImage: mariadb:10.1.48 + nginxImage: bitnami/nginx:1.18-debian-10 + postgresImage: crunchydata/crunchy-postgres:centos7-10.11-4.2.1 + readinessImage: onap/oom/readiness:3.0.1 + + # Default credentials + # they're optional. If the target repository doesn't need them, comment them + repositoryCred: + user: docker + password: docker + # If you want / need authentication on the repositories, please set + # Don't set them if the target repo is the same than others + # dockerHubCred: + # user: myuser + # password: mypassord + # elasticCred: + # user: myuser + # password: mypassord + # googleK8sCred: + # user: myuser + # password: mypassord + +imageRepoMapping: + busyboxImage: dockerHubRepository + curlImage: dockerHubRepository + envsubstImage: dockerHubRepository + htpasswdImage: dockerHubRepository + kubectlImage: dockerHubRepository + loggingImage: elasticRepository + mariadbImage: dockerHubRepository + nginxImage: dockerHubRepository + postgresImage: dockerHubRepository + readinessImage: repository diff --git a/kubernetes/consul/charts/consul-server/templates/service.yaml b/kubernetes/consul/charts/consul-server/templates/service.yaml index f7c217d880..c24ddfb7e4 100644 --- a/kubernetes/consul/charts/consul-server/templates/service.yaml +++ b/kubernetes/consul/charts/consul-server/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/consul/charts/consul-server/templates/statefulset.yaml b/kubernetes/consul/charts/consul-server/templates/statefulset.yaml index 5bdbe0f232..16fda3a510 100644 --- a/kubernetes/consul/charts/consul-server/templates/statefulset.yaml +++ b/kubernetes/consul/charts/consul-server/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet @@ -39,7 +41,10 @@ spec: - name: "{{ include "common.namespace" . }}-docker-registry-key" containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + runAsGroup: {{ .Values.securityContext.runAsGroup }} command: ["/usr/local/bin/docker-entrypoint.sh"] args: - "agent" @@ -68,3 +73,4 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: {{ include "common.resources" . | nindent 10 }} diff --git a/kubernetes/consul/charts/consul-server/values.yaml b/kubernetes/consul/charts/consul-server/values.yaml index e9c96d1bc6..48a26effd7 100644 --- a/kubernetes/consul/charts/consul-server/values.yaml +++ b/kubernetes/consul/charts/consul-server/values.yaml @@ -17,17 +17,13 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 + repository: nexus3.onap.org:10001 ################################################################# # Application configuration defaults. ################################################################# # application image -repository: docker.io -image: consul:1.0.6 +image: onap/oom/consul:2.1.0 pullPolicy: Always # flag to enable debugging - application support required @@ -64,4 +60,35 @@ service: ingress: enabled: false -resources: {} +#resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # + # Example: + # Configure resource requests and limits + # ref: http://kubernetes.io/docs/user-guide/compute-resources/ + # Minimum memory for development is 2 CPU cores and 4GB memory + # Minimum memory for production is 4 CPU cores and 8GB memory +resources: + small: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 30m + memory: 25Mi + large: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 2Gi + unlimited: {} + +securityContext: + fsGroup: 1000 + runAsUser: 100 + runAsGroup: 1000 diff --git a/kubernetes/consul/requirements.yaml b/kubernetes/consul/requirements.yaml index d3c442d32e..0b77abe706 100644 --- a/kubernetes/consul/requirements.yaml +++ b/kubernetes/consul/requirements.yaml @@ -20,3 +20,6 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/consul/resources/config/consul-agent-config/model-loader.properties b/kubernetes/consul/resources/config/consul-agent-config/model-loader.properties index 4c7fe41118..aae18b1e98 100644 --- a/kubernetes/consul/resources/config/consul-agent-config/model-loader.properties +++ b/kubernetes/consul/resources/config/consul-agent-config/model-loader.properties @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}} # Model Loader Distribution Client Configuration
ml.distribution.ACTIVE_SERVER_TLS_AUTH=false
diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/aai-search-storage-write-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/aai-search-storage-write-script.sh index 8d57163e67..20e53b65ae 100755 --- a/kubernetes/consul/resources/config/consul-agent-config/scripts/aai-search-storage-write-script.sh +++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/aai-search-storage-write-script.sh @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} if curl -s -X PUT http://aai-elasticsearch:9200/searchhealth/stats/testwrite -d @/consul/scripts/aai-search-storage-write-doc.txt | grep '\"created\":true'; then if curl -s -X DELETE http://aai-elasticsearch:9200/searchhealth/stats/testwrite | grep '\"failed\":0'; then diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/appc-dbhost-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/appc-dbhost-script.sh index b756936201..1dccb3e16c 100755 --- a/kubernetes/consul/resources/config/consul-agent-config/scripts/appc-dbhost-script.sh +++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/appc-dbhost-script.sh @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} APPC_DBHOST_POD=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "appc-dbhost-[^[:space:]]*") if [ -n "$APPC_DBHOST_POD" ]; then diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/clamp-mariadb-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/clamp-mariadb-script.sh index 6f85c8a5a8..9ca6cf135c 100644 --- a/kubernetes/consul/resources/config/consul-agent-config/scripts/clamp-mariadb-script.sh +++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/clamp-mariadb-script.sh @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} NAME=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "[^[:space:]]*-clampdb[^[:space:]]*") diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/data-router-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/data-router-script.sh index 8fb35f4b82..cd154dabbd 100755 --- a/kubernetes/consul/resources/config/consul-agent-config/scripts/data-router-script.sh +++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/data-router-script.sh @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} NAME=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "aai-data-router[^[:space:]]*") diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/model-loader-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/model-loader-script.sh index 80fca0d52f..99feaa2f2f 100755 --- a/kubernetes/consul/resources/config/consul-agent-config/scripts/model-loader-script.sh +++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/model-loader-script.sh @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} NAME=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "aai-model-loader[^[:space:]]*") diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/mr-kafka-health.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/mr-kafka-health.sh index 7cf52833b9..818503e9b6 100755 --- a/kubernetes/consul/resources/config/consul-agent-config/scripts/mr-kafka-health.sh +++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/mr-kafka-health.sh @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} kafkapod=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "[^[:space:]]*-message-router-kafka-[^[:space:]]*") if [ -n "$kafkapod" ]; then diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/mr-zookeeper-health.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/mr-zookeeper-health.sh index 8809d9223a..185300cb8a 100755 --- a/kubernetes/consul/resources/config/consul-agent-config/scripts/mr-zookeeper-health.sh +++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/mr-zookeeper-health.sh @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} zkpod=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "[^[:space:]]*-message-router-zookeeper-[^[:space:]]*") if [ -n "$zkpod" ]; then diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/policy-mariadb-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/policy-mariadb-script.sh index fd4cbc9365..12157b5dee 100644 --- a/kubernetes/consul/resources/config/consul-agent-config/scripts/policy-mariadb-script.sh +++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/policy-mariadb-script.sh @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} NAME=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "[^[:space:]]*-policydb[^[:space:]]*") diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-be-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-be-script.sh index 33cd496bb9..8c5b8b99e9 100755 --- a/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-be-script.sh +++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-be-script.sh @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} ## Query the health check API. HEALTH_CHECK_ENDPOINT="http://sdc-fe:8181/sdc1/rest/healthCheck" diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-cs-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-cs-script.sh index a3886f21e9..c17b8fb4bb 100755 --- a/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-cs-script.sh +++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-cs-script.sh @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} ## Query the health check API. HEALTH_CHECK_ENDPOINT="http://sdc-fe:8181/sdc1/rest/healthCheck" diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-fe-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-fe-script.sh index 2ee6fcf3c3..57035b837f 100755 --- a/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-fe-script.sh +++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-fe-script.sh @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} ## Query the health check API. HEALTH_CHECK_ENDPOINT="http://sdc-fe:8181/sdc1/rest/healthCheck" diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-titan-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-titan-script.sh index f782ba1dc5..f6e1eee98d 100755 --- a/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-titan-script.sh +++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/sdc-titan-script.sh @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} ## Query the health check API. HEALTH_CHECK_ENDPOINT="http://sdc-fe:8181/sdc1/rest/healthCheck" diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/sdnc-cluster-health.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/sdnc-cluster-health.sh index eb8127fe11..ed7aefc0cf 100755 --- a/kubernetes/consul/resources/config/consul-agent-config/scripts/sdnc-cluster-health.sh +++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/sdnc-cluster-health.sh @@ -1,4 +1,5 @@ #!/bin/sh +{{/* # Copyright © 2018 Amdocs # Modifications Copyright © 2018 AT&T @@ -14,6 +15,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} # query ODL cluster state USERNAME="{{.Values.odl.jolokia.username}}" diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/sdnc-dbhost-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/sdnc-dbhost-script.sh index 79f22bf015..3ec7b5b64e 100755 --- a/kubernetes/consul/resources/config/consul-agent-config/scripts/sdnc-dbhost-script.sh +++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/sdnc-dbhost-script.sh @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} SDNC_DBHOST_POD=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "sdnc-dbhost-[^[:space:]]*") if [ -n "$SDNC_DBHOST_POD" ]; then diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/search-data-service-availability.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/search-data-service-availability.sh index 4416fb907c..68ab27dbc9 100644 --- a/kubernetes/consul/resources/config/consul-agent-config/scripts/search-data-service-availability.sh +++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/search-data-service-availability.sh @@ -1,4 +1,5 @@ #!/bin/sh +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # @@ -13,6 +14,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} SEARCH_SERVICE_NAME="search-data-service.{{ include "common.namespace" . }}" SEARCH_SERVICE_PORT=9509 diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/so-api-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/so-api-script.sh index 09d2c81b32..04c240bd6a 100755 --- a/kubernetes/consul/resources/config/consul-agent-config/scripts/so-api-script.sh +++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/so-api-script.sh @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} ## Query the health check API. HEALTH_CHECK_ENDPOINT="http://so:8080/ecomp/mso/infra/healthcheck" diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/so-camunda-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/so-camunda-script.sh index e1d0ff5b83..545291b4fe 100755 --- a/kubernetes/consul/resources/config/consul-agent-config/scripts/so-camunda-script.sh +++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/so-camunda-script.sh @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} ## Query the health check API. HEALTH_CHECK_ENDPOINT="http://so:8080/mso/healthcheck" diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/so-jra-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/so-jra-script.sh index 71a662ef31..765bdc9e49 100755 --- a/kubernetes/consul/resources/config/consul-agent-config/scripts/so-jra-script.sh +++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/so-jra-script.sh @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} ## Query the health check API. HEALTH_CHECK_ENDPOINT="http://so:8080/networks/rest/healthcheck" diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/so-mariadb-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/so-mariadb-script.sh index a167f4c6b8..25e9a891ca 100755 --- a/kubernetes/consul/resources/config/consul-agent-config/scripts/so-mariadb-script.sh +++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/so-mariadb-script.sh @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} NAME=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "[^[:space:]]*-so-db[^[:space:]]*") diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/sparky-be-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/sparky-be-script.sh index d663b908ad..8f9349e275 100755 --- a/kubernetes/consul/resources/config/consul-agent-config/scripts/sparky-be-script.sh +++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/sparky-be-script.sh @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} NAME=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "aai-sparky-be[^[:space:]]*") diff --git a/kubernetes/consul/resources/config/consul-agent-config/scripts/vid-mariadb-script.sh b/kubernetes/consul/resources/config/consul-agent-config/scripts/vid-mariadb-script.sh index 7e81420acb..6afbfee641 100755 --- a/kubernetes/consul/resources/config/consul-agent-config/scripts/vid-mariadb-script.sh +++ b/kubernetes/consul/resources/config/consul-agent-config/scripts/vid-mariadb-script.sh @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} NAME=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "[^[:space:]]*-vid-mariadb[^[:space:]]*") diff --git a/kubernetes/consul/resources/config/consul-agent-config/sdnc-portal-health.json b/kubernetes/consul/resources/config/consul-agent-config/sdnc-portal-health.json deleted file mode 100644 index d03ce90820..0000000000 --- a/kubernetes/consul/resources/config/consul-agent-config/sdnc-portal-health.json +++ /dev/null @@ -1,21 +0,0 @@ -{ - "service": { - "name": "Health Check: SDNC Portal", - "checks": [ - { - "id": "sdnc-portal", - "name": "SDNC Portal Health Check", - "http": "http://sdnc-portal:8843/login", - "method": "HEAD", - "header": { - "Cache-Control": ["no-cache"], - "Content-Type": ["application/json"], - "Accept": ["application/json"] - }, - "tls_skip_verify": true, - "interval": "15s", - "timeout": "1s" - } - ] - } -} diff --git a/kubernetes/consul/templates/configmap.yaml b/kubernetes/consul/templates/configmap.yaml index 0445ad0401..42c8cba6b4 100644 --- a/kubernetes/consul/templates/configmap.yaml +++ b/kubernetes/consul/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/consul/templates/deployment.yaml b/kubernetes/consul/templates/deployment.yaml index a7774e9878..31546abd49 100644 --- a/kubernetes/consul/templates/deployment.yaml +++ b/kubernetes/consul/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -37,15 +39,36 @@ spec: spec: imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" - containers: - - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + initContainers: + - name: {{ include "common.name" . }}-chown + image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} command: - - /bin/sh - - "-c" + - sh + args: + - -c - | - apk update && apk add jq - cp /tmp/consul/config/* /consul/config - /usr/local/bin/docker-entrypoint.sh agent -client 0.0.0.0 -enable-script-checks -retry-join {{ .Values.consulServer.nameOverride }} + cp -r -L /tmp/consul/config/* /consul/config/ + chown -R {{ .Values.consulUID }}:{{ .Values.consulGID }} /consul/config + ls -la /consul/config + volumeMounts: + - mountPath: /tmp/consul/config + name: consul-agent-config + - mountPath: /consul/config + name: consul-agent-config-dir + containers: + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + runAsGroup: {{ .Values.securityContext.runAsGroup }} + command: + - docker-entrypoint.sh + args: + - agent + - -client + - 0.0.0.0 + - -enable-script-checks + - -retry-join + - {{ .Values.consulServer.nameOverride }} name: {{ include "common.name" . }} env: - name: SDNC_ODL_COUNT @@ -53,13 +76,16 @@ spec: - name: SDNC_IS_PRIMARY_CLUSTER value: "{{ .Values.sdnc.config.isPrimaryCluster }}" volumeMounts: - - mountPath: /tmp/consul/config - name: consul-agent-config + - mountPath: /consul/config + name: consul-agent-config-dir - mountPath: /consul/scripts name: consul-agent-scripts-config - mountPath: /consul/certs name: consul-agent-certs-config + resources: {{ include "common.resources" . | nindent 10 }} volumes: + - name: consul-agent-config-dir + emptyDir: {} - configMap: name: {{ include "common.fullname" . }}-configmap name: consul-agent-config diff --git a/kubernetes/consul/templates/secrets.yaml b/kubernetes/consul/templates/secrets.yaml index ffcc05f565..27cfbf00d0 100644 --- a/kubernetes/consul/templates/secrets.yaml +++ b/kubernetes/consul/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Secret diff --git a/kubernetes/consul/values.yaml b/kubernetes/consul/values.yaml index 34272c6b96..639e4eb7af 100644 --- a/kubernetes/consul/values.yaml +++ b/kubernetes/consul/values.yaml @@ -17,23 +17,23 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:latest ################################################################# # Application configuration defaults. ################################################################# # application image -repository: docker.io -image: oomk8s/consul:1.0.0 +image: onap/oom/consul:2.1.0 pullPolicy: Always #subchart name consulServer: nameOverride: consul-server +consulUID: 100 +consulGID: 1000 + # flag to enable debugging - application support required debugEnabled: false @@ -66,8 +66,34 @@ ingress: port: 8800 config: ssl: "none" - -resources: {} + +#resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # + # Example: + # Configure resource requests and limits + # ref: http://kubernetes.io/docs/user-guide/compute-resources/ + # Minimum memory for development is 2 CPU cores and 4GB memory + # Minimum memory for production is 4 CPU cores and 8GB memory +resources: + small: + limits: + cpu: 1 + memory: 1500Mi + requests: + cpu: 650m + memory: 530Mi + large: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 2Gi + unlimited: {} odl: jolokia: @@ -78,3 +104,8 @@ sdnc: config: isPrimaryCluster: true replicaCount: 1 + +securityContext: + fsGroup: 1000 + runAsUser: 100 + runAsGroup: 1000 diff --git a/kubernetes/contrib/.helmignore b/kubernetes/contrib/.helmignore new file mode 100644 index 0000000000..68ffb32406 --- /dev/null +++ b/kubernetes/contrib/.helmignore @@ -0,0 +1 @@ +components/ diff --git a/kubernetes/contrib/Makefile b/kubernetes/contrib/Makefile index eb9f025fc8..32386fc89a 100644 --- a/kubernetes/contrib/Makefile +++ b/kubernetes/contrib/Makefile @@ -11,20 +11,21 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +HELM_BIN := helm make-contrib: make-contrib-awx make-contrib-netbox make-contrib-ejbca make-contrib-core make-contrib-awx: - cd components && helm dep up awx && helm lint awx + cd components && $(HELM_BIN) dep up awx && $(HELM_BIN) lint awx make-contrib-ejbca: - cd components && helm dep up ejbca && helm lint ejbca + cd components && $(HELM_BIN) dep up ejbca && $(HELM_BIN) lint ejbca make-contrib-netbox: - cd components && helm dep up netbox && helm lint netbox + cd components && $(HELM_BIN) dep up netbox && $(HELM_BIN) lint netbox make-contrib-core: - helm dep up . && helm lint . + $(HELM_BIN) dep up . && $(HELM_BIN) lint . clean: @find . -type f -name '*.tgz' -delete diff --git a/kubernetes/contrib/components/awx/Makefile b/kubernetes/contrib/components/awx/Makefile index d8a50339d6..cb88b57fc9 100644 --- a/kubernetes/contrib/components/awx/Makefile +++ b/kubernetes/contrib/components/awx/Makefile @@ -11,6 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +HELM_BIN := helm make-awx: - cd charts && helm dep up awx-postgres + cd charts && $(HELM_BIN) dep up awx-postgres diff --git a/kubernetes/contrib/components/awx/charts/awx/resources/config/credentials.py b/kubernetes/contrib/components/awx/charts/awx/resources/config/credentials.py index 39350e05d0..85808d10d4 100644 --- a/kubernetes/contrib/components/awx/charts/awx/resources/config/credentials.py +++ b/kubernetes/contrib/components/awx/charts/awx/resources/config/credentials.py @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} DATABASES = { 'default': { diff --git a/kubernetes/contrib/components/awx/charts/awx/resources/config/environment.sh b/kubernetes/contrib/components/awx/charts/awx/resources/config/environment.sh index 7c58c6bb48..b9d01d079c 100644 --- a/kubernetes/contrib/components/awx/charts/awx/resources/config/environment.sh +++ b/kubernetes/contrib/components/awx/charts/awx/resources/config/environment.sh @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} DATABASE_USER={{ .Values.config.postgresUser }} DATABASE_NAME={{ .Values.config.postgresDB }} diff --git a/kubernetes/contrib/components/awx/charts/awx/templates/job.yaml b/kubernetes/contrib/components/awx/charts/awx/templates/job.yaml index 4be13fbf88..74c02bcd5f 100644 --- a/kubernetes/contrib/components/awx/charts/awx/templates/job.yaml +++ b/kubernetes/contrib/components/awx/charts/awx/templates/job.yaml @@ -40,7 +40,7 @@ spec: image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - awx-postgres @@ -122,4 +122,4 @@ spec: name: {{ include "common.fullname" . }}-rabbitmq name: rabbitmq-config imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/contrib/components/awx/charts/awx/templates/statefulset.yaml b/kubernetes/contrib/components/awx/charts/awx/templates/statefulset.yaml index 988ac174ae..6023bb4fdb 100644 --- a/kubernetes/contrib/components/awx/charts/awx/templates/statefulset.yaml +++ b/kubernetes/contrib/components/awx/charts/awx/templates/statefulset.yaml @@ -47,7 +47,7 @@ spec: image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - {{ include "common.name" . }}-mgnt @@ -210,4 +210,4 @@ spec: name: {{ include "common.fullname" . }}-rabbitmq name: rabbitmq-config imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/contrib/components/awx/values.yaml b/kubernetes/contrib/components/awx/values.yaml index 6c6a90e0de..1ed35c2c23 100755 --- a/kubernetes/contrib/components/awx/values.yaml +++ b/kubernetes/contrib/components/awx/values.yaml @@ -16,10 +16,10 @@ # Global configuration defaults. ################################################################# global: + readinessRepository: nexus3.onap.org:10001 nodePortPrefixExt: 304 commonConfigPrefix: awx - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 + readinessImage: onap/oom/readiness:3.0.1 ################################################################# # Application configuration defaults. diff --git a/kubernetes/contrib/components/ejbca/resources/certprofile_CUSTOM_ENDUSER-1834889499.xml b/kubernetes/contrib/components/ejbca/resources/certprofile_CUSTOM_ENDUSER-1834889499.xml new file mode 100644 index 0000000000..e163aed82a --- /dev/null +++ b/kubernetes/contrib/components/ejbca/resources/certprofile_CUSTOM_ENDUSER-1834889499.xml @@ -0,0 +1,595 @@ +<?xml version="1.0" encoding="UTF-8"?> +<java version="1.8.0_242" class="java.beans.XMLDecoder"> + <object class="java.util.LinkedHashMap"> + <void method="put"> + <string>version</string> + <float>46.0</float> + </void> + <void method="put"> + <string>type</string> + <int>1</int> + </void> + <void method="put"> + <string>certversion</string> + <string>X509v3</string> + </void> + <void method="put"> + <string>encodedvalidity</string> + <string>2y</string> + </void> + <void method="put"> + <string>usecertificatevalidityoffset</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>certificatevalidityoffset</string> + <string>-10m</string> + </void> + <void method="put"> + <string>useexpirationrestrictionforweekdays</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>expirationrestrictionforweekdaysbefore</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>expirationrestrictionweekdays</string> + <object class="java.util.ArrayList"> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>true</boolean> + </void> + </object> + </void> + <void method="put"> + <string>allowvalidityoverride</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>allowextensionoverride</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>allowdnoverride</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>allowdnoverridebyeei</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>allowbackdatedrevokation</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecertificatestorage</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>storecertificatedata</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>storesubjectaltname</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>usebasicconstrants</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>basicconstraintscritical</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>usesubjectkeyidentifier</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>subjectkeyidentifiercritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useauthoritykeyidentifier</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>authoritykeyidentifiercritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usesubjectalternativename</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>subjectalternativenamecritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useissueralternativename</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>issueralternativenamecritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecrldistributionpoint</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usedefaultcrldistributionpoint</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>crldistributionpointcritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>crldistributionpointuri</string> + <string></string> + </void> + <void method="put"> + <string>usefreshestcrl</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecadefinedfreshestcrl</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>freshestcrluri</string> + <string></string> + </void> + <void method="put"> + <string>crlissuer</string> + <string></string> + </void> + <void method="put"> + <string>usecertificatepolicies</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>certificatepoliciescritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>certificatepolicies</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>availablekeyalgorithms</string> + <object class="java.util.ArrayList"> + <void method="add"> + <string>DSA</string> + </void> + <void method="add"> + <string>ECDSA</string> + </void> + <void method="add"> + <string>RSA</string> + </void> + </object> + </void> + <void method="put"> + <string>availableeccurves</string> + <object class="java.util.ArrayList"> + <void method="add"> + <string>ANY_EC_CURVE</string> + </void> + </object> + </void> + <void method="put"> + <string>availablebitlengths</string> + <object class="java.util.ArrayList"> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>192</int> + </void> + <void method="add"> + <int>224</int> + </void> + <void method="add"> + <int>239</int> + </void> + <void method="add"> + <int>256</int> + </void> + <void method="add"> + <int>384</int> + </void> + <void method="add"> + <int>512</int> + </void> + <void method="add"> + <int>521</int> + </void> + <void method="add"> + <int>1024</int> + </void> + <void method="add"> + <int>1536</int> + </void> + <void method="add"> + <int>2048</int> + </void> + <void method="add"> + <int>3072</int> + </void> + <void method="add"> + <int>4096</int> + </void> + <void method="add"> + <int>6144</int> + </void> + <void method="add"> + <int>8192</int> + </void> + </object> + </void> + <void method="put"> + <string>minimumavailablebitlength</string> + <int>0</int> + </void> + <void method="put"> + <string>maximumavailablebitlength</string> + <int>8192</int> + </void> + <void method="put"> + <string>signaturealgorithm</string> + <null/> + </void> + <void method="put"> + <string>usekeyusage</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>keyusage</string> + <object class="java.util.ArrayList"> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + </object> + </void> + <void method="put"> + <string>allowkeyusageoverride</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>keyusagecritical</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>useextendedkeyusage</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>extendedkeyusage</string> + <object class="java.util.ArrayList"> + <void method="add"> + <string>1.3.6.1.5.5.7.3.2</string> + </void> + <void method="add"> + <string>1.3.6.1.5.5.7.3.4</string> + </void> + <void method="add"> + <string>1.3.6.1.5.5.7.3.1</string> + </void> + </object> + </void> + <void method="put"> + <string>extendedkeyusagecritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usedocumenttypelist</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>documenttypelistcritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>documenttypelist</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>availablecas</string> + <object class="java.util.ArrayList"> + <void method="add"> + <int>-1</int> + </void> + </object> + </void> + <void method="put"> + <string>usedpublishers</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>useocspnocheck</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useldapdnorder</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>usecustomdnorder</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usemicrosofttemplate</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>microsofttemplate</string> + <string></string> + </void> + <void method="put"> + <string>usecardnumber</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecnpostfix</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>cnpostfix</string> + <string></string> + </void> + <void method="put"> + <string>usesubjectdnsubset</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>subjectdnsubset</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>usesubjectaltnamesubset</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>subjectaltnamesubset</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>usepathlengthconstraint</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>pathlengthconstraint</string> + <int>0</int> + </void> + <void method="put"> + <string>useqcstatement</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usepkixqcsyntaxv2</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useqcstatementcritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useqcstatementraname</string> + <string></string> + </void> + <void method="put"> + <string>useqcsematicsid</string> + <string></string> + </void> + <void method="put"> + <string>useqcetsiqccompliance</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useqcetsisignaturedevice</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useqcetsivaluelimit</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>qcetsivaluelimit</string> + <int>0</int> + </void> + <void method="put"> + <string>qcetsivaluelimitexp</string> + <int>0</int> + </void> + <void method="put"> + <string>qcetsivaluelimitcurrency</string> + <string></string> + </void> + <void method="put"> + <string>useqcetsiretentionperiod</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>qcetsiretentionperiod</string> + <int>0</int> + </void> + <void method="put"> + <string>useqccustomstring</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>qccustomstringoid</string> + <string></string> + </void> + <void method="put"> + <string>qccustomstringtext</string> + <string></string> + </void> + <void method="put"> + <string>qcetsipds</string> + <null/> + </void> + <void method="put"> + <string>qcetsitype</string> + <null/> + </void> + <void method="put"> + <string>usecertificatetransparencyincerts</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecertificatetransparencyinocsp</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecertificatetransparencyinpublisher</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usesubjectdirattributes</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usenameconstraints</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useauthorityinformationaccess</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>caissuers</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>usedefaultcaissuer</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usedefaultocspservicelocator</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>ocspservicelocatoruri</string> + <string></string> + </void> + <void method="put"> + <string>cvcaccessrights</string> + <int>3</int> + </void> + <void method="put"> + <string>usedcertificateextensions</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>approvals</string> + <object class="java.util.LinkedHashMap"> + <void method="put"> + <object class="java.lang.Enum" method="valueOf"> + <class>org.cesecore.certificates.ca.ApprovalRequestType</class> + <string>REVOCATION</string> + </object> + <int>-1</int> + </void> + <void method="put"> + <object class="java.lang.Enum" method="valueOf"> + <class>org.cesecore.certificates.ca.ApprovalRequestType</class> + <string>KEYRECOVER</string> + </object> + <int>-1</int> + </void> + <void method="put"> + <object class="java.lang.Enum" method="valueOf"> + <class>org.cesecore.certificates.ca.ApprovalRequestType</class> + <string>ADDEDITENDENTITY</string> + </object> + <int>-1</int> + </void> + </object> + </void> + <void method="put"> + <string>useprivkeyusageperiodnotbefore</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useprivkeyusageperiod</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useprivkeyusageperiodnotafter</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>privkeyusageperiodstartoffset</string> + <long>0</long> + </void> + <void method="put"> + <string>privkeyusageperiodlength</string> + <long>63072000</long> + </void> + <void method="put"> + <string>usesingleactivecertificateconstraint</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>overridableextensionoids</string> + <object class="java.util.LinkedHashSet"/> + </void> + <void method="put"> + <string>nonoverridableextensionoids</string> + <object class="java.util.LinkedHashSet"/> + </void> + <void method="put"> + <string>allowcertsnoverride</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecustomdnorderldap</string> + <boolean>false</boolean> + </void> + </object> +</java> diff --git a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh index f1bd07e158..ad10240b94 100755 --- a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh +++ b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh @@ -12,6 +12,12 @@ configureEjbca() { ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value ${RA_IAK} ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe + #Custom EJBCA cert profile and endentity are imported to allow issuing certificates with correct extended usage (containing serverAuth) + ejbca.sh ca importprofiles -d /opt/primekey/custom_profiles + #Profile name taken from certprofile filename (certprofile_<profile-name>-<id>.xml) + ejbca.sh config cmp updatealias --alias cmpRA --key ra.certificateprofile --value CUSTOM_ENDUSER + #ID taken from entityprofile filename (entityprofile_<profile-name>-<id>.xml) + ejbca.sh config cmp updatealias --alias cmpRA --key ra.endentityprofileid --value 1356531849 ejbca.sh config cmp dumpalias --alias cmpRA ejbca.sh config cmp addalias --alias cmp ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true diff --git a/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml b/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml new file mode 100644 index 0000000000..19d872fe12 --- /dev/null +++ b/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml @@ -0,0 +1,936 @@ +<?xml version="1.0" encoding="UTF-8"?> +<java version="1.8.0_242" class="java.beans.XMLDecoder"> + <object class="java.util.LinkedHashMap"> + <void method="put"> + <string>version</string> + <float>14.0</float> + </void> + <void method="put"> + <string>NUMBERARRAY</string> + <object class="java.util.ArrayList"> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>3</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>1</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>0</int> + </void> + </object> + </void> + <void method="put"> + <string>SUBJECTDNFIELDORDER</string> + <object class="java.util.ArrayList"> + <void method="add"> + <int>500</int> + </void> + <void method="add"> + <int>1100</int> + </void> + <void method="add"> + <int>1200</int> + </void> + <void method="add"> + <int>1300</int> + </void> + <void method="add"> + <int>1400</int> + </void> + <void method="add"> + <int>1600</int> + </void> + </object> + </void> + <void method="put"> + <string>SUBJECTALTNAMEFIELDORDER</string> + <object class="java.util.ArrayList"> + <void method="add"> + <int>1800</int> + </void> + <void method="add"> + <int>1801</int> + </void> + <void method="add"> + <int>1802</int> + </void> + </object> + </void> + <void method="put"> + <string>SUBJECTDIRATTRFIELDORDER</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <int>0</int> + <string></string> + </void> + <void method="put"> + <int>20000</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10000</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30000</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>1</int> + <string></string> + </void> + <void method="put"> + <int>20001</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10001</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30001</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>95</int> + <string></string> + </void> + <void method="put"> + <int>20095</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10095</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30095</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>96</int> + <string></string> + </void> + <void method="put"> + <int>20096</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10096</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30096</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>5</int> + <string></string> + </void> + <void method="put"> + <int>20005</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10005</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30005</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>26</int> + <string></string> + </void> + <void method="put"> + <int>20026</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10026</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30026</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>29</int> + <string>1834889499</string> + </void> + <void method="put"> + <int>20029</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10029</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30029</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30</int> + <string>1834889499</string> + </void> + <void method="put"> + <int>20030</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10030</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30030</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>31</int> + <string>1</string> + </void> + <void method="put"> + <int>20031</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10031</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30031</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>32</int> + <string>1;2;3;4</string> + </void> + <void method="put"> + <int>20032</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10032</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30032</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>33</int> + <string></string> + </void> + <void method="put"> + <int>20033</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10033</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30033</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>34</int> + <string></string> + </void> + <void method="put"> + <int>20034</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10034</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30034</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>38</int> + <string>1</string> + </void> + <void method="put"> + <int>20038</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10038</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30038</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>37</int> + <string>-1501801709</string> + </void> + <void method="put"> + <int>20037</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10037</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30037</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>98</int> + <string></string> + </void> + <void method="put"> + <int>20098</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10098</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30098</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>99</int> + <string></string> + </void> + <void method="put"> + <int>20099</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10099</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30099</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>97</int> + <string></string> + </void> + <void method="put"> + <int>20097</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10097</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30097</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>91</int> + <string>false</string> + </void> + <void method="put"> + <int>20091</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10091</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30091</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>94</int> + <string>-1</string> + </void> + <void method="put"> + <int>20094</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10094</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30094</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>93</int> + <string>-1</string> + </void> + <void method="put"> + <int>20093</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10093</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30093</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>89</int> + <string></string> + </void> + <void method="put"> + <int>20089</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10089</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30089</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>88</int> + <string></string> + </void> + <void method="put"> + <int>20088</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10088</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>30088</int> + <boolean>true</boolean> + </void> + <void method="put"> + <string>ALLOW_MERGEDN_WEBSERVICES</string> + <boolean>false</boolean> + </void> + <void method="put"> + <int>2</int> + <string></string> + </void> + <void method="put"> + <int>20002</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10002</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10090</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>90</int> + <string>0</string> + </void> + <void method="put"> + <string>REVERSEFFIELDCHECKS</string> + <boolean>false</boolean> + </void> + <void method="put"> + <int>28</int> + <string>false</string> + </void> + <void method="put"> + <int>20028</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10028</int> + <boolean>false</boolean> + </void> + <void method="put"> + <string>REUSECERTIFICATE</string> + <boolean>false</boolean> + </void> + <void method="put"> + <int>35</int> + <string>false</string> + </void> + <void method="put"> + <int>20035</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10035</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10092</int> + <boolean>false</boolean> + </void> + <void method="put"> + <string>USEEXTENSIONDATA</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>PRINTINGUSE</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>PRINTINGDEFAULT</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>PRINTINGREQUIRED</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>PRINTINGCOPIES</string> + <int>1</int> + </void> + <void method="put"> + <string>PRINTINGPRINTERNAME</string> + <string></string> + </void> + <void method="put"> + <string>PRINTINGSVGDATA</string> + <string></string> + </void> + <void method="put"> + <string>PRINTINGSVGFILENAME</string> + <string></string> + </void> + <void method="put"> + <int>11</int> + <string></string> + </void> + <void method="put"> + <int>20011</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10011</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30011</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>12</int> + <string></string> + </void> + <void method="put"> + <int>20012</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10012</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30012</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>13</int> + <string></string> + </void> + <void method="put"> + <int>20013</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10013</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30013</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>14</int> + <string></string> + </void> + <void method="put"> + <int>20014</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10014</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30014</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>16</int> + <string></string> + </void> + <void method="put"> + <int>20016</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>10016</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30016</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>18</int> + <string></string> + </void> + <void method="put"> + <int>20018</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10018</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30018</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>118</int> + <string></string> + </void> + <void method="put"> + <int>20118</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10118</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30118</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>218</int> + <string></string> + </void> + <void method="put"> + <int>20218</int> + <boolean>false</boolean> + </void> + <void method="put"> + <int>10218</int> + <boolean>true</boolean> + </void> + <void method="put"> + <int>30218</int> + <boolean>true</boolean> + </void> + </object> +</java> diff --git a/kubernetes/contrib/components/ejbca/templates/configmap.yaml b/kubernetes/contrib/components/ejbca/templates/configmap.yaml index d336bc9a94..093657dfe0 100644 --- a/kubernetes/contrib/components/ejbca/templates/configmap.yaml +++ b/kubernetes/contrib/components/ejbca/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020, Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap @@ -18,3 +20,11 @@ metadata: name: "{{ include "common.fullname" . }}-config-script" data: {{ tpl (.Files.Glob "resources/ejbca-config.sh").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ include "common.fullname" . }}-profiles" +data: +{{ tpl (.Files.Glob "resources/certprofile_CUSTOM_ENDUSER-1834889499.xml").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/entityprofile_Custom_EndEntity-1356531849.xml").AsConfig . | indent 2 }} diff --git a/kubernetes/contrib/components/ejbca/templates/deployment.yaml b/kubernetes/contrib/components/ejbca/templates/deployment.yaml index c6981e5fc4..55de54febf 100644 --- a/kubernetes/contrib/components/ejbca/templates/deployment.yaml +++ b/kubernetes/contrib/components/ejbca/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020, Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -24,7 +26,7 @@ spec: initContainers: - name: {{ include "common.name" . }}-db-readiness command: - - /root/ready.py + - /app/ready.py args: - --container-name {{- if .Values.global.mariadbGalera.localCluster }} @@ -38,7 +40,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} containers: - name: {{ include "common.name" . }}-ejbca @@ -51,6 +53,8 @@ spec: volumeMounts: - name: "{{ include "common.fullname" . }}-volume" mountPath: /opt/primekey/scripts/ + - name: "{{ include "common.fullname" . }}-profiles-volume" + mountPath: /opt/primekey/custom_profiles/ ports: {{ include "common.containerPorts" . | nindent 10 }} env: - name: INITIAL_ADMIN @@ -85,8 +89,13 @@ spec: {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end }} + resources: {{ include "common.resources" . | nindent 10 }} volumes: - configMap: name: "{{ include "common.fullname" . }}-config-script" defaultMode: 0755 name: "{{ include "common.fullname" . }}-volume" + - configMap: + name: "{{ include "common.fullname" . }}-profiles" + defaultMode: 0755 + name: "{{ include "common.fullname" . }}-profiles-volume" diff --git a/kubernetes/contrib/components/ejbca/templates/secret.yaml b/kubernetes/contrib/components/ejbca/templates/secret.yaml index ecb51ae4d3..837da0959b 100644 --- a/kubernetes/contrib/components/ejbca/templates/secret.yaml +++ b/kubernetes/contrib/components/ejbca/templates/secret.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020, Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/contrib/components/ejbca/templates/service.yaml b/kubernetes/contrib/components/ejbca/templates/service.yaml index 01680ee78e..46eed4264c 100644 --- a/kubernetes/contrib/components/ejbca/templates/service.yaml +++ b/kubernetes/contrib/components/ejbca/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020, Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.service" . }} diff --git a/kubernetes/contrib/components/ejbca/values.yaml b/kubernetes/contrib/components/ejbca/values.yaml index 82bc03c597..35160e4b13 100644 --- a/kubernetes/contrib/components/ejbca/values.yaml +++ b/kubernetes/contrib/components/ejbca/values.yaml @@ -12,9 +12,8 @@ # See the License for the specific language governing permissions and # limitations under the License. global: - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.1 - mariadbGalera: &mariadbGalera + readinessImage: onap/oom/readiness:3.0.1 + mariadbGalera: &mariadbGalera #This flag allows EJBCA to instantiate its own mariadb-galera cluster localCluster: false service: mariadb-galera @@ -38,6 +37,7 @@ secrets: password: '{{ .Values.config.ejbca.clientIak }}' # application configuration +repository: nexus3.onap.org:10001 config: db: userName: ejbca @@ -104,3 +104,23 @@ service: port: 8443 plain_port: 8080 port_protocol: http + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 1500m + memory: 1536Mi + requests: + cpu: 10m + memory: 750Mi + large: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 20m + memory: 1Gi + unlimited: {} diff --git a/kubernetes/contrib/components/netbox/Makefile b/kubernetes/contrib/components/netbox/Makefile index 3194d40020..da18203981 100644 --- a/kubernetes/contrib/components/netbox/Makefile +++ b/kubernetes/contrib/components/netbox/Makefile @@ -11,6 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +HELM_BIN := helm make-netbox: - cd charts && helm dep up netbox-postgres && helm dep up netbox-nginx && helm dep up netbox-app + cd charts && $(HELM_BIN) dep up netbox-postgres && $(HELM_BIN) dep up netbox-nginx && $(HELM_BIN) dep up netbox-app diff --git a/kubernetes/contrib/components/netbox/charts/netbox-app/templates/job.yaml b/kubernetes/contrib/components/netbox/charts/netbox-app/templates/job.yaml index 7586a6c95e..ed6518ed1a 100644 --- a/kubernetes/contrib/components/netbox/charts/netbox-app/templates/job.yaml +++ b/kubernetes/contrib/components/netbox/charts/netbox-app/templates/job.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: batch/v1 kind: Job @@ -36,7 +38,7 @@ spec: image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - netbox-app diff --git a/kubernetes/contrib/components/netbox/charts/netbox-nginx/templates/service.yaml b/kubernetes/contrib/components/netbox/charts/netbox-nginx/templates/service.yaml index ed761374fa..c01612e0f4 100755 --- a/kubernetes/contrib/components/netbox/charts/netbox-nginx/templates/service.yaml +++ b/kubernetes/contrib/components/netbox/charts/netbox-nginx/templates/service.yaml @@ -31,7 +31,7 @@ spec: - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }} {{- else -}} - - port: {{ .Values.service.externalPort }} + - port: {{ .Values.service.internalPort }} targetPort: {{ .Values.service.internalPort }} {{- end}} selector: diff --git a/kubernetes/contrib/components/netbox/charts/netbox-nginx/values.yaml b/kubernetes/contrib/components/netbox/charts/netbox-nginx/values.yaml index f67ff06410..e94e50bc4f 100755 --- a/kubernetes/contrib/components/netbox/charts/netbox-nginx/values.yaml +++ b/kubernetes/contrib/components/netbox/charts/netbox-nginx/values.yaml @@ -75,7 +75,7 @@ persistence: staticPvName: netbox-static service: - type: NodePort + type: ClusterIP name: netbox-nginx portName: netbox-nginx internalPort: 8080 diff --git a/kubernetes/contrib/components/netbox/values.yaml b/kubernetes/contrib/components/netbox/values.yaml index 2dfb36b1e5..5dc4535ca3 100755 --- a/kubernetes/contrib/components/netbox/values.yaml +++ b/kubernetes/contrib/components/netbox/values.yaml @@ -16,10 +16,10 @@ # Global configuration defaults. ################################################################# global: + readinessRepository: nexus3.onap.org:10001 nodePortPrefixExt: 304 commonConfigPrefix: netbox - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 + readinessImage: onap/oom/readiness:3.0.1 ################################################################# # Application configuration defaults. diff --git a/kubernetes/contrib/tools/check-for-staging-images.sh b/kubernetes/contrib/tools/check-for-staging-images.sh new file mode 100755 index 0000000000..ce51b30b58 --- /dev/null +++ b/kubernetes/contrib/tools/check-for-staging-images.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +BASE_URL="https://nexus3.onap.org/repository/docker.release" + +if [ "$GERRIT_BRANCH" == "staging" ]; then + exit 0 +fi + +USED_IMAGES=$(grep -r -E -o -h ':\s*onap/.*:.*' | sed -e 's/^: //' -e 's/^ //' | sort | uniq) +REPO_IMAGES=$(curl -s $BASE_URL/v2/_catalog | jq -r '.repositories[]') +NOT_AVAILABLE_IMAGES=$(echo "$USED_IMAGES" | grep -vE "$(echo "$REPO_IMAGES" | tr "\n" "|" | sed 's/|$//')") +USED_IMAGES=$(echo "$USED_IMAGES" | grep -E "$(echo "$REPO_IMAGES" | tr "\n" "|" | sed 's/|$//')") +for i in $USED_IMAGES; do + TMP_IMG=$(echo "$i" | cut -d ":" -f1) + TMP_TAG=$(echo "$i" | cut -d ":" -f2) + if [ "$LAST_IMG" != "$TMP_IMG" ]; then + AVAILABLE_TAGS=$(curl -s $BASE_URL/v2/$TMP_IMG/tags/list | jq -r '.tags[]') + fi + if ! echo "$AVAILABLE_TAGS" | grep "$TMP_TAG" > /dev/null; then + NOT_AVAILABLE_IMAGES="$NOT_AVAILABLE_IMAGES\n$i" + fi + LAST_IMG="$TMP_IMG" + printf "." +done +printf "\n" +if [ -n "$NOT_AVAILABLE_IMAGES" ]; then + echo "[ERROR] Only release images are allowed in helm charts." + echo "[ERROR] Images not found in release repo:" + echo -e "$NOT_AVAILABLE_IMAGES" + exit 1 +fi +exit 0
\ No newline at end of file diff --git a/kubernetes/dcaegen2/.helmignore b/kubernetes/dcaegen2/.helmignore index f0c1319444..7ddbad7ef4 100644 --- a/kubernetes/dcaegen2/.helmignore +++ b/kubernetes/dcaegen2/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +components/ diff --git a/kubernetes/dcaegen2/Makefile b/kubernetes/dcaegen2/Makefile index f10f2fc682..bf20455a5f 100644 --- a/kubernetes/dcaegen2/Makefile +++ b/kubernetes/dcaegen2/Makefile @@ -11,37 +11,36 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -make-dcaegen2: make-dcae-bootstrap make-dcae-cloudify-manager make-dcae-config-binding-service make-dcae-healthcheck make-dcae-redis make-dcae-servicechange-handler make-dcae-inventory-api make-dcae-deployment-handler make-dcae-policy-handler make-dcae-dashboard +HELM_BIN := helm + +make-dcaegen2: make-dcae-bootstrap make-dcae-cloudify-manager make-dcae-config-binding-service make-dcae-healthcheck make-dcae-servicechange-handler make-dcae-inventory-api make-dcae-deployment-handler make-dcae-policy-handler make-dcae-dashboard make-dcae-bootstrap: - cd components && helm dep up dcae-bootstrap && helm lint dcae-bootstrap + cd components && $(HELM_BIN) dep up dcae-bootstrap && $(HELM_BIN) lint dcae-bootstrap make-dcae-cloudify-manager: - cd components && helm dep up dcae-cloudify-manager && helm lint dcae-cloudify-manager + cd components && $(HELM_BIN) dep up dcae-cloudify-manager && $(HELM_BIN) lint dcae-cloudify-manager make-dcae-config-binding-service: - cd components && helm dep up dcae-config-binding-service && helm lint dcae-config-binding-service + cd components && $(HELM_BIN) dep up dcae-config-binding-service && $(HELM_BIN) lint dcae-config-binding-service make-dcae-healthcheck: - cd components && helm dep up dcae-healthcheck && helm lint dcae-healthcheck - -make-dcae-redis: - cd components && helm dep up dcae-redis && helm lint dcae-redis + cd components && $(HELM_BIN) dep up dcae-healthcheck && $(HELM_BIN) lint dcae-healthcheck make-dcae-servicechange-handler: - cd components && helm dep up dcae-servicechange-handler && helm lint dcae-servicechange-handler + cd components && $(HELM_BIN) dep up dcae-servicechange-handler && $(HELM_BIN) lint dcae-servicechange-handler make-dcae-inventory-api: - cd components && helm dep up dcae-inventory-api && helm lint dcae-inventory-api + cd components && $(HELM_BIN) dep up dcae-inventory-api && $(HELM_BIN) lint dcae-inventory-api make-dcae-deployment-handler: - cd components && helm dep up dcae-deployment-handler && helm lint dcae-deployment-handler + cd components && $(HELM_BIN) dep up dcae-deployment-handler && $(HELM_BIN) lint dcae-deployment-handler make-dcae-policy-handler: - cd components && helm dep up dcae-policy-handler && helm lint dcae-policy-handler + cd components && $(HELM_BIN) dep up dcae-policy-handler && $(HELM_BIN) lint dcae-policy-handler make-dcae-dashboard: - cd components && helm dep up dcae-dashboard && helm lint dcae-dashboard + cd components && $(HELM_BIN) dep up dcae-dashboard && $(HELM_BIN) lint dcae-dashboard clean: @find . -type f -name '*.tgz' -delete diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml index e917e900c7..a31aaf1106 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml @@ -31,3 +31,6 @@ dependencies: - name: cmpv2Config version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/dmaap-plugin.json b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/dmaap-plugin.json index c52a0a8606..44a345455a 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/dmaap-plugin.json +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/dmaap-plugin.json @@ -3,5 +3,5 @@ "username": "notused", "password": "doesnotmatter", "owner": "dcaecm" - } + } }
\ No newline at end of file diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json index 6de75c96d7..568d6f77c9 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== #================================================================================= # Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. @@ -16,40 +17,44 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} { - "namespace" : "{{ if .Values.dcae_ns }}{{ .Values.dcae_ns}}{{ else }}{{include "common.namespace" . }}{{ end}}", - "consul_dns_name" : "{{ .Values.config.address.consul.host }}.{{ include "common.namespace" . }}", - "default_k8s_location" : "{{ .Values.default_k8s_location }}", - "image_pull_secrets" : ["{{ include "common.namespace" . }}-docker-registry-key"], - "filebeat": - { - "log_path": "/var/log/onap", - "data_path": "/usr/share/filebeat/data", - "config_path": "/usr/share/filebeat/filebeat.yml", - "config_subpath": "filebeat.yml", - "image" : "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}", - "config_map" : "{{ include "common.release" . }}-dcae-filebeat-configmap" - }, - "tls": - { - "cert_path": "/opt/app/osaaf", - "image": "{{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}", - "component_cert_dir": "/opt/dcae/cacert", - "component_ca_cert_path": "/opt/dcae/cacert/cacert.pem", - "ca_cert_configmap": "{{ include "common.fullname" . }}-dcae-cacert" - }, - "external_cert": - { - "image_tag": "{{ .Values.global.tlsRepository }}/{{ .Values.cmpv2Config.global.aaf.certServiceClient.image }}", - "request_url": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.requestURL }}", - "timeout": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.requestTimeout }}", - "country": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2Country }}", - "organization": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2Organization }}", - "state": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2State }}", - "organizational_unit": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2OrganizationalUnit }}", - "location": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2Location }}", - "keystore_password": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.keystorePassword }}", - "truststore_password": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.truststorePassword }}" - } -} + "namespace": "{{ if .Values.dcae_ns }}{{ .Values.dcae_ns}}{{ else }}{{include "common.namespace" . }}{{ end}}", + "consul_dns_name": "{{ .Values.config.address.consul.host }}.{{ include "common.namespace" . }}", + "default_k8s_location": "{{ .Values.default_k8s_location }}", + "image_pull_secrets": [ + "{{ include "common.namespace" . }}-docker-registry-key" + ], + "filebeat": { + "log_path": "/var/log/onap", + "data_path": "/usr/share/filebeat/data", + "config_path": "/usr/share/filebeat/filebeat.yml", + "config_subpath": "filebeat.yml", + "image": "{{ include "repositoryGenerator.image.logging" . }}", + "config_map": "{{ include "common.release" . }}-dcae-filebeat-configmap" + }, + "tls": { + "cert_path": "/opt/app/osaaf", + "image": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tlsImage }}", + "component_cert_dir": "/opt/dcae/cacert", + "component_ca_cert_path": "/opt/dcae/cacert/cacert.pem", + "ca_cert_configmap": "{{ include "common.fullname" . }}-dcae-cacert" + }, + "external_cert": { + "image_tag": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.cmpv2Config.global.platform.certServiceClient.image }}", + "request_url": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.requestURL }}", + "timeout": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.requestTimeout }}", + "country": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Country }}", + "organization": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Organization }}", + "state": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2State }}", + "organizational_unit": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2OrganizationalUnit }}", + "location": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Location }}", + "cert_secret_name": "{{ .Values.cmpv2Config.global.platform.certServiceClient.secretName }}", + "keystore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.keystorePassword }}", + "truststore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.truststorePassword }}" + }, + "truststore_merger": { + "image_tag": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.cmpv2Config.global.platform.certPostProcessor.image }}" + } +}
\ No newline at end of file diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-datafile-collector-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-datafile-collector-inputs.yaml index f330e647b4..8c2c0a217b 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-datafile-collector-inputs.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-datafile-collector-inputs.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== #================================================================================= # Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved. @@ -15,9 +16,10 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} {{ if .Values.componentImages.datafile_collector }} -tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.datafile_collector }} +tag_version: {{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.datafile_collector }} {{ end }} host_port: {{ .Values.config.address.datafile_collector.port }} host_port_secure: {{ .Values.config.address.datafile_collector.portSecure }} diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-holmes_engine-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-holmes_engine-inputs.yaml index f6a4c7cf85..7aa1b8d03a 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-holmes_engine-inputs.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-holmes_engine-inputs.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== #================================================================================= # Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved. @@ -15,10 +16,11 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} { {{ if .Values.componentImages.holmes_engine }} - "he_image" : '{{ include "common.repository" . }}/{{ .Values.componentImages.holmes_engine }}', + "he_image" : '{{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.holmes_engine }}', {{ end }} "msb_hostname": "{{ .Values.config.address.msb_iag }}.{{include "common.namespace" . }}", "dcae_CL_publish_url": "http://{{ .Values.config.address.message_router }}.{{include "common.namespace" . }}:3904/events/unauthenticated.DCAE_CL_OUTPUT", diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-holmes_rules-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-holmes_rules-inputs.yaml index 7ede89e521..6c311ec47e 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-holmes_rules-inputs.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-holmes_rules-inputs.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== #================================================================================= # Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved. @@ -15,10 +16,11 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} { {{ if .Values.componentImages.holmes_rules }} - "hr_image" : '{{ include "common.repository" . }}/{{ .Values.componentImages.holmes_rules }}', + "hr_image" : '{{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.holmes_rules }}', {{ end }} "msb_hostname": "{{ .Values.config.address.msb_iag }}.{{include "common.namespace" . }}", diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml index a0cbbbdba2..08a3c357ba 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml @@ -1,6 +1,8 @@ +{{/* #============LICENSE_START======================================================== #================================================================================= -# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2020 Nokia. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,9 +16,15 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} {{ if .Values.componentImages.hv_ves }} -tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.hv_ves }} +tag_version: {{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.hv_ves }} {{ end }} use_tls: true -security_ssl_disable: false
\ No newline at end of file +security_ssl_disable: false +external_cert_ca_name: "RA" +external_cert_common_name: "dcae-hv-ves-collector" +external_cert_sans: "dcae-hv-ves-collector:hv-ves-collector:hv-ves" +external_cert_cert_type: "JKS" +external_cert_use_external_tls: false diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-pgaas-initdb-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-pgaas-initdb-inputs.yaml index eb4cf252d4..71c91b4f77 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-pgaas-initdb-inputs.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-pgaas-initdb-inputs.yaml @@ -1,3 +1,4 @@ +{{/* #================================================================================= # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada @@ -14,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} k8s_pgaas_instance_fqdn: {{ .Values.postgres.service.name2 }}.{{include "common.namespace" . }} k8s_initial_password: $PG_ROOT_PASSWORD diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-prh-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-prh-inputs.yaml index 1491e731d8..efc8c77366 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-prh-inputs.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-prh-inputs.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== #================================================================================= # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. @@ -14,7 +15,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} {{ if .Values.componentImages.prh }} -tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.prh }} +tag_version: {{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.prh }} {{ end }} diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-snmptrap-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-snmptrap-inputs.yaml index aa2b9a3f18..7c234243b0 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-snmptrap-inputs.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-snmptrap-inputs.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== #================================================================================= # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. @@ -15,8 +16,9 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} {{ if .Values.componentImages.snmptrap }} -tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.snmptrap }} +tag_version: {{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.snmptrap }} {{ end }} external_port: {{ .Values.config.address.snmptrap.port }} diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tca-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tca-inputs.yaml deleted file mode 100644 index 9240094fa9..0000000000 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tca-inputs.yaml +++ /dev/null @@ -1,28 +0,0 @@ -#============LICENSE_START======================================================== -#================================================================================= -# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright © 2018 Amdocs, Bell Canada -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -{{ if .Values.componentImages.tca }} -tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.tca }} -{{ end }} -dmaap_host: {{ .Values.config.address.message_router }}.{{include "common.namespace" . }} -consul_host: {{ .Values.config.address.consul.host }}.{{include "common.namespace" . }} -cbs_host: config-binding-service -enableRedisCaching: {{ .Values.config.redisCaching }} -{{ if .Values.config.redisHosts }} -redisHosts: {{ .Values.config.redisHosts }} -{{ end }} diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml index 5074cb8a7f..eb7caf1eee 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== #================================================================================= # Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. @@ -14,9 +15,10 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} {{ if .Values.componentImages.tcagen2 }} -tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.tcagen2 }} +tag_version: {{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.tcagen2 }} {{ end }} tca_handle_in_subscribe_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/" -tca_handle_out_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.TCAGEN2_OUTPUT/" +tca_handle_out_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.DCAE_CL_OUTPUT/" diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml index 5a2a595ca6..e09e37dd31 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== #================================================================================= # Copyright (c) 2020 Nokia. All rights reserved. @@ -14,15 +15,17 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} {{ if .Values.componentImages.ves }} -tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.ves }} +tag_version: {{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.ves }} {{ end }} external_port: 0 external_port_tls: {{ .Values.config.address.ves.portSecure }} auth_method: "certBasicAuth" -component_name: "dcae-ves-collector" -dns_component_name: "dcae-ves-collector" +service_component_type: "dcae-ves-collector" +service_id: "dcae-ves-collector" +service_component_name_override: "dcae-ves-collector" enable_tls: true ves_other_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_OTHER_OUTPUT/" ves_heartbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_HEARTBEAT_OUTPUT/" @@ -30,4 +33,13 @@ ves_fault_publish_url: "http://{{ .Values.config.address.message_router }}:3904/ ves_measurement_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/" ves_pnfRegistration_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_PNFREG_OUTPUT/" ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/" +ves_3gpp_fault_supervision_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT/" +ves_3gpp_provisioning_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT/" +ves_3gpp_hearbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT/" +ves_3gpp_performance_assurance_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT/" user_list: "sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6|demouser,$2a$10$1cc.COcqV/d3iT2N7BjPG.S6ZKv2jpb9a5MV.o7lMih/GpjJRX.Ce" +external_cert_ca_name: "RA" +external_cert_common_name: "dcae-ves-collector" +external_cert_sans: "dcae-ves-collector:ves-collector:ves" +external_cert_cert_type: "JKS" +external_cert_use_external_tls: false diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml index dda75dd874..349645bb7b 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== #================================================================================= # Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved. @@ -16,18 +17,24 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} {{ if .Values.componentImages.ves }} -tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.ves }} +tag_version: {{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.ves }} {{ end }} external_port_tls: 0 external_port: {{ .Values.config.address.ves.port }} auth_method: "noAuth" -component_name: "dcae-ves-collector-http" -dns_component_name: "dcae-ves-collector-http" +service_component_type: "dcae-http-ves-collector" +service_id: "dcae-http-ves-collector-http" +service_component_name_override: "dcae-http-ves-collector" ves_other_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_OTHER_OUTPUT/" ves_heartbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_HEARTBEAT_OUTPUT/" ves_fault_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_FAULT_OUTPUT/" ves_measurement_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/" ves_pnfRegistration_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_PNFREG_OUTPUT/" ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/" +ves_3gpp_fault_supervision_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT/" +ves_3gpp_provisioning_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT/" +ves_3gpp_hearbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT/" +ves_3gpp_performance_assurance_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT/" diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/configmap.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/configmap.yaml index 21134ada9f..47db1753e0 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/configmap.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved. @@ -15,6 +16,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml index 5c96138b03..15a2ad1212 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml @@ -1,6 +1,7 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,6 +16,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} apiVersion: apps/v1 kind: Deployment @@ -51,15 +53,15 @@ spec: name: {{ include "common.fullname" . }}-dcae-inputs-input - mountPath: /config name: {{ include "common.fullname" . }}-dcae-inputs - image: "{{ .Values.global.envsubstImage }}" + image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config - name: {{ include "common.name" . }}-readiness - image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - dcae-cloudify-manager @@ -92,14 +94,14 @@ spec: fieldPath: status.podIP - name: aaf_locator_fqdn value: dcae - image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tlsImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {} volumeMounts: - mountPath: /opt/app/osaaf name: tls-info - name: init-consul - image: {{ .Values.global.consulLoaderRepository }}/{{ .Values.global.consulLoaderImage }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.consulLoaderImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} args: - --service @@ -109,7 +111,7 @@ spec: resources: {} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {{ include "common.resources" . | indent 12 }} @@ -128,10 +130,7 @@ spec: - name: CMADDR value: {{ .Values.config.address.cm.host }} - name: CMPASS - valueFrom: - secretKeyRef: - name: {{ include "common.name" . }}-cmpass - key: password + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14}} - name: CMPROTO value: {{ .Values.config.address.cm.proto }} - name: CMPORT diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml index 44395e48e8..c8fbd04150 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml @@ -1,6 +1,7 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,19 +16,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.name" . }}-cmpass - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - password: YWRtaW4= ---- {{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index 33682e7dbe..668dcc7e18 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== #================================================================================= -# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -22,13 +22,8 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - tlsRepository: nexus3.onap.org:10001 tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - envsubstImage: dibi/envsubst + consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 secrets: - uid: pg-root-pass @@ -37,6 +32,10 @@ secrets: externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "dcae-bootstrap-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}' password: '{{ .Values.postgres.config.pgRootpassword }}' policy: generate + - uid: 'cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' config: logstashServiceName: log-ls @@ -70,8 +69,6 @@ config: ves: port: 30235 portSecure: 30417 - # redisCaching is a string not a boolean! - redisCaching: "false" # postgres values--overriding defaults in the postgres subchart postgres: @@ -106,21 +103,19 @@ mongo: disableNfsProvisioner: true # application image -repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.0.2 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.1.8 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager # Use to override default setting in blueprints componentImages: - holmes_rules: onap/holmes/rule-management:1.2.7 - holmes_engine: onap/holmes/engine-management:1.2.6 - tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.2.2 - tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.1 - ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.1 + holmes_rules: onap/holmes/rule-management:1.2.9 + holmes_engine: onap/holmes/engine-management:1.2.9 + tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.2.1 + ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.9 snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0 - prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.2 - hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.4.0 + prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.4 + hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.5.0 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml index caff1e5dc4..c2681fb217 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml @@ -17,3 +17,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/config.txt b/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/config.txt index 7606ba55ae..e079ec81c0 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/config.txt +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/config.txt @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. @@ -15,5 +16,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} [consul] address={{ .Values.config.address.consul.host }}:{{ .Values.config.address.consul.port }} diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/log/filebeat.yml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/log/filebeat.yml index 1a3f693a12..06e553d9d4 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/log/filebeat.yml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/log/filebeat.yml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. @@ -15,6 +16,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} filebeat.prospectors: #it is mandatory, in our case it's log - input_type: log diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/configmap.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/configmap.yaml index f1add2dac1..6ec98b56c4 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/configmap.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. @@ -15,6 +16,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml index b5bb66b8c0..6c7fa4d85c 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml @@ -1,7 +1,9 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada +# Copyright (c) 2020 J. F. Lucas. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,6 +17,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} apiVersion: apps/v1 kind: Deployment @@ -45,10 +48,10 @@ spec: - "dcae-cloudify-manager" initContainers: - name: {{ include "common.name" . }}-readiness - image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - aaf-cm @@ -61,14 +64,13 @@ spec: apiVersion: v1 fieldPath: metadata.namespace - name: {{ include "common.name" . }}-multisite-init - image: {{ include "common.repository" . }}/{{ .Values.multisiteInitImage }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.multisiteInitImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} args: - --namespace - {{ include "common.namespace" . }} - --configmap - {{ .Values.multisiteConfigMapName }} - restartPolicy: Never - name: init-tls env: - name: POD_IP @@ -78,7 +80,7 @@ spec: fieldPath: status.podIP - name: aaf_locator_fqdn value: dcae - image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tlsImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {} volumeMounts: @@ -86,7 +88,7 @@ spec: name: tls-info {{- if .Values.persistence.enabled }} - name: remove-lost-found - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /cfy-persist @@ -99,7 +101,7 @@ spec: {{- end }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: REQUESTS_CA_BUNDLE @@ -116,6 +118,7 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} {{ end }} readinessProbe: exec: @@ -123,6 +126,7 @@ spec: - /scripts/readiness-check.sh initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} + timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} volumeMounts: - mountPath: /opt/onap/config.txt subPath: config.txt @@ -144,6 +148,9 @@ spec: name: cm-persistent - mountPath: /opt/onap/certs name: tls-info + - mountPath: /opt/onap/cm-secrets + name: cm-secrets + readOnly: true securityContext: privileged: True volumes: @@ -171,5 +178,8 @@ spec: {{- end }} - emptyDir: {} name: tls-info + - name: cm-secrets + secret: + secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "cm-pass") }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/job.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/job.yaml index 96d305a7a7..2e8b4cd4e8 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/job.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/job.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. @@ -14,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} apiVersion: batch/v1 kind: Job metadata: @@ -38,5 +40,5 @@ spec: restartPolicy: Never containers: - name: dcae-cleanup - image: {{ include "common.repository" . }}/{{ .Values.cleanupImage }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.cleanupImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml index 57cbe89cc1..960ec786b2 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. @@ -15,7 +16,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= - +*/}} {{ if .Values.dcae_ns}} # Create the namespace apiVersion: v1 diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/pv.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/pv.yaml index 0dd128fd4d..95c841a9fd 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/pv.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/pv.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. @@ -15,6 +16,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} {{- if eq "True" (include "common.needPV" .) }} diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/pvc.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/pvc.yaml index c4de971f39..3fbdc91d66 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/pvc.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/pvc.yaml @@ -1,3 +1,4 @@ +{{/* # ================================================================================ # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # ================================================================================ @@ -13,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} kind: PersistentVolumeClaim diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml index dee9200eff..91666c1422 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. @@ -15,6 +16,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} {{ if .Values.dcae_ns}} apiVersion: v1 @@ -28,7 +30,7 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: - .dockercfg: {{ include "common.repository.secret" . }} + .dockercfg: {{ include "repositoryGenerator.secret" . }} type: kubernetes.io/dockercfg --- {{ end }} @@ -41,3 +43,5 @@ metadata: annotations: kubernetes.io/service-account.name: default type: kubernetes.io/service-account-token +--- +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/service.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/service.yaml index 525931e109..3a28616687 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/service.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. @@ -15,6 +16,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml index b7ea4c9e6f..fd4e1217c4 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml @@ -1,7 +1,8 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada +# Copyright (c) 2020 J. F. Lucas. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,17 +23,20 @@ global: nodePortPrefix: 302 persistence: {} - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - tlsRepository: nexus3.onap.org:10001 tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 repositoryCred: user: docker password: docker +secrets: + - uid: 'cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' + policy: required + config: + cloudifyManagerPassword: "override me" logstashServiceName: log-ls logstashPort: 5044 # Addresses of other ONAP entities @@ -45,8 +49,7 @@ config: # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.cm-container:3.0.0 +image: onap/org.onap.dcaegen2.deployments.cm-container:3.3.4 pullPolicy: Always # name of shared ConfigMap with kubeconfig for multiple clusters @@ -62,6 +65,7 @@ cleanupImage: onap/org.onap.dcaegen2.deployments.dcae-k8s-cleanup-container:1.0. liveness: initialDelaySeconds: 10 periodSeconds: 10 + timeoutSeconds: 5 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container # liveness not desirable for Cloudify Manager container @@ -69,7 +73,13 @@ liveness: readiness: initialDelaySeconds: 60 - periodSeconds: 10 + # In some environments we see CM coming up + # properly but readiness probe timing out. + # Increasing the timeout and adjusting the + # period so it's longer than the timeout. + # (DCAEGEN2-2465) + periodSeconds: 30 + timeoutSeconds: 10 service: type: ClusterIP @@ -80,21 +90,23 @@ service: # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) +# Due to memory issues in ONAP integration environment, +# we've increased the memory amounts for both flavors. resources: small: limits: cpu: 2 - memory: 2Gi + memory: 4Gi requests: cpu: 1 - memory: 1Gi + memory: 2Gi large: limits: cpu: 4 - memory: 4Gi + memory: 8Gi requests: cpu: 2 - memory: 2Gi + memory: 4Gi unlimited: {} # Kubernetes namespace for components deployed via Cloudify manager # If empty, use the common namespace diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml index caff1e5dc4..c2681fb217 100644 --- a/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml @@ -17,3 +17,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/resources/config/log/filebeat/filebeat.yml b/kubernetes/dcaegen2/components/dcae-config-binding-service/resources/config/log/filebeat/filebeat.yml index 1a3f693a12..06e553d9d4 100644 --- a/kubernetes/dcaegen2/components/dcae-config-binding-service/resources/config/log/filebeat/filebeat.yml +++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/resources/config/log/filebeat/filebeat.yml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. @@ -15,6 +16,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} filebeat.prospectors: #it is mandatory, in our case it's log - input_type: log diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/configmap.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/configmap.yaml index af4948d925..67fcce4d53 100644 --- a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/configmap.yaml +++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2019 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap metadata: diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml index 959c7f4826..65d0b36927 100644 --- a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. @@ -14,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} apiVersion: apps/v1 kind: Deployment @@ -38,10 +40,10 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-readiness - image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - consul-server @@ -65,7 +67,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: status.podIP - image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tlsImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {} volumeMounts: @@ -75,7 +77,7 @@ spec: containers: {{- if .Values.service.secure.enabled }} - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {{ include "common.resources" . | indent 12 }} @@ -89,7 +91,7 @@ spec: port: {{ .Values.service.secure.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} + {{ end }} readinessProbe: httpGet: scheme: "HTTPS" @@ -112,7 +114,7 @@ spec: - name: HTTPS_KEY_PATH value: "/opt/tls/key.pem" - name: {{ include "common.name" . }}-fb-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-fb-conf @@ -125,7 +127,7 @@ spec: {{ end }} {{- if .Values.service.insecure.enabled }} - name: {{ include "common.name" . }}-insecure - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {{ include "common.resources" . | indent 12 }} @@ -139,7 +141,7 @@ spec: port: {{ .Values.service.insecure.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} + {{ end }} readinessProbe: httpGet: scheme: "HTTP" @@ -154,7 +156,7 @@ spec: - name: CONSUL_HOST value: consul.{{ include "common.namespace" . }} - name: {{ include "common.name" . }}-fb-onap-i - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-fb-conf diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/service.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/service.yaml index 5ca5035f87..c4cc0a9902 100644 --- a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/service.yaml +++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. @@ -14,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml index a27fba52ae..63f96044fa 100644 --- a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml @@ -21,15 +21,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - tlsRepository: nexus3.onap.org:10001 tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - repositoryCred: - user: docker - password: docker config: logstashServiceName: log-ls @@ -44,8 +36,7 @@ config: # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.configbinding:2.5.2 +image: onap/org.onap.dcaegen2.platform.configbinding:2.5.3 pullPolicy: Always # probe configuration parameters diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml index 07787a8206..cbc9a739c5 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: postgres version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/resources/log/filebeat.yml b/kubernetes/dcaegen2/components/dcae-dashboard/resources/log/filebeat.yml index 0e5ee9bffa..1e33eb3684 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/resources/log/filebeat.yml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/resources/log/filebeat.yml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved. @@ -15,6 +16,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} filebeat.prospectors: #it is mandatory, in our case it's log - input_type: log diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/configmap.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/configmap.yaml index 41d5826e13..958e810178 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/configmap.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2019 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap metadata: diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml index 9765b62ae2..e93f8d8fb9 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml @@ -1,6 +1,7 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} apiVersion: apps/v1 kind: Deployment @@ -38,10 +40,10 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-readiness - image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - dcae-cloudify-manager @@ -70,7 +72,7 @@ spec: fieldPath: status.podIP - name: aaf_locator_fqdn value: dcae - image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tlsImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {} volumeMounts: @@ -78,7 +80,7 @@ spec: name: tls-info containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {{ include "common.resources" . | indent 12 }} @@ -105,7 +107,7 @@ spec: successThreshold: 1 timeoutSeconds: 1 volumeMounts: - - mountPath: /usr/local/share/ca-certificates/ + - mountPath: /opt/app/osaaf/ name: tls-info - mountPath: /opt/logs/dcae/dashboard name: component-log @@ -119,7 +121,7 @@ spec: - name: postgres_port value: "{{ .Values.postgres.config.pgPort }}" - name: cloudify_password - value: admin + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }} - name: dhandler_url value: {{ .Values.config.dhandler_url }} - name: cfy_url @@ -148,7 +150,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: status.podIP - image: {{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }} + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: IfNotPresent resources: {} volumeMounts: diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml index b143034d8f..34932b713d 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml @@ -1,16 +1,17 @@ {{/* # Copyright © 2020 Samsung Electronics -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. */}} + {{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/service.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/service.yaml index ce13081f2f..9cd3197f3b 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/service.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. @@ -14,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml index 8e3f94dc64..e92e415414 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml @@ -20,11 +20,6 @@ ################################################################# global: nodePortPrefixExt: 304 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - tlsRepository: nexus3.onap.org:10001 tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 secrets: @@ -35,8 +30,14 @@ secrets: login: '{{ .Values.postgres.config.pgUserName }}' password: '{{ .Values.postgres.config.pgUserPassword }}' passwordPolicy: generate + - uid: 'cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' + policy: required config: + cloudifyManagerPassword: "override me" logstashServiceName: log-ls logstashPort: 5044 dhandler_url: https://deployment-handler:8443 @@ -52,8 +53,7 @@ config: # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.3.2 +image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.4.0 pullPolicy: Always # probe configuration parameters diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml index c8d76a0823..8ba2ea88d3 100644 --- a/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml @@ -17,3 +17,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/resources/log/filebeat.yml b/kubernetes/dcaegen2/components/dcae-deployment-handler/resources/log/filebeat.yml index 0e5ee9bffa..1e33eb3684 100644 --- a/kubernetes/dcaegen2/components/dcae-deployment-handler/resources/log/filebeat.yml +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/resources/log/filebeat.yml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved. @@ -15,6 +16,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} filebeat.prospectors: #it is mandatory, in our case it's log - input_type: log diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/resources/log4js/log4js.json b/kubernetes/dcaegen2/components/dcae-deployment-handler/resources/log4js/log4js.json new file mode 100644 index 0000000000..a93c8c5bbe --- /dev/null +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/resources/log4js/log4js.json @@ -0,0 +1,32 @@ +{ + "appenders": { + "out": {"type": "stdout"}, + "audit": { + "type": "file", + "filename": "log/audit.log", + "maxLogSize": 10240000, + "backups": 10, + "layout": { + "type": "messagePassThrough" + } + }, + "metrics": { + "type": "file", + "filename": "log/metrics.log", + "maxLogSize": 10240000, + "backups": 10, + "layout": { + "type": "messagePassThrough" + } + }, + "error": {"type": "stdout"}, + "debug": {"type": "stdout"} + }, + "categories": { + "default": {"appenders": ["out"], "level": "debug"}, + "audit": {"appenders": ["audit"], "level": "info"}, + "metrics": {"appenders": ["metrics"], "level": "info"}, + "error": {"appenders": ["error"], "level": "error"}, + "debug": {"appenders": ["debug"], "level": "debug"} + } +}
\ No newline at end of file diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/configmap.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/configmap.yaml index 789c634956..cda7029319 100644..100755 --- a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/configmap.yaml +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/configmap.yaml @@ -1,5 +1,7 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2019 AT&T +# Modifications Copyright © 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,6 +14,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap metadata: @@ -31,4 +34,12 @@ metadata: name: {{include "common.fullname" . }}-filebeat-configmap namespace: {{include "common.namespace" . }} data: -{{ tpl (.Files.Glob "resources/log/*").AsConfig . | indent 2 }}
\ No newline at end of file +{{ tpl (.Files.Glob "resources/log/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{include "common.fullname" . }}-log4js-configmap + namespace: {{include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/log4js/*").AsConfig . | indent 2 }} diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml index ec3c72d042..1b39dc6e2f 100644..100755 --- a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml @@ -1,6 +1,8 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2020 Nokia # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,6 +16,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} apiVersion: apps/v1 kind: Deployment @@ -38,10 +41,10 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-readiness - image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - dcae-cloudify-manager @@ -66,14 +69,14 @@ spec: fieldPath: status.podIP - name: aaf_locator_fqdn value: dcae - image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tlsImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {} volumeMounts: - mountPath: /opt/app/osaaf name: tls-info - name: init-consul - image: {{ .Values.global.consulLoaderRepository }}/{{ .Values.global.consulLoaderImage }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.consulLoaderImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} args: - --service @@ -88,7 +91,7 @@ spec: name: dh-config containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {{ include "common.resources" . | indent 12 }} @@ -115,13 +118,15 @@ spec: name: component-log - mountPath: /opt/app/dh/etc/cert/ name: tls-info + - mountPath: /opt/app/dh/etc/ + name: log4js-conf env: - name: CONSUL_HOST value: consul-server.{{ include "common.namespace" . }} - name: CLOUDIFY_USER value: admin - name: CLOUDIFY_PASSWORD - value: admin + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }} - name: CONFIG_BINDING_SERVICE value: config-binding-service - name: NODE_EXTRA_CA_CERTS @@ -138,7 +143,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: status.podIP - image: {{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }} + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: IfNotPresent resources: {} volumeMounts: @@ -164,5 +169,9 @@ spec: defaultMode: 422 name: {{ include "common.fullname" . }}-configmap name: dh-config + - configMap: + defaultMode: 420 + name: {{include "common.fullname" . }}-log4js-configmap + name: log4js-conf imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdnc/charts/dmaap-listener/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/secrets.yaml index 34932b713d..34932b713d 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/templates/secret.yaml +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/secrets.yaml diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/service.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/service.yaml index 420c0ee96f..cca0b640bb 100644 --- a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/service.yaml +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. @@ -14,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml index 8a3440dae5..a32214faf3 100644 --- a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml @@ -20,19 +20,18 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - tlsRepository: nexus3.onap.org:10001 tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - consulLoaderRepository: nexus3.onap.org:10001 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 - repositoryCred: - user: docker - password: docker + +secrets: + - uid: 'cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' + policy: required config: + cloudifyManagerPassword: "override me" logstashServiceName: log-ls logstashPort: 5044 # Addresses of other ONAP entities @@ -45,8 +44,7 @@ config: # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.deployment-handler:4.3.0 +image: onap/org.onap.dcaegen2.platform.deployment-handler:4.4.1 pullPolicy: Always # probe configuration parameters diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml index 6f858bda03..45dddcfbd1 100644 --- a/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml @@ -20,3 +20,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml index d277c7a71e..9514f41b86 100644 --- a/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. @@ -15,6 +16,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} apiVersion: apps/v1 kind: Deployment @@ -39,7 +41,7 @@ spec: spec: containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {{ include "common.resources" . | indent 12 }} diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/templates/service.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/templates/service.yaml index a71e084535..f0d1bbb3c7 100644 --- a/kubernetes/dcaegen2/components/dcae-healthcheck/templates/service.yaml +++ b/kubernetes/dcaegen2/components/dcae-healthcheck/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. @@ -15,6 +16,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml index ca9486f715..a083694767 100644 --- a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml @@ -2,6 +2,7 @@ #================================================================================= # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada +# Modifications Copyright © 2020 Nokia # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,10 +22,6 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 service: name: dcae-healthcheck @@ -44,8 +41,7 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 # application image -repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.0.0 +image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.1.0 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml index 653d523472..f841401e7f 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml @@ -20,4 +20,6 @@ dependencies: - name: postgres version: ~6.x-0 repository: '@local' - alias: postgres + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/resources/log/filebeat.yml b/kubernetes/dcaegen2/components/dcae-inventory-api/resources/log/filebeat.yml index 0e5ee9bffa..1e33eb3684 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/resources/log/filebeat.yml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/resources/log/filebeat.yml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved. @@ -15,6 +16,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} filebeat.prospectors: #it is mandatory, in our case it's log - input_type: log diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/configmap.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/configmap.yaml index 5b7a244835..81bac5465e 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/configmap.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2019 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap metadata: diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml index 29d6207c9b..d25d63c361 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. @@ -14,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} apiVersion: apps/v1 kind: Deployment @@ -52,15 +54,15 @@ spec: name: {{ include "common.fullname" . }}-inv-config-input - mountPath: /config name: {{ include "common.fullname" . }}-inv-config - image: "{{ .Values.global.envsubstImage }}" + image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config - name: {{ include "common.name" . }}-readiness - image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - {{ .Values.postgres.nameOverride }} @@ -83,7 +85,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: status.podIP - image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tlsImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {} volumeMounts: @@ -91,7 +93,7 @@ spec: name: tls-info containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} # Assumes that the Docker image is built with ENTRYPOINT set to # ["java", "-jar", "/opt/inventory-api-x.y.z.jar", "server"] @@ -139,7 +141,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: status.podIP - image: {{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }} + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: IfNotPresent resources: {} volumeMounts: diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/service.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/service.yaml index 420c0ee96f..cca0b640bb 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/service.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. @@ -14,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml index a26ae5d196..7abf0ca745 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml @@ -20,16 +20,7 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - tlsRepository: nexus3.onap.org:10001 tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - envsubstImage: dibi/envsubst - repositoryCred: - user: docker - password: docker secrets: - uid: pg-user-creds @@ -53,8 +44,7 @@ config: # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.inventory-api:3.4.1 +image: onap/org.onap.dcaegen2.platform.inventory-api:3.5.1 pullPolicy: Always diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml index c8d76a0823..8ba2ea88d3 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml @@ -17,3 +17,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/resources/log/filebeat.yml b/kubernetes/dcaegen2/components/dcae-policy-handler/resources/log/filebeat.yml index 1a3f693a12..06e553d9d4 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/resources/log/filebeat.yml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/resources/log/filebeat.yml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. @@ -15,6 +16,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} filebeat.prospectors: #it is mandatory, in our case it's log - input_type: log diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/configmap.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/configmap.yaml index 789c634956..1a3a7fd302 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/configmap.yaml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2019 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap metadata: diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml index c39b12cd6c..a4becb5e4f 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml @@ -1,6 +1,7 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} apiVersion: apps/v1 kind: Deployment @@ -38,17 +40,17 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-readiness - image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - dcae-deployment-handler - --container-name - consul-server - --container-name - - pdp + - policy-xacml-pdp - "-t" - "45" env: @@ -66,14 +68,14 @@ spec: fieldPath: status.podIP - name: aaf_locator_fqdn value: dcae - image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tlsImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {} volumeMounts: - mountPath: /opt/app/osaaf name: tls-info - name: init-consul - image: {{ .Values.global.consulLoaderRepository }}/{{ .Values.global.consulLoaderImage }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.consulLoaderImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} args: - --key @@ -84,7 +86,7 @@ spec: name: ph-config containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {{ include "common.resources" . | indent 12 }} @@ -117,7 +119,7 @@ spec: - name: CLOUDIFY_USER value: admin - name: CLOUDIFY_PASSWORD - value: admin + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }} - name: CONFIG_BINDING_SERVICE value: config-binding-service - name: POD_IP @@ -132,7 +134,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: status.podIP - image: {{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }} + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: IfNotPresent resources: {} volumeMounts: diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/secrets.yaml index 34932b713d..34932b713d 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/secret.yaml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/secrets.yaml diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/service.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/service.yaml index 420c0ee96f..cca0b640bb 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/service.yaml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. @@ -14,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml index 717497f4d4..95bbe1e5ff 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml @@ -20,19 +20,18 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - tlsRepository: nexus3.onap.org:10001 tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - consulLoaderRepository: nexus3.onap.org:10001 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 - repositoryCred: - user: docker - password: docker + +secrets: + - uid: 'cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' + policy: required config: + cloudifyManagerPassword: "override me" logstashServiceName: log-ls logstashPort: 5044 # Addresses of other ONAP entities @@ -46,7 +45,6 @@ config: # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 image: onap/org.onap.dcaegen2.platform.policy-handler:5.1.0 pullPolicy: Always diff --git a/kubernetes/dcaegen2/components/dcae-redis/requirements.yaml b/kubernetes/dcaegen2/components/dcae-redis/requirements.yaml deleted file mode 100644 index c593f60ae4..0000000000 --- a/kubernetes/dcaegen2/components/dcae-redis/requirements.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2017 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~6.x-0 - repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-redis/resources/redis/scripts/redis-cluster-config.sh b/kubernetes/dcaegen2/components/dcae-redis/resources/redis/scripts/redis-cluster-config.sh deleted file mode 100755 index 49872863a9..0000000000 --- a/kubernetes/dcaegen2/components/dcae-redis/resources/redis/scripts/redis-cluster-config.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash -# ================================================================================ -# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright © 2018 Amdocs, Bell Canada -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -(if [[ "$HOSTNAME" == *{{.Chart.Name}}-0 ]]; then - echo "delay by 10 seconds for redis server starting" - sleep 10 - - NODES="" - echo "====> wait for all {{.Values.replicaCount}} redis pods up" - while [ "$(echo $NODES | wc -w)" -lt {{.Values.replicaCount}} ] - do - echo "======> $(echo $NODES |wc -w) / {{.Values.replicaCount}} pods up" - sleep 5 - RESP=$(wget -vO- --ca-certificate /var/run/secrets/kubernetes.io/serviceaccount/ca.crt --header "Authorization: Bearer $(</var/run/secrets/kubernetes.io/serviceaccount/token)" https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/api/v1/namespaces/{{.Release.Namespace}}/pods?labelSelector=app={{.Chart.Name}}) - - IPS=$(echo $RESP | jq -r '.items[].status.podIP') - IPS2=$(echo $IPS | sed -e 's/[a-zA-Z]*//g') - echo "======> IPs: ["$IPS2"]" - NODES="" - for I in $IPS2; do NODES="$NODES $I:{{.Values.service.externalPort}}"; done - echo "======> nodes: ["$NODES"]" - done - echo "====> all {{.Values.replicaCount}} redis cluster pods are up. wait 10 seconds before the next step"; echo - sleep 10 - - echo "====> Configure the cluster" - - # $NODES w/o quotes - echo "======> nodes: [$(echo $NODES |paste -s)]" - redis-trib create --replicas 1 $(echo $NODES |paste -s) -fi ) & - -redis-server /conf/redis.conf - diff --git a/kubernetes/dcaegen2/components/dcae-redis/templates/NOTES.txt b/kubernetes/dcaegen2/components/dcae-redis/templates/NOTES.txt deleted file mode 100644 index 0a386aa131..0000000000 --- a/kubernetes/dcaegen2/components/dcae-redis/templates/NOTES.txt +++ /dev/null @@ -1,34 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, AT&T, Bell Canada -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. -*/}} -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/dcaegen2/components/dcae-redis/templates/configmap.yaml b/kubernetes/dcaegen2/components/dcae-redis/templates/configmap.yaml deleted file mode 100644 index 85ebee672b..0000000000 --- a/kubernetes/dcaegen2/components/dcae-redis/templates/configmap.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright © 2017 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} -data: - redis.conf: |+ - cluster-enabled yes - cluster-require-full-coverage no - cluster-node-timeout 15000 - cluster-config-file /data/nodes.conf - cluster-migration-barrier 1 - appendonly yes - protected-mode no ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-scripts - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/redis/scripts/*").AsConfig . | indent 2 }} diff --git a/kubernetes/dcaegen2/components/dcae-redis/templates/pv.yaml b/kubernetes/dcaegen2/components/dcae-redis/templates/pv.yaml deleted file mode 100644 index 72bad411db..0000000000 --- a/kubernetes/dcaegen2/components/dcae-redis/templates/pv.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, AT&T, Bell Canada -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. -*/}} -{{- $global := . }} -{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} -{{- if eq "True" (include "common.needPV" .) }} -{{- range $i := until (int $global.Values.replicaCount)}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" $global }}-data-{{$i}} - namespace: {{ include "common.namespace" $global }} - labels: - app: {{ include "common.fullname" $global }} - chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" $global }}" - heritage: "{{ $global.Release.Service }}" - name: {{ include "common.fullname" $global }} -spec: - capacity: - storage: {{ $global.Values.persistence.size}} - accessModes: - - {{ $global.Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" $global }}-data" - hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} -{{if ne $i (int $global.Values.replicaCount) }} ---- -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/kubernetes/dcaegen2/components/dcae-redis/templates/service.yaml b/kubernetes/dcaegen2/components/dcae-redis/templates/service.yaml deleted file mode 100644 index 31c1c22b17..0000000000 --- a/kubernetes/dcaegen2/components/dcae-redis/templates/service.yaml +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright © 2017 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - #Example internal target port if required - #targetPort: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - - port: {{ .Values.service.externalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName2 }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName2 }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/dcaegen2/components/dcae-redis/templates/statefulset.yaml b/kubernetes/dcaegen2/components/dcae-redis/templates/statefulset.yaml deleted file mode 100644 index d4ac832e09..0000000000 --- a/kubernetes/dcaegen2/components/dcae-redis/templates/statefulset.yaml +++ /dev/null @@ -1,125 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, AT&T, Bell Canada -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. -*/}} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - serviceName: {{ .Values.service.name }} - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - containers: - - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /bin/sh - - -c - - | - /opt/scripts/redis-cluster-config.sh - ports: - - containerPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.name }} - - containerPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.name2 }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - exec: - command: - - sh - - -c - - "redis-cli -h $(hostname) ping" - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - {{end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /conf - name: {{ include "common.fullname" . }}-config - - mountPath: /data - name: {{ include "common.fullname" . }}-data - - mountPath: /opt/scripts - name: {{ include "common.fullname" . }}-scripts - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: {{ include "common.fullname" . }}-config - configMap: - name: {{ include "common.fullname" . }} - items: - - key: redis.conf - path: redis.conf - - name: {{ include "common.fullname" . }}-scripts - configMap: - name: {{ include "common.fullname" . }}-scripts - defaultMode: 0755 - - name: localtime - hostPath: - path: /etc/localtime - {{- if not .Values.persistence.enabled }} - - name: {{ include "common.fullname" . }}-data - emptyDir: {} - {{- end }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" - {{- if .Values.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: {{ include "common.fullname" . }}-data - labels: - name: {{ include "common.fullname" . }} - spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.size | quote}} - {{- end }} diff --git a/kubernetes/dcaegen2/components/dcae-redis/values.yaml b/kubernetes/dcaegen2/components/dcae-redis/values.yaml deleted file mode 100644 index 3daa740312..0000000000 --- a/kubernetes/dcaegen2/components/dcae-redis/values.yaml +++ /dev/null @@ -1,121 +0,0 @@ -# Copyright © 2017 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - persistence: {} - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.redis-cluster-container:1.0.0 -pullPolicy: Always - -# application configuration -# Example: -config: {} - -# default number of instances -replicaCount: 3 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 15 - periodSeconds: 10 - -service: - #Example service definition with external, internal and node ports. - #Services may use any combination of ports depending on the 'type' of - #service being defined. - type: ClusterIP - name: dcae-redis - portName: client - externalPort: 6379 - internalPort: 6379 - portName2: gossip - externalPort2: 16379 - internalPort2: 16379 - -## Persist data to a persitent volume -persistence: - enabled: true - - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - volumeReclaimPolicy: Retain - - ## database data Persistent Volume Storage Class - ## If defined, storageClassName: <storageClass> - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - accessMode: ReadWriteOnce - size: 10Mi - mountPath: /dockerdata-nfs - mountSubPath: redis/data - -ingress: - enabled: false - service: - - baseaddr: "dcaeredis" - name: "dcae-redis" - port: 6379 - - baseaddr: "dcaeredisgossip" - name: "dcae-redis" - port: 16379 - config: - ssl: "none" -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 2 - memory: 2Gi - requests: - cpu: 1 - memory: 1Gi - large: - limits: - cpu: 4 - memory: 4Gi - requests: - cpu: 2 - memory: 2Gi - unlimited: {} diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml index caff1e5dc4..bdc19209e7 100644 --- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml @@ -17,3 +17,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/configmap.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/configmap.yaml index 96ba64f945..a2da32d051 100644 --- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/configmap.yaml +++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2019 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap metadata: diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml index d880433ef3..7c55628f25 100644 --- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. @@ -14,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} apiVersion: apps/v1 kind: Deployment @@ -38,17 +40,17 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-readiness - image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - "dcae-inventory-api" - --container-name - "message-router" - --container-name - - "sdc-dcae-be" + - "sdc-be" - "-t" - "45" env: @@ -64,7 +66,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: status.podIP - image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tlsImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {} volumeMounts: @@ -72,7 +74,7 @@ spec: name: tls-info containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {{ include "common.resources" . | indent 12 }} diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml index 63ce3db3fc..c363626666 100644 --- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,15 +20,7 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - tlsRepository: nexus3.onap.org:10001 tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - repositoryCred: - user: docker - password: docker config: logstashServiceName: log-ls @@ -41,8 +33,7 @@ config: # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.servicechange-handler:1.3.2 +image: onap/org.onap.dcaegen2.platform.servicechange-handler:1.4.0 pullPolicy: Always @@ -94,4 +85,4 @@ resources: unlimited: {} # Kubernetes namespace for components deployed via Cloudify manager # If empty, use the common namespace -# dcae_ns: "dcae" +# dcae_ns: "dcae"
\ No newline at end of file diff --git a/kubernetes/dcaegen2/requirements.yaml b/kubernetes/dcaegen2/requirements.yaml index 55931dc331..82629f7e21 100644 --- a/kubernetes/dcaegen2/requirements.yaml +++ b/kubernetes/dcaegen2/requirements.yaml @@ -32,10 +32,6 @@ dependencies: version: ~6.x-0 repository: 'file://components/dcae-healthcheck' condition: dcae-healthcheck.enabled - - name: dcae-redis - version: ~6.x-0 - repository: 'file://components/dcae-redis' - condition: dcae-redis.enabled - name: dcae-servicechange-handler version: ~6.x-0 repository: 'file://components/dcae-servicechange-handler' diff --git a/kubernetes/dcaegen2/resources/expected-components.json b/kubernetes/dcaegen2/resources/expected-components.json index fd3d04fcb8..d89203b070 100644 --- a/kubernetes/dcaegen2/resources/expected-components.json +++ b/kubernetes/dcaegen2/resources/expected-components.json @@ -1,10 +1,10 @@ [ {{- $ctx := . }} -{{- $components := tuple "dcae-cloudify-manager" "dcae-config-binding-service" "dcae-dashboard" "dcae-deployment-handler" "dcae-inventory-api" "dcae-policy-handler" "dcae-redis" "dcae-servicechange-handler" }} +{{- $components := tuple "dcae-cloudify-manager" "dcae-config-binding-service" "dcae-dashboard" "dcae-deployment-handler" "dcae-inventory-api" "dcae-policy-handler" "dcae-servicechange-handler" }} {{- range $i, $v := $components }} {{- if index $ctx.Values . "enabled" }} {{- if $i }},{{ end }} {{ $v | quote | indent 2 }} {{- end -}} {{- end }} -]
\ No newline at end of file +] diff --git a/kubernetes/dcaegen2/templates/configmap.yaml b/kubernetes/dcaegen2/templates/configmap.yaml index b315443c70..4a1877f02e 100644 --- a/kubernetes/dcaegen2/templates/configmap.yaml +++ b/kubernetes/dcaegen2/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. @@ -14,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/sdnc/charts/ueb-listener/templates/secret.yaml b/kubernetes/dcaegen2/templates/secrets.yaml index 34932b713d..34932b713d 100644 --- a/kubernetes/sdnc/charts/ueb-listener/templates/secret.yaml +++ b/kubernetes/dcaegen2/templates/secrets.yaml diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml index c66a786537..d4007ad0f6 100644 --- a/kubernetes/dcaegen2/values.yaml +++ b/kubernetes/dcaegen2/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2018 Amdocs, Bell Canada # Modifications Copyright © 2018-2019 AT&T +# Modifications Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,33 +19,50 @@ ################################################################# global: nodePortPrefix: 302 - tlsRepository: nexus3.onap.org:10001 tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - consulLoaderRepository: nexus3.onap.org:10001 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 - busyboxRepository: docker.io - busyboxImage: library/busybox:1.30 -redis: - replicaCount: 6 -# Enable all DCAE components except redis by default +################################################################# +# Secrets metaconfig +################################################################# +secrets: +- name: &cmPassSecretName '{{ include "common.release" . }}-dcaegen2-cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' + +config: {} + +# To work around DCAEGEN2-2450, set password strength to "basic" +# to ensure password contains only alphanumerics +passwordStrengthOverride: basic + +# Enable all DCAE components by default dcae-bootstrap: enabled: true + config: + cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-cloudify-manager: enabled: true + config: + cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-config-binding-service: enabled: true dcae-dashboard: enabled: true + config: + cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-deployment-handler: enabled: true + config: + cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-healthcheck: enabled: true dcae-inventory-api: enabled: true dcae-policy-handler: enabled: true -dcae-redis: - enabled: false + config: + cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-servicechange-handler: - enabled: true
\ No newline at end of file + enabled: true diff --git a/kubernetes/dcaemod/.helmignore b/kubernetes/dcaemod/.helmignore index f0c1319444..7ddbad7ef4 100644 --- a/kubernetes/dcaemod/.helmignore +++ b/kubernetes/dcaemod/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +components/ diff --git a/kubernetes/dcaemod/Makefile b/kubernetes/dcaemod/Makefile index b7cf1a6963..044e0cdd7d 100644 --- a/kubernetes/dcaemod/Makefile +++ b/kubernetes/dcaemod/Makefile @@ -11,28 +11,30 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +HELM_BIN := helm + make-dcaemod: make-dcaemod-distributor-api make-dcaemod-genprocessor make-dcaemod-designtool make-dcaemod-onboarding-api make-dcaemod-runtime-api make-dcaemod-nifi-registry make-dcaemod-healthcheck make-dcaemod-distributor-api: - cd components && helm dep up dcaemod-genprocessor && helm lint dcaemod-genprocessor + cd components && $(HELM_BIN) dep up dcaemod-genprocessor && $(HELM_BIN) lint dcaemod-genprocessor make-dcaemod-genprocessor: - cd components && helm dep up dcaemod-distributor-api && helm lint dcaemod-distributor-api + cd components && $(HELM_BIN) dep up dcaemod-distributor-api && $(HELM_BIN) lint dcaemod-distributor-api make-dcaemod-designtool: - cd components && helm dep up dcaemod-designtool && helm lint dcaemod-designtool + cd components && $(HELM_BIN) dep up dcaemod-designtool && $(HELM_BIN) lint dcaemod-designtool make-dcaemod-onboarding-api: - cd components && helm dep up dcaemod-onboarding-api && helm lint dcaemod-onboarding-api + cd components && $(HELM_BIN) dep up dcaemod-onboarding-api && $(HELM_BIN) lint dcaemod-onboarding-api make-dcaemod-runtime-api: - cd components && helm dep up dcaemod-runtime-api && helm lint dcaemod-runtime-api + cd components && $(HELM_BIN) dep up dcaemod-runtime-api && $(HELM_BIN) lint dcaemod-runtime-api make-dcaemod-nifi-registry: - cd components && helm dep up dcaemod-nifi-registry && helm lint dcaemod-nifi-registry + cd components && $(HELM_BIN) dep up dcaemod-nifi-registry && $(HELM_BIN) lint dcaemod-nifi-registry make-dcaemod-healthcheck: - cd components && helm dep up dcaemod-healthcheck && helm lint dcaemod-healthcheck + cd components && $(HELM_BIN) dep up dcaemod-healthcheck && $(HELM_BIN) lint dcaemod-healthcheck clean: @find . -type f -name '*.tgz' -delete diff --git a/kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml index c84ca79fd9..627dc59e81 100644 --- a/kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml +++ b/kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/dcaemod/components/dcaemod-designtool/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/templates/deployment.yaml index 2144418fbb..bd2766f6db 100644 --- a/kubernetes/dcaemod/components/dcaemod-designtool/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-designtool/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. @@ -14,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} apiVersion: apps/v1 kind: Deployment @@ -26,10 +28,10 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-readiness - image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - dcaemod-genprocessor-http @@ -46,7 +48,7 @@ spec: apiVersion: v1 fieldPath: metadata.namespace - name: {{ include "common.name" . }}-create-bucket - image: {{ .Values.config.curlImage }} + image: {{ include "repositoryGenerator.image.curl" . }} args: - -kv - -X @@ -59,7 +61,7 @@ spec: containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: {{ include "common.containerPorts" . | nindent 12 }} {{- if eq .Values.liveness.enabled true }} diff --git a/kubernetes/dcaemod/components/dcaemod-designtool/templates/ingress.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/templates/ingress.yaml index 6bc21e341d..e7f8e2da8f 100644 --- a/kubernetes/dcaemod/components/dcaemod-designtool/templates/ingress.yaml +++ b/kubernetes/dcaemod/components/dcaemod-designtool/templates/ingress.yaml @@ -1,3 +1,4 @@ +{{/* # ================================================================================ # Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ @@ -13,4 +14,5 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} {{ include "common.ingress" . }}
\ No newline at end of file diff --git a/kubernetes/dcaemod/components/dcaemod-designtool/templates/service.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/templates/service.yaml index 85d137b4b3..7fc4e896d2 100644 --- a/kubernetes/dcaemod/components/dcaemod-designtool/templates/service.yaml +++ b/kubernetes/dcaemod/components/dcaemod-designtool/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. @@ -14,5 +15,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} {{ include "common.service" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml index f2320a1387..3daca28476 100644 --- a/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml @@ -22,8 +22,6 @@ global: persistence: {} nodePortPrefix: 302 nodePortPrefixExt: 304 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 ingress: enabled: true @@ -33,10 +31,8 @@ global: config: nifiJarsIndexURL: http://dcaemod-genprocessor:8080/nifi-jars distributorAPIURL: /distributor - curlImage: curlimages/curl:7.68.0 # application image -repository: nexus3.onap.org:10001 image: onap/org.onap.dcaegen2.platform.mod.designtool-web:1.0.2 service: diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/requirements.yaml index df3df964cb..51543cf310 100644 --- a/kubernetes/dcaemod/components/dcaemod-distributor-api/requirements.yaml +++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/deployment.yaml index a70cc4af5a..696b43a536 100644 --- a/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. @@ -14,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} apiVersion: apps/v1 kind: Deployment @@ -26,10 +28,10 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-readiness - image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - dcaemod-runtime-api @@ -47,7 +49,7 @@ spec: fieldPath: metadata.namespace containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: {{ include "common.containerPorts" . | nindent 12 }} {{- if eq .Values.liveness.enabled true }} diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/ingress.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/ingress.yaml index a996d3c1ad..4a4ee7c876 100644 --- a/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/ingress.yaml +++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/ingress.yaml @@ -1,3 +1,4 @@ +{{/* # ================================================================================ # Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ @@ -13,4 +14,5 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} {{ include "common.ingress" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/service.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/service.yaml index 2314610a04..100c3d5670 100644 --- a/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/service.yaml +++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. @@ -14,5 +15,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} -{{ include "common.service" . }}
\ No newline at end of file +{{ include "common.service" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml index 16bb8a9ff3..274edcd4a3 100644 --- a/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml @@ -22,8 +22,6 @@ global: persistence: {} nodePortPrefix: 302 nodePortPrefixExt: 304 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 ingress: enabled: true @@ -35,8 +33,7 @@ config: onboardingAPIURL: http://dcaemod-onboarding-api:8080/onboarding # application image -repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.distributorapi:1.0.1 +image: onap/org.onap.dcaegen2.platform.mod.distributorapi:1.1.0 service: type: ClusterIP diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/requirements.yaml index df3df964cb..51543cf310 100644 --- a/kubernetes/dcaemod/components/dcaemod-genprocessor/requirements.yaml +++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml index a4afe05c95..40b0f3edc4 100644 --- a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. @@ -14,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} apiVersion: apps/v1 kind: Deployment @@ -30,7 +32,7 @@ spec: # this initContainer changes ownership to uid 1000 gid 1000 # (tried using a securityContext in the pod spec, but it didn't seem to work) - name: set-permissions - image: busybox:latest + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - sh @@ -41,7 +43,7 @@ spec: name: genprocessor-data containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: {{ include "common.containerPorts" . | nindent 12 }} {{- if eq .Values.liveness.enabled true }} @@ -64,7 +66,7 @@ spec: name: genprocessor-data resources: {{ include "common.resources" . | nindent 12 }} - name: {{ include "common.name" . }}-http - image: "{{ include "common.repository" . }}/{{ .Values.httpImage }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.httpImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /www/data diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/ingress.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/ingress.yaml index 6bc21e341d..4a4ee7c876 100644 --- a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/ingress.yaml +++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/ingress.yaml @@ -1,3 +1,4 @@ +{{/* # ================================================================================ # Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ @@ -13,4 +14,5 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= -{{ include "common.ingress" . }}
\ No newline at end of file +*/}} +{{ include "common.ingress" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/pv.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/pv.yaml index c97ef736bb..2831c151d2 100644 --- a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/pv.yaml +++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/pv.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. @@ -14,5 +15,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} {{ include "common.PV" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/pvc.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/pvc.yaml index cdf2728359..1e6c62a653 100644 --- a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/pvc.yaml +++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/pvc.yaml @@ -1,3 +1,4 @@ +{{/* # ================================================================================ # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ @@ -13,5 +14,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} {{ include "common.PVC" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/service.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/service.yaml index b20e564065..100c3d5670 100644 --- a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/service.yaml +++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. @@ -14,5 +15,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} {{ include "common.service" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml index 37bb861235..45ae96f2d2 100644 --- a/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml @@ -22,8 +22,6 @@ global: persistence: {} nodePortPrefix: 302 nodePortPrefixExt: 304 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 ingress: enabled: true virtualhost: @@ -33,9 +31,8 @@ config: onboardingAPIURL: http://dcaemod-onboarding-api:8080/onboarding # application image -repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.genprocessor-job:1.0.1 -httpImage: onap/org.onap.dcaegen2.platform.mod.genprocessor-http:1.0.1 +image: onap/org.onap.dcaegen2.platform.mod.genprocessor-job:1.0.2 +httpImage: onap/org.onap.dcaegen2.platform.mod.genprocessor-http:1.0.2 service: type: ClusterIP @@ -97,3 +94,4 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml index 6f858bda03..45dddcfbd1 100644 --- a/kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml +++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml @@ -20,3 +20,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml index 64268abb33..0eaa2296bb 100644 --- a/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. @@ -14,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} apiVersion: apps/v1 kind: Deployment @@ -26,7 +28,7 @@ spec: spec: containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {{ include "common.resources" . | indent 12 }} @@ -36,13 +38,13 @@ spec: {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{ ( index .Values.service.ports 0).port }} + port: {{ include "common.getPort" (dict "global" . "name" "http") }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: tcpSocket: - port: {{ ( index .Values.service.ports 0).port }} + port: {{ include "common.getPort" (dict "global" . "name" "http") }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/service.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/service.yaml index 30eda2cfe8..7fc4e896d2 100644 --- a/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/service.yaml +++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. @@ -14,5 +15,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} -{{ include "common.service" . }}
\ No newline at end of file +{{ include "common.service" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml index fae177ca38..356149c0dd 100644 --- a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml @@ -21,8 +21,6 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 service: name: dcaemod-healthcheck @@ -43,7 +41,6 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 # application image -repository: nexus3.onap.org:10001 image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.0.0 # Resource Limit flavor -By Default using small diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/requirements.yaml index df3df964cb..51543cf310 100644 --- a/kubernetes/dcaemod/components/dcaemod-nifi-registry/requirements.yaml +++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml index 7ba2a1202d..90561ac231 100644 --- a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. @@ -14,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} apiVersion: apps/v1 kind: Deployment @@ -30,7 +32,7 @@ spec: # this initContainer changes ownership to uid 1000 gid 1000 # (tried using a securityContext in the pod spec, but it didn't seem to work) - name: set-permissions - image: busybox:latest + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - sh @@ -41,7 +43,7 @@ spec: name: flow-storage containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: {{ include "common.containerPorts" . | nindent 12 }} {{- if eq .Values.liveness.enabled true }} diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/pv.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/pv.yaml index 13c5357e45..b351573f83 100644 --- a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/pv.yaml +++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/pv.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. @@ -14,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} {{ include "common.PV" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/pvc.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/pvc.yaml index cdf2728359..1e6c62a653 100644 --- a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/pvc.yaml +++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/pvc.yaml @@ -1,3 +1,4 @@ +{{/* # ================================================================================ # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ @@ -13,5 +14,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} {{ include "common.PVC" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/secrets.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/secrets.yaml index 45ac464cbe..869e3d3912 100644 --- a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/secrets.yaml +++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. @@ -14,4 +15,5 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/service.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/service.yaml index b20e564065..100c3d5670 100644 --- a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/service.yaml +++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. @@ -14,5 +15,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} {{ include "common.service" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml index 058768ea08..25b3b9e318 100644 --- a/kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml @@ -22,8 +22,6 @@ global: persistence: {} nodePortPrefix: 302 nodePortPrefixExt: 304 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 config: dbURL: jdbc:h2:./database/nifi-registry-primary @@ -38,7 +36,6 @@ secrets: passwordPolicy: generate # application image -repository: docker.io image: apache/nifi-registry:0.5.0 service: diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/requirements.yaml index 038e976319..7e71a401ab 100644 --- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/requirements.yaml +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: postgres version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml index df531162bc..b795f6b736 100644 --- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. @@ -14,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} apiVersion: apps/v1 kind: Deployment @@ -26,10 +28,10 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-readiness - image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - {{ .Values.postgres.nameOverride }} @@ -48,7 +50,7 @@ spec: args: - -c - 'PG_CONN=postgresql://${PG_USER}:${PG_PASSWORD}@${PG_ADDR}:${PG_PORT}/${PG_DB_NAME} ./start.sh' - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: {{ include "common.containerPorts" . | nindent 12 }} {{- if eq .Values.liveness.enabled true }} diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/ingress.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/ingress.yaml index 6bc21e341d..4a4ee7c876 100644 --- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/ingress.yaml +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/ingress.yaml @@ -1,3 +1,4 @@ +{{/* # ================================================================================ # Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ @@ -13,4 +14,5 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= -{{ include "common.ingress" . }}
\ No newline at end of file +*/}} +{{ include "common.ingress" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/secret.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/secret.yaml index bd7eb8ea40..34932b713d 100644 --- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/secret.yaml +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/secret.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/service.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/service.yaml index b20e564065..100c3d5670 100644 --- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/service.yaml +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. @@ -14,5 +15,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} {{ include "common.service" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml index 28e79a1593..42fe9d8f56 100644 --- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml @@ -21,8 +21,6 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 ingress: enabled: true virtualhost: @@ -92,8 +90,7 @@ postgres: mountInitPath: dcaemod # application image -repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.1 +image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.3 # Resource Limit flavor -By Default using small flavor: small @@ -114,3 +111,4 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml index 444eb8ac2a..f3a02ca58a 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml @@ -19,4 +19,7 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml index 5a52e10d6e..735b0281be 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. @@ -14,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} apiVersion: apps/v1 kind: Deployment @@ -26,7 +28,7 @@ spec: spec: containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: {{ include "common.containerPorts" . | nindent 12 }} {{- if eq .Values.liveness.enabled true }} @@ -57,11 +59,14 @@ spec: value: {{ .Values.config.importK8S }} - name: ONAP_IMPORT_POLICYPLUGIN value: {{ .Values.config.importPolicy }} - - name: ONAP_INPORT_POSTGRESPLUGIN + - name: ONAP_IMPORT_POSTGRESPLUGIN value: {{ .Values.config.importPostgres }} - name: ONAP_IMPORT_CLAMPPLUGIN value: {{ .Values.config.importClamp }} - name: ONAP_IMPORT_DMAAPPLUGIN value: {{ .Values.config.importDMaaP }} + - name: ONAP_USEDMAAPPLUGIN + value: {{ .Values.config.useDmaapPlugin | quote }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" + diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/secrets.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/secrets.yaml index 0a0475c889..3c527f8cd3 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/secrets.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. @@ -14,5 +15,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/service.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/service.yaml index b20e564065..100c3d5670 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/service.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. @@ -14,5 +15,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} {{ include "common.service" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml index 37f79a4a73..32d651f749 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml @@ -21,8 +21,6 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 config: dashboardURL: https://inventory:8080/dcae-service-types @@ -35,11 +33,11 @@ config: #dashboardPassword: doesntmatter mrTopicURL: http://message-router:3904/events importCloudify: https://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml - importK8S: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/k8splugin/1.7.2/k8splugin_types.yaml - importPolicy: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/dcaepolicyplugin/2.4.0/dcaepolicyplugin_types.yaml - importPostgres: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.ccsdk.platform.plugins/type_files/pgaas/1.1.0/pgaas_types.yaml - importClamp: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/clamppolicyplugin/1.1.0/clamppolicyplugin_types.yaml - importDMaaP: https://nexus.onap.org/content/repositories/raw/org.onap.ccsdk.platform.plugins/type_files/dmaap/dmaap.yaml + importK8S: plugin:k8splugin?version=3.4.2 + importPostgres: plugin:pgaas?version=1.3.0 + importClamp: plugin:clamppolicyplugin?version=1.1.0 + importDMaaP: plugin:dmaap?version=1.5.0 + useDmaapPlugin: false secrets: - uid: "dashsecret" @@ -71,8 +69,7 @@ readiness: # Should have a proper readiness endpoint or script # application image -repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.3 +image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.1.1 # Resource Limit flavor -By Default using small flavor: small @@ -93,3 +90,4 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + diff --git a/kubernetes/dcaemod/templates/configmap.yaml b/kubernetes/dcaemod/templates/configmap.yaml index 9748319c9a..13b374cb04 100644 --- a/kubernetes/dcaemod/templates/configmap.yaml +++ b/kubernetes/dcaemod/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. @@ -14,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= +*/}} apiVersion: v1 kind: ConfigMap @@ -21,4 +23,4 @@ metadata: name: {{ include "common.release" . }}-dcaemod-expected-components namespace: {{ include "common.namespace" . }} data: -{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }}
\ No newline at end of file +{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }} diff --git a/kubernetes/dcaemod/values.yaml b/kubernetes/dcaemod/values.yaml index 6c1dff5b3d..57e6d32693 100644 --- a/kubernetes/dcaemod/values.yaml +++ b/kubernetes/dcaemod/values.yaml @@ -17,10 +17,6 @@ ################################################################# global: nodePortPrefix: 302 - tlsRepository: nexus3.onap.org:10001 - tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - busyboxRepository: docker.io - busyboxImage: library/busybox:1.30 # Enable all DCAE MOD components by default dcaemod-designtool: diff --git a/kubernetes/dmaap/.helmignore b/kubernetes/dmaap/.helmignore index f0c1319444..7ddbad7ef4 100644 --- a/kubernetes/dmaap/.helmignore +++ b/kubernetes/dmaap/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +components/ diff --git a/kubernetes/dmaap/Makefile b/kubernetes/dmaap/Makefile index 3a1931121a..4c79718d02 100644 --- a/kubernetes/dmaap/Makefile +++ b/kubernetes/dmaap/Makefile @@ -1,4 +1,4 @@ -# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,20 +12,40 @@ # See the License for the specific language governing permissions and # limitations under the License. -make-dmaap: make-dmaap-bc make-message-router make-dmaap-dr-node make-dmaap-dr-prov +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets -make-dmaap-bc: - cd components && helm dep up dmaap-bc && helm lint dmaap-bc +EXCLUDES := dist resources templates charts docker +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -make-message-router: - cd components && helm dep up message-router && helm lint message-router +.PHONY: $(EXCLUDES) $(HELM_CHARTS) -make-dmaap-dr-node: - cd components && helm dep up dmaap-dr-node && helm lint dmaap-dr-node +all: $(HELM_CHARTS) -make-dmaap-dr-prov: - cd components && helm dep up dmaap-dr-prov && helm lint dmaap-dr-prov +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: - @find . -type f -name '*.tgz' -delete - @find . -type f -name '*.lock' -delete + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/dmaap/components/Makefile b/kubernetes/dmaap/components/Makefile new file mode 100644 index 0000000000..bf267b7720 --- /dev/null +++ b/kubernetes/dmaap/components/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/dmaap/components/dmaap-bc/requirements.yaml b/kubernetes/dmaap/components/dmaap-bc/requirements.yaml index 656fee77f8..b8c7f9ac3e 100644 --- a/kubernetes/dmaap/components/dmaap-bc/requirements.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/requirements.yaml @@ -23,3 +23,6 @@ dependencies: version: ~6.x-0 repository: '@local' condition: PG.enabled + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env b/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env index 84a42d6436..2b2ea4183a 100644 --- a/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env +++ b/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} # Environment settings for starting a container DMAAPBC_WAIT_TO_EXIT=Y diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties index 3f5b1b4336..d464428893 100644 --- a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties +++ b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} ##################################################### diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml index bb68eb783e..b7c52df169 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs,Bell Canada # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap @@ -102,4 +104,4 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/topics/*.json").AsConfig . | indent 2 }}
\ No newline at end of file +{{ tpl (.Files.Glob "resources/topics/*.json").AsConfig . | indent 2 }} diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml index 3c6a23a470..eaad403dc8 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Modifications Copyright © 2018 Amdocs,Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -38,12 +40,12 @@ spec: name: {{ include "common.name" . }}-config-input - mountPath: /config name: {{ include "common.name" . }}-config - image: "{{ .Values.global.envsubstImage }}" + image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config {{ include "common.certInitializer.initContainer" . | nindent 6 }} - name: {{ include "common.name" . }}-permission-fixer - image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} command: ["chown","-Rf","1000:1001", "/opt/app/"] @@ -52,14 +54,14 @@ spec: # the cadi library is not using the jks password on the jks keystore. # So, this attempts to "fix" the credential property file until this is fixed properly. - name: {{ include "common.name" . }}-cred-fixer - image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} command: ["/bin/sh"] args: [ "-c", "sed -i -e '/cadi_keystore_password=/d' -e '/cadi_keystore_password_jks/p' -e 's/cadi_keystore_password_jks/cadi_keystore_password/' -e 's/dmaap-bc.p12/dmaap-bc.jks/' /opt/app/osaaf/local/org.onap.dmaap-bc.cred.props" ] - name: {{ include "common.name" . }}-postgres-readiness command: - - /root/ready.py + - /app/ready.py args: - --container-name - {{ .Values.postgres.nameOverride }} @@ -73,12 +75,12 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} {{- end }} containers: - name: {{ include "common.name" . }} - image: "{{ .Values.repository }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: {{ include "common.containerPorts" . | nindent 10 }} {{ if eq .Values.liveness.enabled true -}} diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml index cde35af14c..039abaaf1f 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml @@ -5,17 +5,17 @@ metadata: namespace: {{ include "common.namespace" . }} labels: {{- include "common.labels" . | nindent 4 }} spec: - backoffLimit: 5 + backoffLimit: 20 template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: restartPolicy: Never initContainers: - name: {{ include "common.name" . }}-init-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - dmaap-bc @@ -27,7 +27,7 @@ spec: fieldPath: metadata.namespace containers: - name: dmaap-provisioning-job - image: "{{ include "common.repository" . }}/{{ .Values.global.clientImage }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.clientImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: DELAY diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/service.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/service.yaml index 9c9414f48d..e658a712a0 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/service.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada # @@ -12,5 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.service" . }} diff --git a/kubernetes/dmaap/components/dmaap-bc/values.yaml b/kubernetes/dmaap/components/dmaap-bc/values.yaml index d9936d79f4..07a6c067a4 100644 --- a/kubernetes/dmaap/components/dmaap-bc/values.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/values.yaml @@ -18,11 +18,6 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - envsubstImage: dibi/envsubst secrets: - uid: pg-root-pass @@ -45,8 +40,6 @@ secrets: pullPolicy: Always # application images -repository: nexus3.onap.org:10001 -#repository: 10.12.7.57:5000 image: onap/dmaap/dmaap-bc:2.0.4 diff --git a/kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml b/kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml index 2900c41bde..f8139e0f97 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml index d2bba1124e..6292be2d9d 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml +++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml @@ -1,3 +1,4 @@ +{{/* # ============LICENSE_START======================================================= # Copyright (C) 2019 The Nordix Foundation. All rights reserved. # ================================================================================ @@ -15,6 +16,7 @@ # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +*/}} # dmaap-dr-node filebeat.yml filebeat.prospectors: diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml index 8756d57516..8b8c16c287 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml +++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml @@ -217,6 +217,7 @@ <appender-ref ref="asyncDebug" /> <appender-ref ref="asyncError" /> <appender-ref ref="asyncJettyLog" /> + <appender-ref ref="STDOUT" /> </root> </configuration>
\ No newline at end of file diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties index 784a35e25b..1d0015ed7f 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties +++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties @@ -1,3 +1,4 @@ +{{/* #------------------------------------------------------------------------------- # ============LICENSE_START================================================== # * org.onap.dmaap @@ -26,6 +27,7 @@ # URL to retrieve dynamic configuration # #ProvisioningURL: ${DRTR_PROV_INTURL} +*/}} ProvisioningURL=https://{{ .Values.global.dmaapDrProvName }}:{{ .Values.global.dmaapDrProvExtPort2 }}/internal/prov # diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml index 453f002212..e1a0b1c660 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml index f8c32e0670..9a3f011e80 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml index 4ad43acf2a..306b0f17eb 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.service" . }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml index 6d797156d8..f653a02cff 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet metadata: {{- include "common.resourceMetadata" . | nindent 2 }} @@ -23,10 +25,10 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - dmaap-dr-prov @@ -38,7 +40,7 @@ spec: fieldPath: metadata.namespace {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config" . | nindent 8 }}{{ end }} - name: {{ include "common.name" . }}-permission-fixer - image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config-volume-mountpath" . | nindent 10 }}{{ end }} - mountPath: {{ .Values.persistence.spool.path }} @@ -48,7 +50,7 @@ spec: command: ["chown","-Rf","1000:1001", "/opt/app/"] containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: {{ include "common.containerPorts" . | nindent 12 }} {{- if eq .Values.liveness.enabled true }} @@ -88,7 +90,7 @@ spec: {{- end -}} # Filebeat sidecar container - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml index 2b4b722bfb..1e08954b66 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml @@ -24,7 +24,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/dmaap/datarouter-node:2.1.6 +image: onap/dmaap/datarouter-node:2.1.7 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml index a873762295..24ca0c9227 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml @@ -29,3 +29,6 @@ dependencies: - name: certInitializer version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/log/filebeat/filebeat.yml b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/log/filebeat/filebeat.yml index db02b2115d..c8a173c531 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/log/filebeat/filebeat.yml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/log/filebeat/filebeat.yml @@ -1,3 +1,4 @@ +{{/* # ============LICENSE_START======================================================= # Copyright (C) 2019 The Nordix Foundation. All rights reserved. # ================================================================================ @@ -15,6 +16,7 @@ # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +*/}} # dmaap-dr-prov filebeat.yml filebeat.prospectors: @@ -58,4 +60,4 @@ output.logstash: #ssl.key: $ssl.key #The passphrase used to decrypt an encrypted key stored in the configured key file - #ssl.key_passphrase: $ssl.key_passphrase
\ No newline at end of file + #ssl.key_passphrase: $ssl.key_passphrase diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml index dba613c33c..73446ee3ec 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml @@ -402,6 +402,7 @@ <appender-ref ref="asyncEELFError" /> <appender-ref ref="asyncEELFjettylog" /> <appender-ref ref="asyncEELFDebug" /> + <appender-ref ref="STDOUT" /> </root> </configuration>
\ No newline at end of file diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties index b6723117a3..d0c3afb9a9 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties +++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties @@ -1,3 +1,4 @@ +{{/* #------------------------------------------------------------------------------- # ============LICENSE_START================================================== # * org.onap.dmaap @@ -20,6 +21,7 @@ # * ECOMP is a trademark and service mark of AT&T Intellectual Property. # * #------------------------------------------------------------------------------- +*/}} #Jetty Server properties diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml index a45ceac035..1a0ca9f759 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml index cbdde02528..a43073e8e2 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment metadata: @@ -35,10 +37,10 @@ spec: hostname: {{ .Values.global.dmaapDrProvName }} initContainers: - name: {{ include "common.name" . }}-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - {{ .Values.config.dmaapDrDb.mariadbContName }} @@ -53,7 +55,7 @@ spec: {{ include "common.certInitializer.initContainer" . | nindent 8 }} - name: {{ include "common.name" . }}-permission-fixer - image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} command: ["chown","-Rf","1000:1001", "/opt/app/"] @@ -61,7 +63,7 @@ spec: {{ end }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.config.dmaapDrProv.internalPort }} @@ -106,7 +108,7 @@ spec: {{- end -}} # Filebeat sidecar container - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml index bd7eb8ea40..34932b713d 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml index c4ca4edc8b..1a0143f9ae 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,11 +12,12 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service metadata: - name: {{ .Values.global.dmaapDrProvName }} + name: {{ default "dmaap-dr-prov" .Values.global.dmaapDrProvName }} namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -59,4 +61,4 @@ spec: {{- end}} selector: app: {{ include "common.name" . }} - release: {{ include "common.release" . }}
\ No newline at end of file + release: {{ include "common.release" . }} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml index 1cf2e583d1..3d4febcde1 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml @@ -35,7 +35,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/dmaap/datarouter-prov:2.1.6 +image: onap/dmaap/datarouter-prov:2.1.7 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/dmaap/components/message-router/Makefile b/kubernetes/dmaap/components/message-router/Makefile new file mode 100644 index 0000000000..4c79718d02 --- /dev/null +++ b/kubernetes/dmaap/components/message-router/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/dmaap/components/message-router/components/Makefile b/kubernetes/dmaap/components/message-router/components/Makefile new file mode 100644 index 0000000000..bf267b7720 --- /dev/null +++ b/kubernetes/dmaap/components/message-router/components/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/dcaegen2/components/dcae-redis/.helmignore b/kubernetes/dmaap/components/message-router/components/message-router-kafka/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/dcaegen2/components/dcae-redis/.helmignore +++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/.helmignore diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/Chart.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/Chart.yaml index f3258bc886..f3258bc886 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/Chart.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/Chart.yaml diff --git a/kubernetes/policy/charts/brmsgw/requirements.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/requirements.yaml index d3c442d32e..99d60642cc 100644 --- a/kubernetes/policy/charts/brmsgw/requirements.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/requirements.yaml @@ -20,3 +20,7 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' + diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties b/kubernetes/dmaap/components/message-router/components/message-router-kafka/resources/config/cadi.properties index 2bee404c0b..2bee404c0b 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties +++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/resources/config/cadi.properties diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/jmx-kafka-prometheus.yml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/resources/config/jmx-kafka-prometheus.yml index 2ab713e789..2ab713e789 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/jmx-kafka-prometheus.yml +++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/resources/config/jmx-kafka-prometheus.yml diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/jaas/kafka_server_jaas.conf b/kubernetes/dmaap/components/message-router/components/message-router-kafka/resources/jaas/kafka_server_jaas.conf index ff43fbb141..ff43fbb141 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/jaas/kafka_server_jaas.conf +++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/resources/jaas/kafka_server_jaas.conf diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/jaas/zk_client_jaas.conf b/kubernetes/dmaap/components/message-router/components/message-router-kafka/resources/jaas/zk_client_jaas.conf index 0755c1e2b7..0755c1e2b7 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/jaas/zk_client_jaas.conf +++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/resources/jaas/zk_client_jaas.conf diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/NOTES.txt b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/NOTES.txt index a44d0f76ee..a44d0f76ee 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/NOTES.txt +++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/NOTES.txt diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/configmap.yaml index 1a86f18e77..b5eed38e5d 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.global.aafEnabled }} apiVersion: v1 @@ -70,4 +72,4 @@ metadata: data: {{ tpl (.Files.Glob "resources/config/jmx-kafka-prometheus.yml").AsConfig . | indent 2 }} --- -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/poddisruptionbudget.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/poddisruptionbudget.yaml index 8e7c05bba1..d12ec126f9 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/poddisruptionbudget.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/poddisruptionbudget.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: policy/v1beta1 kind: PodDisruptionBudget diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/pv.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/pv.yaml index 421dce8903..263caf1059 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/pv.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/pv.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- $global := . -}} {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/secrets.yaml index 428eebcc3e..033d8d5441 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/service-hs.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/service-hs.yaml index 8879e95132..60e4df90f5 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/service-hs.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/service-hs.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/service.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/service.yaml index 03289fbd29..b9472444a3 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/service.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- $root := . -}} {{ range $i, $e := until (atoi (quote $root.Values.replicaCount) | default 3) }} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/statefulset.yaml index 8e916dc980..1eabe3aad6 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Modifications Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet @@ -40,35 +42,15 @@ spec: prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }} {{- end }} spec: - podAntiAffinity: - {{if eq .Values.podAntiAffinityType "hard" -}} - requiredDuringSchedulingIgnoredDuringExecution: - {{- else -}} - preferredDuringSchedulingIgnoredDuringExecution: - {{- end}} - - weight: 1 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: "app" - operator: In - values: - - {{ include "common.name" . }} - - key: "release" - operator: In - values: - - {{ include "common.release" . }} - topologyKey: "kubernetes.io/hostname" {{- if .Values.nodeAffinity }} nodeAffinity: {{ toYaml .Values.nodeAffinity | indent 10 }} {{- end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" initContainers: - - name: {{ include "common.name" . }}-initcontainer - image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.ubuntuInitImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /root/ready.py + - /app/ready.py args: - --container-name - {{ .Values.zookeeper.name }} @@ -78,7 +60,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - command: @@ -87,7 +69,7 @@ spec: - | rm -rf '/var/lib/kafka/data/lost+found'; chown -R 1000:0 /var/lib/kafka/data; - image: "{{ .Values.busyBoxRepository }}/{{ .Values.busyBoxImage }}" + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /var/lib/kafka/data @@ -112,13 +94,13 @@ spec: name: jaas-config - mountPath: /config-input name: jaas - image: "{{ .Values.global.envsubstImage }}" + image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config containers: {{- if .Values.prometheus.jmx.enabled }} - name: prometheus-jmx-exporter - image: "{{ .Values.prometheus.jmx.imageRepository }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}" + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - java @@ -139,7 +121,7 @@ spec: mountPath: /etc/jmx-kafka {{- end }} - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - sh @@ -286,5 +268,3 @@ spec: requests: storage: {{ .Values.persistence.size | quote }} {{ end }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml index 45dc30e4ee..03f8afa182 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml @@ -18,24 +18,14 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 persistence: {} - ubuntuInitRepository: registry.hub.docker.com - envsubstImage: dibi/envsubst ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 image: onap/dmaap/kafka111:1.0.4 pullPolicy: Always -ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 -busyBoxImage: busybox:1.30 -busyBoxRepository: docker.io zookeeper: @@ -80,7 +70,6 @@ prometheus: enabled: false image: solsson/kafka-prometheus-jmx-exporter@sha256 imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143 - imageRepository: docker.io port: 5556 jaas: diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/.helmignore b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/.helmignore +++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/.helmignore diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/Chart.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/Chart.yaml index b3d6247226..b3d6247226 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/Chart.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/Chart.yaml diff --git a/kubernetes/policy/charts/drools/charts/nexus/requirements.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/requirements.yaml index d3c442d32e..99d60642cc 100644 --- a/kubernetes/policy/charts/drools/charts/nexus/requirements.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/requirements.yaml @@ -20,3 +20,7 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' + diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/resources/config/jmx-zookeeper-prometheus.yml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/resources/config/jmx-zookeeper-prometheus.yml index a75b644c5f..a75b644c5f 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/resources/config/jmx-zookeeper-prometheus.yml +++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/resources/config/jmx-zookeeper-prometheus.yml diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/resources/config/zk_server_jaas.conf b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/resources/config/zk_server_jaas.conf index 8266f6b2c6..8266f6b2c6 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/resources/config/zk_server_jaas.conf +++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/resources/config/zk_server_jaas.conf diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/NOTES.txt b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/NOTES.txt index a44d0f76ee..a44d0f76ee 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/NOTES.txt +++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/NOTES.txt diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/_zkquorum.tpl b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/_zkquorum.tpl index 9af910eb89..9af910eb89 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/_zkquorum.tpl +++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/_zkquorum.tpl diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/configmap.yaml index 50091bd387..7a26053d11 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/configmap.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.prometheus.jmx.enabled }} apiVersion: v1 @@ -39,4 +41,4 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ (.Files.Glob "resources/config/zk_server_jaas.conf").AsConfig | indent 2 }}
\ No newline at end of file +{{ (.Files.Glob "resources/config/zk_server_jaas.conf").AsConfig | indent 2 }} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/poddisruptionbudget.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/poddisruptionbudget.yaml index 1d05794c64..db81b890ef 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/poddisruptionbudget.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/poddisruptionbudget.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: policy/v1beta1 kind: PodDisruptionBudget diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/pv.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/pv.yaml index 421dce8903..263caf1059 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/pv.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/pv.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- $global := . -}} {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/secrets.yaml index 428eebcc3e..033d8d5441 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/secrets.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/service.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/service.yaml index c9c8c18f57..6bd13f0594 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/service.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, AT&T, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service @@ -35,4 +37,4 @@ spec: clusterIP: None selector: app: {{ include "common.name" . }} - release: {{ include "common.release" . }}
\ No newline at end of file + release: {{ include "common.release" . }} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/statefulset.yaml index 7c6334c76d..52eff32242 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet @@ -45,25 +47,12 @@ spec: prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }} {{- end }} spec: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: "app" - operator: In - values: - - {{ include "common.name" . }} - - key: "release" - operator: In - values: - - {{ include "common.release" . }} - topologyKey: "kubernetes.io/hostname" {{- if .Values.nodeAffinity }} nodeAffinity: {{ toYaml .Values.nodeAffinity | indent 10 }} {{- end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" initContainers: - name: {{ include "common.name" . }}-permission-fixer command: @@ -71,7 +60,7 @@ spec: - -exec - > chown -R 1000:0 /tmp/zookeeper/apikeys; - image: "{{ .Values.busyBoxRepository }}/{{ .Values.busyBoxImage }}" + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /tmp/zookeeper/apikeys @@ -91,13 +80,13 @@ spec: name: jaas-config - mountPath: /config-input name: jaas - image: "{{ .Values.global.envsubstImage }}" + image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config containers: {{- if .Values.prometheus.jmx.enabled }} - name: prometheus-jmx-exporter - image: "{{ .Values.prometheus.jmx.imageRepository }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}" + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - java @@ -118,7 +107,7 @@ spec: mountPath: /etc/jmx-zookeeper {{- end }} - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {{ include "common.resources" . | indent 12 }} @@ -148,7 +137,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} resources: -{{ toYaml .Values.resources | indent 10 }} +{{ include "common.resources" . | indent 10 }} env: - name : KAFKA_HEAP_OPTS value: "{{ .Values.zkConfig.heapOptions }}" @@ -234,5 +223,3 @@ spec: requests: storage: {{ .Values.persistence.size | quote }} {{ end }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml index 4f861f8789..2da42a4604 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml @@ -18,24 +18,14 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - ubuntuInitRepository: registry.hub.docker.com persistence: {} - envsubstImage: dibi/envsubst ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 image: onap/dmaap/zookeeper:6.0.3 pullPolicy: Always -ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 -busyBoxImage: busybox:1.30 -busyBoxRepository: docker.io # flag to enable debugging - application support required debugEnabled: false @@ -86,7 +76,6 @@ prometheus: enabled: false image: solsson/kafka-prometheus-jmx-exporter@sha256 imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143 - imageRepository: docker.io port: 5556 jaas: diff --git a/kubernetes/dmaap/components/message-router/requirements.yaml b/kubernetes/dmaap/components/message-router/requirements.yaml index 36ee6e4be2..1f1d45aaba 100644 --- a/kubernetes/dmaap/components/message-router/requirements.yaml +++ b/kubernetes/dmaap/components/message-router/requirements.yaml @@ -20,4 +20,12 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' - + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' + - name: message-router-kafka + version: ~6.x-0 + repository: 'file://components/message-router-kafka' + - name: message-router-zookeeper + version: ~6.x-0 + repository: 'file://components/message-router-zookeeper' diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties b/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties index 25b29a583b..8d79ccfc7e 100755 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties +++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties @@ -1,3 +1,4 @@ +{{/* # LICENSE_START======================================================= # org.onap.dmaap # ================================================================================ @@ -36,6 +37,7 @@ ## #config.zk.servers=172.18.1.1 #config.zk.servers={{.Values.zookeeper.name}}:{{.Values.zookeeper.port}} +*/}} config.zk.servers={{include "common.release" .}}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{include "common.release" .}}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{include "common.release" .}}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}} #config.zk.root=/fe3c/cambria/config diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml b/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml index f02a2db764..ad2ce2b92a 100644 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml +++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml @@ -20,11 +20,6 @@ <jmxConfigurator /> <property name="logDirectory" value="${AJSC_HOME}/log" /> <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> - <filter class="ch.qos.logback.classic.filter.LevelFilter"> - <level>ERROR</level> - <onMatch>ACCEPT</onMatch> - <onMismatch>DENY</onMismatch> - </filter> <encoder> <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n </pattern> diff --git a/kubernetes/dmaap/components/message-router/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/templates/configmap.yaml index f981d6f7a6..a253c512eb 100644 --- a/kubernetes/dmaap/components/message-router/templates/configmap.yaml +++ b/kubernetes/dmaap/components/message-router/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap metadata: diff --git a/kubernetes/dmaap/components/message-router/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/templates/secrets.yaml index a6764d3f67..9456c15994 100644 --- a/kubernetes/dmaap/components/message-router/templates/secrets.yaml +++ b/kubernetes/dmaap/components/message-router/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Secret diff --git a/kubernetes/dmaap/components/message-router/templates/service.yaml b/kubernetes/dmaap/components/message-router/templates/service.yaml index 2b0b44e246..8d13879023 100644 --- a/kubernetes/dmaap/components/message-router/templates/service.yaml +++ b/kubernetes/dmaap/components/message-router/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,5 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.service" . }} diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml index 695a816693..e936ed2fb6 100644 --- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet @@ -25,7 +27,7 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - {{ .Values.kafka.name }} @@ -37,13 +39,13 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: {{- if .Values.prometheus.jmx.enabled }} - name: prometheus-jmx-exporter - image: "{{ .Values.prometheus.jmx.imageRepository }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}" + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - java @@ -63,7 +65,7 @@ spec: mountPath: /etc/jmx-kafka {{- end }} - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: {{ include "common.containerPorts" . | nindent 10 }} {{- if eq .Values.liveness.enabled true }} diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml index f742419b46..c4bab2350a 100644 --- a/kubernetes/dmaap/components/message-router/values.yaml +++ b/kubernetes/dmaap/components/message-router/values.yaml @@ -18,16 +18,11 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 image: onap/dmaap/dmaap-mr:1.1.18 pullPolicy: Always @@ -89,7 +84,6 @@ prometheus: enabled: false image: solsson/kafka-prometheus-jmx-exporter@sha256 imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143 - imageRepository: docker.io port: 5556 targetPort: 5555 diff --git a/kubernetes/dmaap/resources/config/log/filebeat/filebeat.yml b/kubernetes/dmaap/resources/config/log/filebeat/filebeat.yml index 40d2476b8e..8540903193 100644 --- a/kubernetes/dmaap/resources/config/log/filebeat/filebeat.yml +++ b/kubernetes/dmaap/resources/config/log/filebeat/filebeat.yml @@ -1,3 +1,4 @@ +{{/* # ============LICENSE_START======================================================= # Copyright (C) 2019 The Nordix Foundation. All rights reserved. # ================================================================================ @@ -15,6 +16,7 @@ # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +*/}} filebeat.prospectors: #it is mandatory, in our case it's log diff --git a/kubernetes/dmaap/templates/configmap.yaml b/kubernetes/dmaap/templates/configmap.yaml index 66628ff42d..2a8e2860fa 100644 --- a/kubernetes/dmaap/templates/configmap.yaml +++ b/kubernetes/dmaap/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # # ============LICENSE_START======================================================= # Copyright (C) 2019 Nordix Foundation. @@ -17,6 +18,7 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= # +*/}} apiVersion: v1 kind: ConfigMap metadata: diff --git a/kubernetes/dmaap/values.yaml b/kubernetes/dmaap/values.yaml index c6b4566e64..c1ba7547db 100644 --- a/kubernetes/dmaap/values.yaml +++ b/kubernetes/dmaap/values.yaml @@ -19,8 +19,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 + readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 clientImage: onap/dmaap/dbc-client:1.0.9 diff --git a/kubernetes/esr/Makefile b/kubernetes/esr/Makefile new file mode 100644 index 0000000000..4c79718d02 --- /dev/null +++ b/kubernetes/esr/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/esr/components/Makefile b/kubernetes/esr/components/Makefile new file mode 100644 index 0000000000..bf267b7720 --- /dev/null +++ b/kubernetes/esr/components/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/.helmignore b/kubernetes/esr/components/esr-gui/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/.helmignore +++ b/kubernetes/esr/components/esr-gui/.helmignore diff --git a/kubernetes/esr/charts/esr-gui/Chart.yaml b/kubernetes/esr/components/esr-gui/Chart.yaml index c8d97bd67f..c8d97bd67f 100644 --- a/kubernetes/esr/charts/esr-gui/Chart.yaml +++ b/kubernetes/esr/components/esr-gui/Chart.yaml diff --git a/kubernetes/policy/charts/drools/requirements.yaml b/kubernetes/esr/components/esr-gui/requirements.yaml index d3c442d32e..0b77abe706 100644 --- a/kubernetes/policy/charts/drools/requirements.yaml +++ b/kubernetes/esr/components/esr-gui/requirements.yaml @@ -20,3 +20,6 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/esr/charts/esr-gui/templates/NOTES.txt b/kubernetes/esr/components/esr-gui/templates/NOTES.txt index e2b067fde4..e2b067fde4 100644 --- a/kubernetes/esr/charts/esr-gui/templates/NOTES.txt +++ b/kubernetes/esr/components/esr-gui/templates/NOTES.txt diff --git a/kubernetes/esr/charts/esr-gui/templates/deployment.yaml b/kubernetes/esr/components/esr-gui/templates/deployment.yaml index 4dee376dee..74f933572f 100644 --- a/kubernetes/esr/charts/esr-gui/templates/deployment.yaml +++ b/kubernetes/esr/components/esr-gui/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -48,7 +50,7 @@ spec: - /opt/tomcat securityContext: privileged: true - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: create-tomcat-dir volumeMounts: @@ -57,7 +59,7 @@ spec: containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} diff --git a/kubernetes/esr/charts/esr-gui/templates/service.yaml b/kubernetes/esr/components/esr-gui/templates/service.yaml index 7dbbaa21b8..b020257873 100644 --- a/kubernetes/esr/charts/esr-gui/templates/service.yaml +++ b/kubernetes/esr/components/esr-gui/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/esr/charts/esr-gui/values.yaml b/kubernetes/esr/components/esr-gui/values.yaml index a191739948..417ace5ab4 100644 --- a/kubernetes/esr/charts/esr-gui/values.yaml +++ b/kubernetes/esr/components/esr-gui/values.yaml @@ -23,7 +23,6 @@ global: # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 image: onap/aai/esr-gui:1.4.0 pullPolicy: Always msbaddr: msb-iag.{{ include "common.namespace" . }}:443 diff --git a/kubernetes/esr/charts/esr-server/Chart.yaml b/kubernetes/esr/components/esr-server/Chart.yaml index 79c7b9d53e..79c7b9d53e 100644 --- a/kubernetes/esr/charts/esr-server/Chart.yaml +++ b/kubernetes/esr/components/esr-server/Chart.yaml diff --git a/kubernetes/policy/charts/pdp/requirements.yaml b/kubernetes/esr/components/esr-server/requirements.yaml index d3c442d32e..0b77abe706 100644 --- a/kubernetes/policy/charts/pdp/requirements.yaml +++ b/kubernetes/esr/components/esr-server/requirements.yaml @@ -20,3 +20,6 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/esr/charts/esr-server/resources/config/log/filebeat/filebeat.yml b/kubernetes/esr/components/esr-server/resources/config/log/filebeat/filebeat.yml index 1e6b5cd860..a60fb95795 100644 --- a/kubernetes/esr/charts/esr-server/resources/config/log/filebeat/filebeat.yml +++ b/kubernetes/esr/components/esr-server/resources/config/log/filebeat/filebeat.yml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} filebeat.prospectors: #it is mandatory, in our case it's log - input_type: log diff --git a/kubernetes/esr/charts/esr-server/resources/config/logback.xml b/kubernetes/esr/components/esr-server/resources/config/logback.xml index c647f3d1e1..fcc9f250d9 100644 --- a/kubernetes/esr/charts/esr-server/resources/config/logback.xml +++ b/kubernetes/esr/components/esr-server/resources/config/logback.xml @@ -15,35 +15,38 @@ # limitations under the License. --> -<configuration scan="false" debug="true"> - <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/> - <property name="p_lvl" value="%level"/> - <property name="p_log" value="%logger"/> - <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/> - <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/> - <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/> - <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/> - <property name="p_thr" value="%thread"/> - <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/> - - <property name="logDir" value="/var/log/onap" /> - <property name="debugDir" value="/var/log/onap" /> - - <property name="componentName" value="esr"></property> - <property name="subComponentName" value="esr-server"></property> +<configuration scan="{{ .Values.log.scan.enabled }}" debug="{{ .Values.log.debug }}"> + + <property name="componentName" value='{{default "UNSET_COMPONENT" .Values.log.componentName}}'/> + <property name="subcomponentName" value='{{default "UNSET_SUBCOMPONENT" .Values.log.subcomponentName}}'/> + + <property name="logDir" value="{{ .Values.log.logDir }}" /> + <property name="queueSize" value="{{ .Values.log.queueSize }}"/> + + <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/> + <property name="p_lvl" value="%level"/> + <property name="p_log" value="%logger"/> + <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/> + <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/> + <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/> + <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/> + <property name="p_thr" value="%thread"/> + <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/> <property name="errorLogName" value="error" /> <property name="metricsLogName" value="metrics" /> <property name="auditLogName" value="audit" /> <property name="debugLogName" value="debug" /> - <property name="errorPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" /> - <property name="debugPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" /> - + <property name="errorPattern" value="${p_tim}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" /> + <property name="debugPattern" value="${p_tim}|%X{RequestId}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" /> <property name="auditPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||||||%msg%n" /> <property name="metricPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|||||%msg%n" /> + <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> - <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" /> + + <!-- Console (human-readable) logging --> + <property name="consolePattern" value="%nopexception${p_log}\t${p_tim}\t${p_lvl}\t%message\t${p_mdc}\t%rootException\t${p_mak}\t${p_thr}%n"/> <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender"> @@ -57,7 +60,7 @@ </appender> <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> + <queueSize>${queueSize}</queueSize> <appender-ref ref="EELFAudit" /> </appender> @@ -73,7 +76,7 @@ </appender> <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> + <queueSize>${queueSize}</queueSize> <appender-ref ref="EELFMetrics"/> </appender> @@ -93,16 +96,16 @@ </appender> <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> + <queueSize>${queueSize}</queueSize> <appender-ref ref="EELFError"/> </appender> <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${debugLogDirectory}/${debugLogName}.log</file> + <file>${logDirectory}/${debugLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${debugLogDirectory}/${debugLogName}.log.%d</fileNamePattern> + <fileNamePattern>${logDirectory}/${debugLogName}.log.%d</fileNamePattern> </rollingPolicy> <encoder> <pattern>${debugPattern}</pattern> @@ -110,11 +113,17 @@ </appender> <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> + <queueSize>${queueSize}</queueSize> <appender-ref ref="EELFDebug" /> <includeCallerData>true</includeCallerData> </appender> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>${consolePattern}</pattern> + </encoder> + </appender> + <logger name="com.att.eelf.audit" level="info" additivity="false"> <appender-ref ref="asyncEELFAudit" /> </logger> @@ -127,9 +136,9 @@ <appender-ref ref="asyncEELFError" /> </logger> - <root level="INFO"> + <root level="{{ .Values.log.root.level }}"> <appender-ref ref="asyncEELFDebug" /> + <appender-ref ref="STDOUT" /> </root> -</configuration> - +</configuration>
\ No newline at end of file diff --git a/kubernetes/esr/charts/esr-server/templates/NOTES.txt b/kubernetes/esr/components/esr-server/templates/NOTES.txt index 5da4ade3a5..5da4ade3a5 100644 --- a/kubernetes/esr/charts/esr-server/templates/NOTES.txt +++ b/kubernetes/esr/components/esr-server/templates/NOTES.txt diff --git a/kubernetes/esr/charts/esr-server/templates/configmap.yaml b/kubernetes/esr/components/esr-server/templates/configmap.yaml index ddba37e8b3..6861a8bdf0 100644 --- a/kubernetes/esr/charts/esr-server/templates/configmap.yaml +++ b/kubernetes/esr/components/esr-server/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/esr/charts/esr-server/templates/deployment.yaml b/kubernetes/esr/components/esr-server/templates/deployment.yaml index 6a98fe6059..03bcaa09d4 100644 --- a/kubernetes/esr/charts/esr-server/templates/deployment.yaml +++ b/kubernetes/esr/components/esr-server/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -48,7 +50,7 @@ spec: - /opt/conf securityContext: privileged: true - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: create-conf-dir volumeMounts: @@ -57,7 +59,7 @@ spec: containers: - name: {{ .Chart.Name }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -101,7 +103,7 @@ spec: securityContext: runAsUser: 1000 runAsGroup: 1000 - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf diff --git a/kubernetes/esr/charts/esr-server/templates/service.yaml b/kubernetes/esr/components/esr-server/templates/service.yaml index f7413734a5..9fb6e93a7b 100644 --- a/kubernetes/esr/charts/esr-server/templates/service.yaml +++ b/kubernetes/esr/components/esr-server/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service @@ -50,4 +52,4 @@ spec: {{- end}} selector: app: {{ include "common.name" . }} - release: {{ include "common.release" . }}
\ No newline at end of file + release: {{ include "common.release" . }} diff --git a/kubernetes/esr/charts/esr-server/values.yaml b/kubernetes/esr/components/esr-server/values.yaml index f3f4f88ebf..a3fb6862a6 100644 --- a/kubernetes/esr/charts/esr-server/values.yaml +++ b/kubernetes/esr/components/esr-server/values.yaml @@ -17,16 +17,11 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 subChartsOnly: enabled: true # application image -repository: nexus3.onap.org:10001 image: onap/aai/esr-server:1.5.2 pullPolicy: Always msbaddr: msb-iag.{{ include "common.namespace" . }}:443 @@ -65,6 +60,17 @@ service: ingress: enabled: false +log: + componentName: esr + subcomponentName: esr-server + debug: true + scan: + enabled: false + logDir: /var/log/onap + queueSize: 256 + root: + level: INFO + resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little diff --git a/kubernetes/esr/requirements.yaml b/kubernetes/esr/requirements.yaml index d3c442d32e..8c2a82dedc 100644 --- a/kubernetes/esr/requirements.yaml +++ b/kubernetes/esr/requirements.yaml @@ -14,9 +14,10 @@ # limitations under the License. dependencies: - - name: common + - name: esr-gui version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local' + repository: 'file://components/esr-gui' + condition: esr-gui.enabled + - name: esr-server + version: ~6.x-0 + repository: 'file://components/esr-server' diff --git a/kubernetes/esr/resources/config/log/esrserver/logback.xml b/kubernetes/esr/resources/config/log/esrserver/logback.xml deleted file mode 100644 index b9a51f1d0a..0000000000 --- a/kubernetes/esr/resources/config/log/esrserver/logback.xml +++ /dev/null @@ -1,44 +0,0 @@ -<?xml version = "1.0" encoding = "UTF-8" ?> -<!-- -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. ---> - -<?xml version="1.0" encoding="UTF-8"?> -<configuration debug="true" scan="true" scanPeriod="3 seconds"> - <!--<jmxConfigurator /> --> - <!-- specify the base path of the log directory --> - <property name="logDir" value="/var/log/onap" /> - <!-- specify the component name --> - <property name="componentName" value="esr" /> - <!-- specify the sub component name --> - <property name="subComponentName" value="xacml-pap-rest" /> - <!-- The directories where logs are written --> - <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> - <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" /> - <!-- log file names --> - <property name="errorLogName" value="error" /> - <property name="metricsLogName" value="metrics" /> - <property name="auditLogName" value="audit" /> - <property name="debugLogName" value="debug" /> - <property name="queueSize" value="256" /> - <property name="maxFileSize" value="50MB" /> - <property name="maxHistory" value="30" /> - <property name="totalSizeCap" value="10GB" /> - <!-- Example evaluator filter applied against console appender --> - <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT"> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> diff --git a/kubernetes/esr/values.yaml b/kubernetes/esr/values.yaml index bd123583c6..5b2f776dfe 100644 --- a/kubernetes/esr/values.yaml +++ b/kubernetes/esr/values.yaml @@ -16,11 +16,11 @@ ################################################################# # Global configuration defaults. ################################################################# -global: - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 # application configuration config: logstashServiceName: log-ls - logstashPort: 5044
\ No newline at end of file + logstashPort: 5044 + +esr-gui: + enabled: true
\ No newline at end of file diff --git a/kubernetes/helm/plugins/deploy/deploy.sh b/kubernetes/helm/plugins/deploy/deploy.sh index bb98a3b95e..40338b9485 100755 --- a/kubernetes/helm/plugins/deploy/deploy.sh +++ b/kubernetes/helm/plugins/deploy/deploy.sh @@ -98,7 +98,12 @@ deploy() { FLAGS=${@:3} CHART_REPO="$(cut -d'/' -f1 <<<"$CHART_URL")" CHART_NAME="$(cut -d'/' -f2 <<<"$CHART_URL")" - CACHE_DIR=~/.helm/plugins/deploy/cache + if [[ $HELM_VER == "v3."* ]]; then + CACHE_DIR=~/.local/share/helm/plugins/deploy/cache + else + CACHE_DIR=~/.helm/plugins/deploy/cache + fi + echo "Use cache dir: $CACHE_DIR" CHART_DIR=$CACHE_DIR/$CHART_NAME CACHE_SUBCHART_DIR=$CHART_DIR-subcharts LOG_DIR=$CHART_DIR/logs @@ -114,7 +119,7 @@ deploy() { if [[ $FLAGS = *"--delay"* ]]; then FLAGS="$(echo $FLAGS| sed -n 's/--delay//p')" DELAY="true" - fi + fi # determine if set-last-applied flag is enabled SET_LAST_APPLIED="false" if [[ $FLAGS = *"--set-last-applied"* ]]; then @@ -246,12 +251,16 @@ deploy() { if [[ $DELAY == "true" ]]; then echo sleep 3m sleep 3m - fi + fi else array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}")) n=${#array[*]} for (( i = n-1; i >= 0; i-- )); do - helm del "${array[i]}" --purge + if [[ $HELM_VER == "v3."* ]]; then + helm del "${array[i]}" + else + helm del "${array[i]}" --purge + fi done fi done @@ -259,6 +268,8 @@ deploy() { # report on success/failures of installs/upgrades helm ls | grep FAILED | grep $RELEASE } +HELM_VER=$(helm version --template "{{.Version}}") +echo $HELM_VER case "${1:-"help"}" in "help") diff --git a/kubernetes/helm/starters/onap-app/requirements.yaml b/kubernetes/helm/starters/onap-app/requirements.yaml index 6a61926e9e..b8e59b0910 100644 --- a/kubernetes/helm/starters/onap-app/requirements.yaml +++ b/kubernetes/helm/starters/onap-app/requirements.yaml @@ -15,4 +15,7 @@ dependencies: - name: common version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 repository: '@local'
\ No newline at end of file diff --git a/kubernetes/helm/starters/onap-app/templates/deployment.yaml b/kubernetes/helm/starters/onap-app/templates/deployment.yaml index c3979dc272..fc76c1ff6d 100644 --- a/kubernetes/helm/starters/onap-app/templates/deployment.yaml +++ b/kubernetes/helm/starters/onap-app/templates/deployment.yaml @@ -33,7 +33,7 @@ spec: initContainers: #Example init container for dependency checking # - command: -# - /root/ready.py +# - /app/ready.py # args: # - --container-name # - mariadb @@ -43,12 +43,12 @@ spec: # fieldRef: # apiVersion: v1 # fieldPath: metadata.namespace -# image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" +# image: {{ include "repositoryGenerator.image.readiness" . }} # imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} # name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} diff --git a/kubernetes/helm/starters/onap-app/values.yaml b/kubernetes/helm/starters/onap-app/values.yaml index 6c119b9bcd..702bfb2a73 100644 --- a/kubernetes/helm/starters/onap-app/values.yaml +++ b/kubernetes/helm/starters/onap-app/values.yaml @@ -17,17 +17,11 @@ ################################################################# global: nodePortPrefix: 302 - repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 image: <onap-app>:<1.2-STAGING-latest> pullPolicy: Always diff --git a/kubernetes/log/Makefile b/kubernetes/log/Makefile new file mode 100644 index 0000000000..89b2f465ec --- /dev/null +++ b/kubernetes/log/Makefile @@ -0,0 +1,56 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi +else + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi +endif + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/log/charts/log-kibana/requirements.yaml b/kubernetes/log/charts/log-kibana/requirements.yaml deleted file mode 100644 index caff1e5dc4..0000000000 --- a/kubernetes/log/charts/log-kibana/requirements.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~6.x-0 - repository: '@local' diff --git a/kubernetes/log/charts/log-logstash/requirements.yaml b/kubernetes/log/charts/log-logstash/requirements.yaml deleted file mode 100644 index caff1e5dc4..0000000000 --- a/kubernetes/log/charts/log-logstash/requirements.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~6.x-0 - repository: '@local' diff --git a/kubernetes/log/components/Makefile b/kubernetes/log/components/Makefile new file mode 100644 index 0000000000..d62cb0b700 --- /dev/null +++ b/kubernetes/log/components/Makefile @@ -0,0 +1,56 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi +else + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi +endif + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/log/charts/log-elasticsearch/Chart.yaml b/kubernetes/log/components/log-elasticsearch/Chart.yaml index 66b0257e35..66b0257e35 100644 --- a/kubernetes/log/charts/log-elasticsearch/Chart.yaml +++ b/kubernetes/log/components/log-elasticsearch/Chart.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-es/requirements.yaml b/kubernetes/log/components/log-elasticsearch/requirements.yaml index caff1e5dc4..bdc19209e7 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/requirements.yaml +++ b/kubernetes/log/components/log-elasticsearch/requirements.yaml @@ -17,3 +17,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/log/charts/log-elasticsearch/resources/config/elasticsearch.yml b/kubernetes/log/components/log-elasticsearch/resources/config/elasticsearch.yml index d39fc97e0d..d39fc97e0d 100644 --- a/kubernetes/log/charts/log-elasticsearch/resources/config/elasticsearch.yml +++ b/kubernetes/log/components/log-elasticsearch/resources/config/elasticsearch.yml diff --git a/kubernetes/log/charts/log-elasticsearch/templates/NOTES.txt b/kubernetes/log/components/log-elasticsearch/templates/NOTES.txt index ab908cd309..ab908cd309 100644 --- a/kubernetes/log/charts/log-elasticsearch/templates/NOTES.txt +++ b/kubernetes/log/components/log-elasticsearch/templates/NOTES.txt diff --git a/kubernetes/log/charts/log-elasticsearch/templates/configmap.yaml b/kubernetes/log/components/log-elasticsearch/templates/configmap.yaml index 20ff6f27c2..fe0349ede9 100644 --- a/kubernetes/log/charts/log-elasticsearch/templates/configmap.yaml +++ b/kubernetes/log/components/log-elasticsearch/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/log/charts/log-elasticsearch/templates/deployment.yaml b/kubernetes/log/components/log-elasticsearch/templates/deployment.yaml index 2f9854fa34..6a0e6d2e3d 100644 --- a/kubernetes/log/charts/log-elasticsearch/templates/deployment.yaml +++ b/kubernetes/log/components/log-elasticsearch/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,8 +13,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} @@ -49,7 +51,7 @@ spec: fieldPath: metadata.namespace securityContext: privileged: true - image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.busyboxImage }} + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: init-sysctl volumeMounts: @@ -57,7 +59,7 @@ spec: mountPath: /logroot/ containers: - name: {{ include "common.name" . }} - image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.elasticRepository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {{ include "common.resources" . | indent 12 }} diff --git a/kubernetes/dcaegen2/components/dcae-redis/templates/ingress.yaml b/kubernetes/log/components/log-elasticsearch/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/dcaegen2/components/dcae-redis/templates/ingress.yaml +++ b/kubernetes/log/components/log-elasticsearch/templates/ingress.yaml diff --git a/kubernetes/log/charts/log-elasticsearch/templates/pv.yaml b/kubernetes/log/components/log-elasticsearch/templates/pv.yaml index 9d4093db11..9d4093db11 100644 --- a/kubernetes/log/charts/log-elasticsearch/templates/pv.yaml +++ b/kubernetes/log/components/log-elasticsearch/templates/pv.yaml diff --git a/kubernetes/log/charts/log-elasticsearch/templates/pvc.yaml b/kubernetes/log/components/log-elasticsearch/templates/pvc.yaml index 6ae4eea0d3..6ae4eea0d3 100644 --- a/kubernetes/log/charts/log-elasticsearch/templates/pvc.yaml +++ b/kubernetes/log/components/log-elasticsearch/templates/pvc.yaml diff --git a/kubernetes/log/charts/log-elasticsearch/templates/service.yaml b/kubernetes/log/components/log-elasticsearch/templates/service.yaml index d02f535958..7736f0c9d7 100644 --- a/kubernetes/log/charts/log-elasticsearch/templates/service.yaml +++ b/kubernetes/log/components/log-elasticsearch/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/log/charts/log-elasticsearch/values.yaml b/kubernetes/log/components/log-elasticsearch/values.yaml index d43a66afe1..7919a0948e 100644 --- a/kubernetes/log/charts/log-elasticsearch/values.yaml +++ b/kubernetes/log/components/log-elasticsearch/values.yaml @@ -24,12 +24,7 @@ global: # Application configuration defaults. ################################################################# -# BusyBox image -busyboxRepository: registry.hub.docker.com -busyboxImage: library/busybox:latest - # application image -loggingRepository: docker.elastic.co image: elasticsearch/elasticsearch:5.5.0 pullPolicy: Always diff --git a/kubernetes/log/charts/log-kibana/Chart.yaml b/kubernetes/log/components/log-kibana/Chart.yaml index 8f5d973177..8f5d973177 100644 --- a/kubernetes/log/charts/log-kibana/Chart.yaml +++ b/kubernetes/log/components/log-kibana/Chart.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/requirements.yaml b/kubernetes/log/components/log-kibana/requirements.yaml index caff1e5dc4..bdc19209e7 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/requirements.yaml +++ b/kubernetes/log/components/log-kibana/requirements.yaml @@ -17,3 +17,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/log/charts/log-kibana/resources/config/README.txt b/kubernetes/log/components/log-kibana/resources/config/README.txt index 2863c1d5e5..2863c1d5e5 100644 --- a/kubernetes/log/charts/log-kibana/resources/config/README.txt +++ b/kubernetes/log/components/log-kibana/resources/config/README.txt diff --git a/kubernetes/log/charts/log-kibana/resources/config/kibana-onboarding.json b/kubernetes/log/components/log-kibana/resources/config/kibana-onboarding.json index e69de29bb2..e69de29bb2 100644 --- a/kubernetes/log/charts/log-kibana/resources/config/kibana-onboarding.json +++ b/kubernetes/log/components/log-kibana/resources/config/kibana-onboarding.json diff --git a/kubernetes/log/charts/log-kibana/resources/config/kibana.yml b/kubernetes/log/components/log-kibana/resources/config/kibana.yml index c086cf8452..377f3c7b65 100644 --- a/kubernetes/log/charts/log-kibana/resources/config/kibana.yml +++ b/kubernetes/log/components/log-kibana/resources/config/kibana.yml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} xpack.graph.enabled: false #Set to false to disable X-Pack graph features. xpack.ml.enabled: false diff --git a/kubernetes/log/charts/log-kibana/templates/NOTES.txt b/kubernetes/log/components/log-kibana/templates/NOTES.txt index f115eb6f23..f115eb6f23 100644 --- a/kubernetes/log/charts/log-kibana/templates/NOTES.txt +++ b/kubernetes/log/components/log-kibana/templates/NOTES.txt diff --git a/kubernetes/log/charts/log-logstash/templates/configmap.yaml b/kubernetes/log/components/log-kibana/templates/configmap.yaml index 4278a6e6d3..3e98246df1 100644 --- a/kubernetes/log/charts/log-logstash/templates/configmap.yaml +++ b/kubernetes/log/components/log-kibana/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/log/charts/log-kibana/templates/deployment.yaml b/kubernetes/log/components/log-kibana/templates/deployment.yaml index 89fc5ce881..a1824d2509 100644 --- a/kubernetes/log/charts/log-kibana/templates/deployment.yaml +++ b/kubernetes/log/components/log-kibana/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,8 +13,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} @@ -33,7 +35,7 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - log-elasticsearch @@ -43,7 +45,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - args: @@ -55,7 +57,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.elasticdumpRepository }}/{{ .Values.elasticdumpImage }}" + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.elasticdumpImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-elasticdump volumeMounts: @@ -64,7 +66,7 @@ spec: subPath: kibana-onboarding.json containers: - name: {{ include "common.name" . }} - image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.elasticRepository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {{ include "common.resources" . | indent 12 }} diff --git a/kubernetes/log/charts/log-elasticsearch/templates/ingress.yaml b/kubernetes/log/components/log-kibana/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/log/charts/log-elasticsearch/templates/ingress.yaml +++ b/kubernetes/log/components/log-kibana/templates/ingress.yaml diff --git a/kubernetes/log/charts/log-kibana/templates/service.yaml b/kubernetes/log/components/log-kibana/templates/service.yaml index 397ecdb2af..c53dc03368 100644 --- a/kubernetes/log/charts/log-kibana/templates/service.yaml +++ b/kubernetes/log/components/log-kibana/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/log/charts/log-kibana/values.yaml b/kubernetes/log/components/log-kibana/values.yaml index 8d4b49e20f..767ea6ae99 100644 --- a/kubernetes/log/charts/log-kibana/values.yaml +++ b/kubernetes/log/components/log-kibana/values.yaml @@ -18,8 +18,6 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 persistence: {} ################################################################# @@ -27,15 +25,9 @@ global: ################################################################# # Elasticdump image -elasticdumpRepository: docker.io elasticdumpImage: taskrabbit/elasticsearch-dump -# BusyBox image -busyboxRepository: registry.hub.docker.com -busyboxImage: library/busybox:latest - # application image -loggingRepository: docker.elastic.co image: kibana/kibana:5.5.0 pullPolicy: Always diff --git a/kubernetes/log/charts/log-logstash/Chart.yaml b/kubernetes/log/components/log-logstash/Chart.yaml index 8349548f86..8349548f86 100644 --- a/kubernetes/log/charts/log-logstash/Chart.yaml +++ b/kubernetes/log/components/log-logstash/Chart.yaml diff --git a/kubernetes/log/components/log-logstash/requirements.yaml b/kubernetes/log/components/log-logstash/requirements.yaml new file mode 100644 index 0000000000..bdc19209e7 --- /dev/null +++ b/kubernetes/log/components/log-logstash/requirements.yaml @@ -0,0 +1,22 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/log/charts/log-logstash/resources/config/logstash.yml b/kubernetes/log/components/log-logstash/resources/config/logstash.yml index d19656dfb3..7c3bd8f851 100644 --- a/kubernetes/log/charts/log-logstash/resources/config/logstash.yml +++ b/kubernetes/log/components/log-logstash/resources/config/logstash.yml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} http.host: "0.0.0.0" pipeline.workers: 3 ## Path where pipeline configurations reside diff --git a/kubernetes/log/charts/log-logstash/resources/config/onap-pipeline.conf b/kubernetes/log/components/log-logstash/resources/config/onap-pipeline.conf index ae86385e2e..d6b0696b81 100644 --- a/kubernetes/log/charts/log-logstash/resources/config/onap-pipeline.conf +++ b/kubernetes/log/components/log-logstash/resources/config/onap-pipeline.conf @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} input { beats { diff --git a/kubernetes/log/charts/log-logstash/templates/NOTES.txt b/kubernetes/log/components/log-logstash/templates/NOTES.txt index f115eb6f23..f115eb6f23 100644 --- a/kubernetes/log/charts/log-logstash/templates/NOTES.txt +++ b/kubernetes/log/components/log-logstash/templates/NOTES.txt diff --git a/kubernetes/log/charts/log-kibana/templates/configmap.yaml b/kubernetes/log/components/log-logstash/templates/configmap.yaml index 4278a6e6d3..3e98246df1 100644 --- a/kubernetes/log/charts/log-kibana/templates/configmap.yaml +++ b/kubernetes/log/components/log-logstash/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/log/charts/log-logstash/templates/deployment.yaml b/kubernetes/log/components/log-logstash/templates/deployment.yaml index 156037bd29..566c7a3b10 100644 --- a/kubernetes/log/charts/log-logstash/templates/deployment.yaml +++ b/kubernetes/log/components/log-logstash/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,8 +13,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} @@ -33,7 +35,7 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - log-elasticsearch @@ -43,12 +45,12 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} - image: "{{ .Values.global.loggingRepository| default .Values.loggingRepository }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.elasticRepository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {{ include "common.resources" . | indent 12 }} diff --git a/kubernetes/log/charts/log-kibana/templates/ingress.yaml b/kubernetes/log/components/log-logstash/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/log/charts/log-kibana/templates/ingress.yaml +++ b/kubernetes/log/components/log-logstash/templates/ingress.yaml diff --git a/kubernetes/log/charts/log-logstash/templates/service.yaml b/kubernetes/log/components/log-logstash/templates/service.yaml index d02f535958..7736f0c9d7 100644 --- a/kubernetes/log/charts/log-logstash/templates/service.yaml +++ b/kubernetes/log/components/log-logstash/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/log/charts/log-logstash/values.yaml b/kubernetes/log/components/log-logstash/values.yaml index a6e6c966ab..7a0674cdf5 100644 --- a/kubernetes/log/charts/log-logstash/values.yaml +++ b/kubernetes/log/components/log-logstash/values.yaml @@ -18,8 +18,6 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 persistence: {} ################################################################# @@ -27,7 +25,6 @@ global: ################################################################# # application image -loggingRepository: docker.elastic.co image: logstash/logstash:5.4.3 pullPolicy: Always diff --git a/kubernetes/log/requirements.yaml b/kubernetes/log/requirements.yaml index a7089ea6b3..ae81fc8441 100644 --- a/kubernetes/log/requirements.yaml +++ b/kubernetes/log/requirements.yaml @@ -16,3 +16,16 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' + - name: log-elasticsearch + version: ~6.x-0 + repository: 'file://components/log-elasticsearch' + - name: log-kibana + version: ~6.x-0 + repository: 'file://components/log-kibana' + - name: log-logstash + version: ~6.x-0 + repository: 'file://components/log-logstash' + diff --git a/kubernetes/log/values.yaml b/kubernetes/log/values.yaml index 817baa476d..ddcf5235cd 100644 --- a/kubernetes/log/values.yaml +++ b/kubernetes/log/values.yaml @@ -18,4 +18,3 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s diff --git a/kubernetes/modeling/Makefile b/kubernetes/modeling/Makefile index 82f7cf43d0..4c79718d02 100644 --- a/kubernetes/modeling/Makefile +++ b/kubernetes/modeling/Makefile @@ -1,4 +1,4 @@ -# Copyright © 2020 Samsung Electrinics +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,10 +12,40 @@ # See the License for the specific language governing permissions and # limitations under the License. -make-modeling: make-modeling-etsicatalog +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) -make-modeling-etsicatalog: - cd charts && helm dep up modeling-etsicatalog && helm lint modeling-etsicatalog clean: - @find . -type f -name '*.tgz' -delete - @find . -type f -name '*.lock' -delete + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/modeling/components/Makefile b/kubernetes/modeling/components/Makefile new file mode 100644 index 0000000000..bf267b7720 --- /dev/null +++ b/kubernetes/modeling/components/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/esr/charts/esr-gui/.helmignore b/kubernetes/modeling/components/modeling-etsicatalog/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/esr/charts/esr-gui/.helmignore +++ b/kubernetes/modeling/components/modeling-etsicatalog/.helmignore diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/Chart.yaml b/kubernetes/modeling/components/modeling-etsicatalog/Chart.yaml index c167da1770..c167da1770 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/Chart.yaml +++ b/kubernetes/modeling/components/modeling-etsicatalog/Chart.yaml diff --git a/kubernetes/modeling/components/modeling-etsicatalog/requirements.yaml b/kubernetes/modeling/components/modeling-etsicatalog/requirements.yaml new file mode 100644 index 0000000000..cadf452100 --- /dev/null +++ b/kubernetes/modeling/components/modeling-etsicatalog/requirements.yaml @@ -0,0 +1,32 @@ +# Copyright © 2020 Samung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: mariadb-galera + version: ~6.x-0 + repository: '@local' + condition: global.mariadbGalera.localCluster + - name: mariadb-init + version: ~6.x-0 + repository: '@local' + condition: not global.mariadbGalera.localCluster + - name: readinessCheck + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/modeling/resources/config/logging/filebeat/filebeat.yml b/kubernetes/modeling/components/modeling-etsicatalog/resources/config/logging/filebeat/filebeat.yml index 0bc14ea908..0bc14ea908 100644 --- a/kubernetes/modeling/resources/config/logging/filebeat/filebeat.yml +++ b/kubernetes/modeling/components/modeling-etsicatalog/resources/config/logging/filebeat/filebeat.yml diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/resources/config/logging/log.yml b/kubernetes/modeling/components/modeling-etsicatalog/resources/config/logging/server/log.yml index 5ac5fefe92..5ac5fefe92 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/resources/config/logging/log.yml +++ b/kubernetes/modeling/components/modeling-etsicatalog/resources/config/logging/server/log.yml diff --git a/kubernetes/policy/charts/pdp/templates/configmap.yaml b/kubernetes/modeling/components/modeling-etsicatalog/templates/configmap.yaml index 79c4d38c68..1a2112bbe2 100644 --- a/kubernetes/policy/charts/pdp/templates/configmap.yaml +++ b/kubernetes/modeling/components/modeling-etsicatalog/templates/configmap.yaml @@ -1,5 +1,5 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,19 +12,20 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-log-configmap + name: {{ include "common.fullname" . }}-logging-configmap namespace: {{ include "common.namespace" . }} data: -{{ tpl (.Files.Glob "resources/config/log/xacml-pdp-rest/logback.xml").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/logging/server/*").AsConfig . | indent 2 }} --- apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-pe-configmap + name: {{ include "common.fullname" . }}-modeling-filebeat-configmap namespace: {{ include "common.namespace" . }} data: -{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/logging/filebeat/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml b/kubernetes/modeling/components/modeling-etsicatalog/templates/deployment.yaml index d3ca0416dc..1a303ff7aa 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml +++ b/kubernetes/modeling/components/modeling-etsicatalog/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -37,24 +39,25 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py args: - - --container-name - - modeling-mariadb + - -j + - "{{ include "common.release" . }}-{{ include "common.name" . }}-config-job" env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness + name: {{ include "common.name" . }}-job-readiness + {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for.msb ) | indent 6 | trim }} - command: - /bin/sh - -c - chown -R 1000:1000 /service/modeling/etsicatalog/static - image: "{{ include "common.repository" . }}/{{ .Values.initImage }}" + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-init volumeMounts: @@ -62,12 +65,7 @@ spec: mountPath: /service/modeling/etsicatalog/static containers: - name: {{ include "common.name" . }} - command: - - bash - args: - - -c - - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -86,16 +84,26 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MSB_PROTO - value: "{{ .Values.global.config.msbProtocol }}" - name: SSL_ENABLED - value: "{{ .Values.global.config.ssl_enabled }}" + value: "{{ .Values.config.ssl_enabled }}" + - name: MSB_ENABLED + value: "{{ .Values.config.msb_enabled }}" - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - - name: MYSQL_ADDR - value: {{ (index .Values "mariadb-galera" "service" "name") }}:{{ (index .Values "mariadb-galera" "service" "internalPort") }} - - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12}} + value: "{{ .Values.config.msbProtocol }}://{{ .Values.config.msbServiceName }}:{{ .Values.config.msbPort }}" + - name: SDC_ADDR + value: "{{ .Values.config.sdcProtocol }}://{{ .Values.config.sdcServiceName }}:{{ .Values.config.sdcPort }}" + - name: DMAAP_ENABLED + value: "{{ .Values.config.dmaap_enabled }}" + - name: DMAAP_ADDR + value: "{{ .Values.config.dmaapProtocol }}://{{ .Values.config.dmaapServiceName }}:{{ .Values.config.dmaapPort }}" + - name: DB_IP + value: "{{ include "common.mariadbService" . }}" + - name: DB_PORT + value: "{{ include "common.mariadbPort" . }}" + - name: DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-db-secret" "key" "login") | indent 12 }} + - name: DB_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-db-secret" "key" "password") | indent 12 }} volumeMounts: - name: {{ include "common.fullname" . }}-etsicatalog mountPath: /service/modeling/etsicatalog/static @@ -120,7 +128,7 @@ spec: # side car containers - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf @@ -150,7 +158,7 @@ spec: - name: {{ include "common.fullname" . }}-filebeat-conf configMap: - name: {{ include "common.release" . }}-modeling-filebeat-configmap + name: {{ include "common.fullname" . }}-modeling-filebeat-configmap - name: {{ include "common.fullname" . }}-data-filebeat emptyDir: {} imagePullSecrets: diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/pv.yaml b/kubernetes/modeling/components/modeling-etsicatalog/templates/pv.yaml index d672025068..d672025068 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/pv.yaml +++ b/kubernetes/modeling/components/modeling-etsicatalog/templates/pv.yaml diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/pvc.yaml b/kubernetes/modeling/components/modeling-etsicatalog/templates/pvc.yaml index e04a0b3ed3..e04a0b3ed3 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/pvc.yaml +++ b/kubernetes/modeling/components/modeling-etsicatalog/templates/pvc.yaml diff --git a/kubernetes/modeling/components/modeling-etsicatalog/templates/secrets.yaml b/kubernetes/modeling/components/modeling-etsicatalog/templates/secrets.yaml new file mode 100644 index 0000000000..8bfebf1679 --- /dev/null +++ b/kubernetes/modeling/components/modeling-etsicatalog/templates/secrets.yaml @@ -0,0 +1,16 @@ +{{/*# Copyright (c) 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml b/kubernetes/modeling/components/modeling-etsicatalog/templates/service.yaml index 61aefa570c..f424cc644e 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml +++ b/kubernetes/modeling/components/modeling-etsicatalog/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service @@ -30,7 +32,7 @@ metadata: "url": "/api/parser/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", - "enable_ssl": {{ .Values.global.config.ssl_enabled }}, + "enable_ssl": {{ .Values.config.ssl_enabled }}, "visualRange":"1" }, { @@ -39,7 +41,7 @@ metadata: "url": "/api/catalog/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", - "enable_ssl": {{ .Values.global.config.ssl_enabled }}, + "enable_ssl": {{ .Values.config.ssl_enabled }}, "visualRange":"1" }, { @@ -48,7 +50,7 @@ metadata: "url": "/api/nsd/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", - "enable_ssl": {{ .Values.global.config.ssl_enabled }}, + "enable_ssl": {{ .Values.config.ssl_enabled }}, "visualRange":"1" }, { @@ -57,7 +59,7 @@ metadata: "url": "/api/vnfpkgm/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", - "enable_ssl": {{ .Values.global.config.ssl_enabled }}, + "enable_ssl": {{ .Values.config.ssl_enabled }}, "visualRange":"1" } ]' diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml b/kubernetes/modeling/components/modeling-etsicatalog/values.yaml index 01747957e3..6c1cae2687 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml +++ b/kubernetes/modeling/components/modeling-etsicatalog/values.yaml @@ -17,34 +17,44 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - - config: - ssl_enabled: false - msbProtocol: https - msbServiceName: msb-iag - msbPort: 443 persistence: mountPath: /dockerdata-nfs + mariadbGalera: + #This flag allows Modeling to instantiate its own mariadb-galera cluster + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera + +readinessCheck: + wait_for: + msb: + name: msb + containers: + - msb-iag + ################################################################# # Secrets metaconfig ################################################################# secrets: - - uid: "db-root-pass" - externalSecret: '{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}' - type: password + - uid: modeling-db-secret + name: &dbSecretName '{{ include "common.release" . }}-modeling-db-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.userName }}' + password: '{{ .Values.config.db.userPassword }}' ################################################################# # Dependencies configuration ################################################################# mariadb-galera: - nameOverride: modeling-mariadb + config: &mariadbConfig + userCredentialsExternalSecret: *dbSecretName + mysqlDatabase: etsicatalog + nameOverride: modeling-db service: name: modeling-db portName: modeling-db @@ -55,15 +65,39 @@ mariadb-galera: enabled: true disableNfsProvisioner: true +mariadb-init: + config: *mariadbConfig + # nameOverride should be the same with common.name + nameOverride: modeling-etsicatalog + ################################################################# # Application configuration defaults. ################################################################# +config: + #application configuration about msb + ssl_enabled: false + msb_enabled: false + msbProtocol: https + msbServiceName: msb-iag + msbPort: 443 + sdcProtocol: https + sdcServiceName: sdc-be + sdcPort: 8443 + dmaap_enabled: false + dmaapProtocol: https + dmaapServiceName: message-router-external + dmaapPort: 3905 + + #application configuration user password about mariadb + db: + userName: etsicatalog + # userPassword: password + # userCredentialsExternalSecret: some-secret + # application image flavor: small -repository: nexus3.onap.org:10001 -image: onap/modeling/etsicatalog:1.0.6 -initImage: busybox:latest +image: onap/modeling/etsicatalog:1.0.9 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/modeling/requirements.yaml b/kubernetes/modeling/requirements.yaml index f99477141f..ada1ded2c4 100644 --- a/kubernetes/modeling/requirements.yaml +++ b/kubernetes/modeling/requirements.yaml @@ -13,6 +13,6 @@ # limitations under the License. dependencies: - - name: common + - name: modeling-etsicatalog version: ~6.x-0 - repository: '@local' + repository: 'file://components/modeling-etsicatalog' diff --git a/kubernetes/modeling/templates/configmap.yaml b/kubernetes/modeling/templates/configmap.yaml deleted file mode 100644 index 02d5d9639c..0000000000 --- a/kubernetes/modeling/templates/configmap.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.release" . }}-modeling-filebeat-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/logging/filebeat/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/msb/charts/kube2msb/templates/deployment.yaml b/kubernetes/msb/charts/kube2msb/templates/deployment.yaml index 71e709f5e5..3d0dcd63ba 100644 --- a/kubernetes/msb/charts/kube2msb/templates/deployment.yaml +++ b/kubernetes/msb/charts/kube2msb/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada , ZTE # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment metadata: @@ -37,7 +39,7 @@ spec: serviceAccountName: msb initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - msb-discovery @@ -47,7 +49,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: diff --git a/kubernetes/msb/charts/kube2msb/values.yaml b/kubernetes/msb/charts/kube2msb/values.yaml index 556931d07e..3c67227873 100644 --- a/kubernetes/msb/charts/kube2msb/values.yaml +++ b/kubernetes/msb/charts/kube2msb/values.yaml @@ -16,8 +16,7 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 + readinessImage: onap/oom/readiness:3.0.1 ################################################################# # Application configuration defaults. diff --git a/kubernetes/msb/charts/msb-consul/resources/docker-entrypoint.sh b/kubernetes/msb/charts/msb-consul/resources/docker-entrypoint.sh new file mode 100755 index 0000000000..0cd46167e4 --- /dev/null +++ b/kubernetes/msb/charts/msb-consul/resources/docker-entrypoint.sh @@ -0,0 +1,100 @@ +#!/usr/bin/dumb-init /bin/sh +set -e +set -x + +# Note above that we run dumb-init as PID 1 in order to reap zombie processes +# as well as forward signals to all processes in its session. Normally, sh +# wouldn't do either of these functions so we'd leak zombies as well as do +# unclean termination of all our sub-processes. +# As of docker 1.13, using docker run --init achieves the same outcome. + +# You can set CONSUL_BIND_INTERFACE to the name of the interface you'd like to +# bind to and this will look up the IP and pass the proper -bind= option along +# to Consul. +CONSUL_BIND= +if [ -n "$CONSUL_BIND_INTERFACE" ]; then + CONSUL_BIND_ADDRESS=$(ip -o -4 addr list $CONSUL_BIND_INTERFACE | head -n1 | awk '{print $4}' | cut -d/ -f1) + if [ -z "$CONSUL_BIND_ADDRESS" ]; then + echo "Could not find IP for interface '$CONSUL_BIND_INTERFACE', exiting" + exit 1 + fi + + CONSUL_BIND="-bind=$CONSUL_BIND_ADDRESS" + echo "==> Found address '$CONSUL_BIND_ADDRESS' for interface '$CONSUL_BIND_INTERFACE', setting bind option..." +fi + +# You can set CONSUL_CLIENT_INTERFACE to the name of the interface you'd like to +# bind client intefaces (HTTP, DNS, and RPC) to and this will look up the IP and +# pass the proper -client= option along to Consul. +CONSUL_CLIENT= +if [ -n "$CONSUL_CLIENT_INTERFACE" ]; then + CONSUL_CLIENT_ADDRESS=$(ip -o -4 addr list $CONSUL_CLIENT_INTERFACE | head -n1 | awk '{print $4}' | cut -d/ -f1) + if [ -z "$CONSUL_CLIENT_ADDRESS" ]; then + echo "Could not find IP for interface '$CONSUL_CLIENT_INTERFACE', exiting" + exit 1 + fi + + CONSUL_CLIENT="-client=$CONSUL_CLIENT_ADDRESS" + echo "==> Found address '$CONSUL_CLIENT_ADDRESS' for interface '$CONSUL_CLIENT_INTERFACE', setting client option..." +fi + +# CONSUL_DATA_DIR is exposed as a volume for possible persistent storage. The +# CONSUL_CONFIG_DIR isn't exposed as a volume but you can compose additional +# config files in there if you use this image as a base, or use CONSUL_LOCAL_CONFIG +# below. +CONSUL_DATA_DIR=/consul/data +CONSUL_CONFIG_DIR=/consul/config + +# You can also set the CONSUL_LOCAL_CONFIG environemnt variable to pass some +# Consul configuration JSON without having to bind any volumes. +if [ -n "$CONSUL_LOCAL_CONFIG" ]; then + echo "$CONSUL_LOCAL_CONFIG" > "$CONSUL_CONFIG_DIR/local.json" +fi + +# If the user is trying to run Consul directly with some arguments, then +# pass them to Consul. +if [ "${1:0:1}" = '-' ]; then + set -- consul "$@" +fi + +# Look for Consul subcommands. +if [ "$1" = 'agent' ]; then + shift + set -- consul agent \ + -data-dir="$CONSUL_DATA_DIR" \ + -config-dir="$CONSUL_CONFIG_DIR" \ + $CONSUL_BIND \ + $CONSUL_CLIENT \ + "$@" +elif [ "$1" = 'version' ]; then + # This needs a special case because there's no help output. + set -- consul "$@" +elif consul --help "$1" 2>&1 | grep -q "consul $1"; then + # We can't use the return code to check for the existence of a subcommand, so + # we have to use grep to look for a pattern in the help output. + set -- consul "$@" +fi + +# If we are running Consul, make sure it executes as the proper user. +if [ "$1" = 'consul' ]; then + # If the data or config dirs are bind mounted then chown them. + # Note: This checks for root ownership as that's the most common case. + if [ "$(stat -c %u /consul/data)" != "$(id -u consul)" ]; then + chown consul:consul /consul/data + fi + if [ "$(stat -c %u /consul/config)" != "$(id -u consul)" ]; then + chown consul:consul /consul/config + fi + + # If requested, set the capability to bind to privileged ports before + # we drop to the non-root user. Note that this doesn't work with all + # storage drivers (it won't work with AUFS). + if [ ! -z ${CONSUL_ALLOW_PRIVILEGED_PORTS+x} ]; then + setcap "cap_net_bind_service=+ep" /bin/consul + fi + +# Instead of using this we run our pod as a non-root user. +# set -- su-exec consul:consul "$@" +fi + +exec "$@" diff --git a/kubernetes/msb/charts/msb-consul/templates/configmap.yaml b/kubernetes/msb/charts/msb-consul/templates/configmap.yaml new file mode 100644 index 0000000000..32adcaec5f --- /dev/null +++ b/kubernetes/msb/charts/msb-consul/templates/configmap.yaml @@ -0,0 +1,27 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-entrypoint + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }} diff --git a/kubernetes/msb/charts/msb-consul/templates/deployment.yaml b/kubernetes/msb/charts/msb-consul/templates/deployment.yaml index 985ab4e8af..c7472cca72 100644 --- a/kubernetes/msb/charts/msb-consul/templates/deployment.yaml +++ b/kubernetes/msb/charts/msb-consul/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada , ZTE # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment metadata: @@ -39,6 +41,16 @@ spec: - name: {{ include "common.name" . }} image: "{{ .Values.global.dockerHubRepository | default .Values.dockerHubRepository }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + runAsGroup: {{ .Values.securityContext.runAsGroup }} + command: + - docker-entrypoint.sh + args: + - "agent" + - "-dev" + - "-client" + - "0.0.0.0" ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -60,6 +72,9 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true + - mountPath: /usr/local/bin/docker-entrypoint.sh + name: entrypoint + subPath: docker-entrypoint.sh resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -74,5 +89,9 @@ spec: - name: localtime hostPath: path: /etc/localtime + - name: entrypoint + configMap: + name: {{ include "common.fullname" . }}-entrypoint + defaultMode: 0777 imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/msb/charts/msb-consul/templates/service.yaml b/kubernetes/msb/charts/msb-consul/templates/service.yaml index 787c68e226..af735b6e74 100644 --- a/kubernetes/msb/charts/msb-consul/templates/service.yaml +++ b/kubernetes/msb/charts/msb-consul/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada , ZTE # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service metadata: diff --git a/kubernetes/msb/charts/msb-consul/values.yaml b/kubernetes/msb/charts/msb-consul/values.yaml index d11649754f..4704f3b24d 100644 --- a/kubernetes/msb/charts/msb-consul/values.yaml +++ b/kubernetes/msb/charts/msb-consul/values.yaml @@ -21,7 +21,7 @@ global: # Application configuration defaults. ################################################################# # application image -dockerHubRepository: registry.hub.docker.com +dockerHubRepository: docker.io image: library/consul:1.4.3 pullPolicy: Always istioSidecar: true @@ -83,3 +83,8 @@ resources: cpu: 20m memory: 100Mi unlimited: {} + +securityContext: + fsGroup: 1000 + runAsUser: 100 + runAsGroup: 1000 diff --git a/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml b/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml index af0b2b975c..3781d96328 100644 --- a/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml +++ b/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml @@ -41,6 +41,12 @@ <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" /> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>${errorPattern}</pattern> + </encoder> + </appender> + <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender"> <file>${logDirectory}/${auditLogName}.log</file> @@ -125,6 +131,7 @@ <root level="INFO"> <appender-ref ref="asyncEELFDebug" /> + <appender-ref ref="STDOUT" /> </root> </configuration> diff --git a/kubernetes/msb/charts/msb-discovery/templates/configmap.yaml b/kubernetes/msb/charts/msb-discovery/templates/configmap.yaml index b047550856..33c77e5eae 100644 --- a/kubernetes/msb/charts/msb-discovery/templates/configmap.yaml +++ b/kubernetes/msb/charts/msb-discovery/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada , ZTE # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap metadata: diff --git a/kubernetes/msb/charts/msb-discovery/templates/deployment.yaml b/kubernetes/msb/charts/msb-discovery/templates/deployment.yaml index b43cb00df4..bcb9da55a1 100644 --- a/kubernetes/msb/charts/msb-discovery/templates/deployment.yaml +++ b/kubernetes/msb/charts/msb-discovery/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada , ZTE # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment metadata: @@ -37,7 +39,7 @@ spec: serviceAccountName: msb initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - msb-consul @@ -47,7 +49,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: diff --git a/kubernetes/msb/charts/msb-discovery/templates/service.yaml b/kubernetes/msb/charts/msb-discovery/templates/service.yaml index 787c68e226..af735b6e74 100644 --- a/kubernetes/msb/charts/msb-discovery/templates/service.yaml +++ b/kubernetes/msb/charts/msb-discovery/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada , ZTE # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service metadata: diff --git a/kubernetes/msb/charts/msb-discovery/values.yaml b/kubernetes/msb/charts/msb-discovery/values.yaml index 9f8f061d8e..4ac27a8f9d 100644 --- a/kubernetes/msb/charts/msb-discovery/values.yaml +++ b/kubernetes/msb/charts/msb-discovery/values.yaml @@ -16,8 +16,7 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 + readinessImage: onap/oom/readiness:3.0.1 ################################################################# # Application configuration defaults. diff --git a/kubernetes/msb/charts/msb-eag/resources/config/logback.xml b/kubernetes/msb/charts/msb-eag/resources/config/logback.xml index 49d5e64896..6dc4443d6e 100644 --- a/kubernetes/msb/charts/msb-eag/resources/config/logback.xml +++ b/kubernetes/msb/charts/msb-eag/resources/config/logback.xml @@ -41,6 +41,12 @@ <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" /> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>${errorPattern}</pattern> + </encoder> + </appender> + <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender"> <file>${logDirectory}/${auditLogName}.log</file> @@ -125,6 +131,7 @@ <root level="INFO"> <appender-ref ref="asyncEELFDebug" /> + <appender-ref ref="STDOUT" /> </root> </configuration> diff --git a/kubernetes/msb/charts/msb-eag/templates/configmap.yaml b/kubernetes/msb/charts/msb-eag/templates/configmap.yaml index b047550856..33c77e5eae 100644 --- a/kubernetes/msb/charts/msb-eag/templates/configmap.yaml +++ b/kubernetes/msb/charts/msb-eag/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada , ZTE # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap metadata: diff --git a/kubernetes/msb/charts/msb-eag/templates/deployment.yaml b/kubernetes/msb/charts/msb-eag/templates/deployment.yaml index d3f4503093..8ce19fb304 100644 --- a/kubernetes/msb/charts/msb-eag/templates/deployment.yaml +++ b/kubernetes/msb/charts/msb-eag/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada , ZTE # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment metadata: @@ -37,7 +39,7 @@ spec: serviceAccountName: msb initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - msb-discovery @@ -47,7 +49,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: diff --git a/kubernetes/msb/charts/msb-eag/templates/service.yaml b/kubernetes/msb/charts/msb-eag/templates/service.yaml index ad2addf267..e8e3a8a947 100644 --- a/kubernetes/msb/charts/msb-eag/templates/service.yaml +++ b/kubernetes/msb/charts/msb-eag/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada , ZTE # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service metadata: diff --git a/kubernetes/msb/charts/msb-eag/values.yaml b/kubernetes/msb/charts/msb-eag/values.yaml index 60c197327e..f63964cd15 100644 --- a/kubernetes/msb/charts/msb-eag/values.yaml +++ b/kubernetes/msb/charts/msb-eag/values.yaml @@ -16,8 +16,7 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 + readinessImage: onap/oom/readiness:3.0.1 ################################################################# # Application configuration defaults. diff --git a/kubernetes/msb/charts/msb-iag/resources/config/logback.xml b/kubernetes/msb/charts/msb-iag/resources/config/logback.xml index bceefc500c..65ff43485a 100644 --- a/kubernetes/msb/charts/msb-iag/resources/config/logback.xml +++ b/kubernetes/msb/charts/msb-iag/resources/config/logback.xml @@ -41,6 +41,12 @@ <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" /> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>${errorPattern}</pattern> + </encoder> + </appender> + <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender"> <file>${logDirectory}/${auditLogName}.log</file> @@ -125,6 +131,7 @@ <root level="INFO"> <appender-ref ref="asyncEELFDebug" /> + <appender-ref ref="STDOUT" /> </root> </configuration> diff --git a/kubernetes/msb/charts/msb-iag/templates/configmap.yaml b/kubernetes/msb/charts/msb-iag/templates/configmap.yaml index b047550856..33c77e5eae 100644 --- a/kubernetes/msb/charts/msb-iag/templates/configmap.yaml +++ b/kubernetes/msb/charts/msb-iag/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada , ZTE # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap metadata: diff --git a/kubernetes/msb/charts/msb-iag/templates/deployment.yaml b/kubernetes/msb/charts/msb-iag/templates/deployment.yaml index d8838211dc..42f36cd279 100644 --- a/kubernetes/msb/charts/msb-iag/templates/deployment.yaml +++ b/kubernetes/msb/charts/msb-iag/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada , ZTE # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment metadata: @@ -37,7 +39,7 @@ spec: serviceAccountName: msb initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - msb-discovery @@ -47,7 +49,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: diff --git a/kubernetes/msb/charts/msb-iag/templates/service.yaml b/kubernetes/msb/charts/msb-iag/templates/service.yaml index ad2addf267..e8e3a8a947 100644 --- a/kubernetes/msb/charts/msb-iag/templates/service.yaml +++ b/kubernetes/msb/charts/msb-iag/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada , ZTE # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service metadata: diff --git a/kubernetes/msb/charts/msb-iag/values.yaml b/kubernetes/msb/charts/msb-iag/values.yaml index a927816492..b1f19c9448 100644 --- a/kubernetes/msb/charts/msb-iag/values.yaml +++ b/kubernetes/msb/charts/msb-iag/values.yaml @@ -16,8 +16,7 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 + readinessImage: onap/oom/readiness:3.0.1 ################################################################# # Application configuration defaults. diff --git a/kubernetes/msb/resources/config/log/filebeat/filebeat.yml b/kubernetes/msb/resources/config/log/filebeat/filebeat.yml index d4fb35bc61..2ba652719f 100644 --- a/kubernetes/msb/resources/config/log/filebeat/filebeat.yml +++ b/kubernetes/msb/resources/config/log/filebeat/filebeat.yml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada , ZTE # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} filebeat.prospectors: #it is mandatory, in our case it's log - input_type: log diff --git a/kubernetes/msb/templates/configmap.yaml b/kubernetes/msb/templates/configmap.yaml index e71397b936..52714297fb 100644 --- a/kubernetes/msb/templates/configmap.yaml +++ b/kubernetes/msb/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada , ZTE # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap metadata: diff --git a/kubernetes/msb/templates/serviceaccout.yaml b/kubernetes/msb/templates/serviceaccout.yaml index c1e1a33174..ae1886239a 100644 --- a/kubernetes/msb/templates/serviceaccout.yaml +++ b/kubernetes/msb/templates/serviceaccout.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada, ZTE # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ServiceAccount metadata: diff --git a/kubernetes/multicloud/Makefile b/kubernetes/multicloud/Makefile index fde29904c7..4c79718d02 100644 --- a/kubernetes/multicloud/Makefile +++ b/kubernetes/multicloud/Makefile @@ -1,4 +1,4 @@ -# Copyright 2019 Intel Corporation, Inc +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,7 +12,40 @@ # See the License for the specific language governing permissions and # limitations under the License. -make-multicloud: make-multicloud-k8s +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets -make-multicloud-k8s: - cd charts && helm dep up multicloud-k8s && helm lint multicloud-k8s +EXCLUDES := dist resources templates charts docker +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/templates/configmap.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/templates/configmap.yaml deleted file mode 100644 index 0f0b59fa18..0000000000 --- a/kubernetes/multicloud/charts/multicloud-prometheus/templates/configmap.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if .Values.global.prometheus.enabled -}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} - -{{- end -}}
\ No newline at end of file diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/templates/pvc.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/templates/pvc.yaml deleted file mode 100644 index 83e05bf868..0000000000 --- a/kubernetes/multicloud/charts/multicloud-prometheus/templates/pvc.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if .Values.global.prometheus.enabled -}} - -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.size }} -{{- end -}} - -{{- end -}} diff --git a/kubernetes/multicloud/charts/multicloud-starlingx/templates/deployment.yaml b/kubernetes/multicloud/charts/multicloud-starlingx/templates/deployment.yaml deleted file mode 100644 index 80e9a97f3b..0000000000 --- a/kubernetes/multicloud/charts/multicloud-starlingx/templates/deployment.yaml +++ /dev/null @@ -1,131 +0,0 @@ -{{/* -# Copyright (c) 2019 Intel Corporation. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - name: {{ include "common.name" . }} - annotations: - sidecar.istio.io/inject: "{{.Values.istioSidecar}}" - spec: - containers: - - env: - - name: MSB_PROTO - value: {{ .Values.config.msbprotocol }} - - name: MSB_ADDR - value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}" - - name: MSB_PORT - value: "{{ .Values.config.msbPort }}" - - name: AAI_ADDR - value: aai.{{ include "common.namespace" . }} - - name: AAI_PORT - value: "{{ .Values.config.aai.port }}" - - name: AAI_SCHEMA_VERSION - value: "{{ .Values.config.aai.schemaVersion }}" - - name: AAI_USERNAME - value: "{{ .Values.config.aai.username }}" - - name: AAI_PASSWORD - value: "{{ .Values.config.aai.password }}" - - name: SSL_ENABLED - value: "{{ .Values.config.ssl_enabled }}" - name: {{ include "common.name" . }} - volumeMounts: - - mountPath: /var/log/onap - name: starlingx-log - - mountPath: /opt/starlingx/starlingx/pub/config/log.yml - name: starlingx-logconfig - subPath: log.yml - - mountPath: /opt/artifacts/ - name: artifact-data - resources: -{{ include "common.resources" . | indent 12 }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{ if .Values.liveness.enabled }} - livenessProbe: - httpGet: - path: /api/multicloud-starlingx/v0/swagger.json - port: {{ .Values.service.internalPort }} - scheme: HTTPS - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - successThreshold: {{ .Values.liveness.successThreshold }} - failureThreshold: {{ .Values.liveness.failureThreshold }} - {{ end }} - # side car containers - - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: filebeat-onap - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - name: filebeat-conf - subPath: filebeat.yml - - mountPath: /var/log/onap - name: starlingx-log - - mountPath: /usr/share/filebeat/data - name: starlingx-data-filebeat - - image: "{{ include "common.repository" . }}/{{ .Values.global.artifactImage }}" - name: framework-artifactbroker - command: ["/opt/app/distribution/bin/artifact-dist.sh"] - args: ["/opt/app/distribution/etc/mounted/config.json"] - ports: - - containerPort: 9014 - protocol: TCP - volumeMounts: - - mountPath: /opt/app/distribution/etc/mounted/config.json - name: starlingx-logconfig - subPath: config.json - - mountPath: /data - name: artifact-data - - volumes: - - name: starlingx-log - emptyDir: {} - - name: starlingx-data-filebeat - emptyDir: {} - - name: filebeat-conf - configMap: - name: multicloud-filebeat-configmap - - name: starlingx-logconfig - configMap: - name: {{ include "common.fullname" . }}-log-configmap - - name: artifact-data - emptyDir: {} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" - restartPolicy: Always diff --git a/kubernetes/multicloud/charts/multicloud-windriver/templates/deployment.yaml b/kubernetes/multicloud/charts/multicloud-windriver/templates/deployment.yaml deleted file mode 100644 index b6773a5a6a..0000000000 --- a/kubernetes/multicloud/charts/multicloud-windriver/templates/deployment.yaml +++ /dev/null @@ -1,145 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - name: {{ include "common.name" . }} - annotations: - sidecar.istio.io/inject: "{{.Values.istioSidecar}}" - spec: - initContainers: - - command: ["sh", "-c", "chown -R 100:101 /data"] - image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.global.ubuntuInitImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-init - volumeMounts: - - mountPath: /data - name: artifact-data - containers: - - env: - - name: MSB_PROTO - value: {{ .Values.config.msbprotocol }} - - name: MSB_ADDR - value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}" - - name: MSB_PORT - value: "{{ .Values.config.msbPort }}" - - name: AAI_ADDR - value: aai.{{ include "common.namespace" . }} - - name: AAI_PORT - value: "{{ .Values.config.aai.port }}" - - name: AAI_SCHEMA_VERSION - value: "{{ .Values.config.aai.schemaVersion }}" - - name: AAI_USERNAME - value: "{{ .Values.config.aai.username }}" - - name: AAI_PASSWORD - value: "{{ .Values.config.aai.password }}" - - name: SSL_ENABLED - value: "{{ .Values.config.ssl_enabled }}" - name: {{ include "common.name" . }} - volumeMounts: - - mountPath: /var/log/onap - name: windriver-log - - mountPath: /opt/windriver/titanium_cloud/pub/config/log.yml - name: windriver-logconfig - subPath: log.yml - - mountPath: /opt/artifacts/ - name: artifact-data - resources: -{{ include "common.resources" . | indent 12 }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{ if .Values.liveness.enabled }} - livenessProbe: - httpGet: - path: /api/multicloud-titaniumcloud/v1/swagger.json - port: {{ .Values.service.internalPort }} - scheme: HTTPS - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - successThreshold: {{ .Values.liveness.successThreshold }} - failureThreshold: {{ .Values.liveness.failureThreshold }} - {{ end }} - # side car containers - - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: filebeat-onap - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - name: filebeat-conf - subPath: filebeat.yml - - mountPath: /var/log/onap - name: windriver-log - - mountPath: /usr/share/filebeat/data - name: windriver-data-filebeat - - image: "{{ include "common.repository" . }}/{{ .Values.global.artifactImage }}" - name: framework-artifactbroker - command: ["/opt/app/distribution/bin/artifact-dist.sh"] - args: ["/opt/app/distribution/etc/mounted/config.json"] - ports: - - containerPort: 9014 - protocol: TCP - volumeMounts: - - mountPath: /opt/app/distribution/etc/mounted/config.json - name: windriver-logconfig - subPath: config.json - - mountPath: /data - name: artifact-data - - volumes: - - name: windriver-log - emptyDir: {} - - name: windriver-data-filebeat - emptyDir: {} - - name: filebeat-conf - configMap: - name: multicloud-filebeat-configmap - - name: windriver-logconfig - configMap: - name: {{ include "common.fullname" . }}-log-configmap - - name: artifact-data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }} - {{- else }} - emptyDir: {} - {{- end }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" - restartPolicy: Always diff --git a/kubernetes/multicloud/components/Makefile b/kubernetes/multicloud/components/Makefile new file mode 100644 index 0000000000..f2e7a1fb82 --- /dev/null +++ b/kubernetes/multicloud/components/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := soHelpers +HELM_BIN := helm +HELM_CHARTS := soHelpers $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/.helmignore b/kubernetes/multicloud/components/multicloud-azure/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/.helmignore +++ b/kubernetes/multicloud/components/multicloud-azure/.helmignore diff --git a/kubernetes/multicloud/charts/multicloud-azure/Chart.yaml b/kubernetes/multicloud/components/multicloud-azure/Chart.yaml index 578123c2a6..578123c2a6 100644 --- a/kubernetes/multicloud/charts/multicloud-azure/Chart.yaml +++ b/kubernetes/multicloud/components/multicloud-azure/Chart.yaml diff --git a/kubernetes/multicloud/components/multicloud-azure/requirements.yaml b/kubernetes/multicloud/components/multicloud-azure/requirements.yaml new file mode 100644 index 0000000000..bdc19209e7 --- /dev/null +++ b/kubernetes/multicloud/components/multicloud-azure/requirements.yaml @@ -0,0 +1,22 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/multicloud/charts/multicloud-azure/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-azure/resources/config/log/log.yml index 5e29829cc2..d47a3581c2 100644 --- a/kubernetes/multicloud/charts/multicloud-azure/resources/config/log/log.yml +++ b/kubernetes/multicloud/components/multicloud-azure/resources/config/log/log.yml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} version: 1 disable_existing_loggers: False diff --git a/kubernetes/multicloud/charts/multicloud-azure/templates/NOTES.txt b/kubernetes/multicloud/components/multicloud-azure/templates/NOTES.txt index befedf4578..befedf4578 100644 --- a/kubernetes/multicloud/charts/multicloud-azure/templates/NOTES.txt +++ b/kubernetes/multicloud/components/multicloud-azure/templates/NOTES.txt diff --git a/kubernetes/multicloud/charts/multicloud-azure/templates/configmap.yaml b/kubernetes/multicloud/components/multicloud-azure/templates/configmap.yaml index 8a6c488ead..8a6c488ead 100644 --- a/kubernetes/multicloud/charts/multicloud-azure/templates/configmap.yaml +++ b/kubernetes/multicloud/components/multicloud-azure/templates/configmap.yaml diff --git a/kubernetes/multicloud/charts/multicloud-azure/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-azure/templates/deployment.yaml index 312c46651b..445b0697d5 100644 --- a/kubernetes/multicloud/charts/multicloud-azure/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-azure/templates/deployment.yaml @@ -64,7 +64,7 @@ spec: subPath: log.yml resources: {{ toYaml (pluck .Values.flavor .Values.resources| first) | indent 12 }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -83,7 +83,7 @@ spec: failureThreshold: {{ .Values.liveness.failureThreshold }} {{ end -}} # side car containers - - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + - image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: filebeat-onap volumeMounts: diff --git a/kubernetes/multicloud/charts/multicloud-azure/templates/service.yaml b/kubernetes/multicloud/components/multicloud-azure/templates/service.yaml index f52d8690ea..f52d8690ea 100644 --- a/kubernetes/multicloud/charts/multicloud-azure/templates/service.yaml +++ b/kubernetes/multicloud/components/multicloud-azure/templates/service.yaml diff --git a/kubernetes/multicloud/charts/multicloud-azure/values.yaml b/kubernetes/multicloud/components/multicloud-azure/values.yaml index 131c8c9d65..0749c0b432 100644 --- a/kubernetes/multicloud/charts/multicloud-azure/values.yaml +++ b/kubernetes/multicloud/components/multicloud-azure/values.yaml @@ -23,7 +23,6 @@ global: # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 image: onap/multicloud/azure:1.2.4 pullPolicy: Always diff --git a/kubernetes/multicloud/charts/multicloud-azure/.helmignore b/kubernetes/multicloud/components/multicloud-fcaps/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/multicloud/charts/multicloud-azure/.helmignore +++ b/kubernetes/multicloud/components/multicloud-fcaps/.helmignore diff --git a/kubernetes/multicloud/charts/multicloud-fcaps/Chart.yaml b/kubernetes/multicloud/components/multicloud-fcaps/Chart.yaml index a392ba25a4..a392ba25a4 100644 --- a/kubernetes/multicloud/charts/multicloud-fcaps/Chart.yaml +++ b/kubernetes/multicloud/components/multicloud-fcaps/Chart.yaml diff --git a/kubernetes/multicloud/components/multicloud-fcaps/requirements.yaml b/kubernetes/multicloud/components/multicloud-fcaps/requirements.yaml new file mode 100644 index 0000000000..bdc19209e7 --- /dev/null +++ b/kubernetes/multicloud/components/multicloud-fcaps/requirements.yaml @@ -0,0 +1,22 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/multicloud/charts/multicloud-fcaps/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-fcaps/resources/config/log/log.yml index 49e532065d..21991b75fe 100644 --- a/kubernetes/multicloud/charts/multicloud-fcaps/resources/config/log/log.yml +++ b/kubernetes/multicloud/components/multicloud-fcaps/resources/config/log/log.yml @@ -1,3 +1,4 @@ +{{/* # Copyright (c) 2019, CMCC Technologies Co., Ltd. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} version: 1 disable_existing_loggers: False diff --git a/kubernetes/multicloud/charts/multicloud-fcaps/templates/NOTES.txt b/kubernetes/multicloud/components/multicloud-fcaps/templates/NOTES.txt index ae62a4f604..ae62a4f604 100644 --- a/kubernetes/multicloud/charts/multicloud-fcaps/templates/NOTES.txt +++ b/kubernetes/multicloud/components/multicloud-fcaps/templates/NOTES.txt diff --git a/kubernetes/multicloud/charts/multicloud-fcaps/templates/configmap.yaml b/kubernetes/multicloud/components/multicloud-fcaps/templates/configmap.yaml index 5fb6bb69df..5fb6bb69df 100644 --- a/kubernetes/multicloud/charts/multicloud-fcaps/templates/configmap.yaml +++ b/kubernetes/multicloud/components/multicloud-fcaps/templates/configmap.yaml diff --git a/kubernetes/multicloud/charts/multicloud-fcaps/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-fcaps/templates/deployment.yaml index 110f9aa84f..99d2314a07 100644 --- a/kubernetes/multicloud/charts/multicloud-fcaps/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-fcaps/templates/deployment.yaml @@ -67,7 +67,7 @@ spec: subPath: log.yml resources: {{ include "common.resources" . | indent 12 }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -86,7 +86,7 @@ spec: failureThreshold: {{ .Values.liveness.failureThreshold }} {{ end }} # side car containers - - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + - image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: filebeat-onap volumeMounts: @@ -97,7 +97,7 @@ spec: name: fcaps-log - mountPath: /usr/share/filebeat/data name: fcaps-data-filebeat - - image: {{ .Values.rabbitmq }} + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.rabbitmq }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: rabbit-mq diff --git a/kubernetes/multicloud/charts/multicloud-fcaps/templates/service.yaml b/kubernetes/multicloud/components/multicloud-fcaps/templates/service.yaml index fabe32e0ff..fabe32e0ff 100644 --- a/kubernetes/multicloud/charts/multicloud-fcaps/templates/service.yaml +++ b/kubernetes/multicloud/components/multicloud-fcaps/templates/service.yaml diff --git a/kubernetes/multicloud/charts/multicloud-fcaps/values.yaml b/kubernetes/multicloud/components/multicloud-fcaps/values.yaml index 6182cbe6c1..c66e4e829f 100644 --- a/kubernetes/multicloud/charts/multicloud-fcaps/values.yaml +++ b/kubernetes/multicloud/components/multicloud-fcaps/values.yaml @@ -22,7 +22,6 @@ global: # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 image: onap/multicloud/openstack-fcaps:1.5.5 pullPolicy: Always diff --git a/kubernetes/multicloud/charts/multicloud-k8s/Chart.yaml b/kubernetes/multicloud/components/multicloud-k8s/Chart.yaml index cbd8da9bec..cbd8da9bec 100644 --- a/kubernetes/multicloud/charts/multicloud-k8s/Chart.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/Chart.yaml diff --git a/kubernetes/multicloud/charts/multicloud-k8s/requirements.yaml b/kubernetes/multicloud/components/multicloud-k8s/requirements.yaml index 78faffd976..9071fafece 100644 --- a/kubernetes/multicloud/charts/multicloud-k8s/requirements.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/requirements.yaml @@ -25,3 +25,6 @@ dependencies: - name: etcd version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/multicloud/charts/multicloud-k8s/resources/config/config.json b/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json index 27df701b80..2ce2d8564b 100644 --- a/kubernetes/multicloud/charts/multicloud-k8s/resources/config/config.json +++ b/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json @@ -45,7 +45,8 @@ "HEAT_VOL", "OTHER", "VF_MODULES_METADATA", - "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACT" + "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACT", + "HELM" ], "consumerGroup": "multicloud-k8s-group", "environmentName": "AUTO", diff --git a/kubernetes/multicloud/charts/multicloud-k8s/resources/config/k8sconfig.json b/kubernetes/multicloud/components/multicloud-k8s/resources/config/k8sconfig.json index d6fa40d471..d6fa40d471 100644 --- a/kubernetes/multicloud/charts/multicloud-k8s/resources/config/k8sconfig.json +++ b/kubernetes/multicloud/components/multicloud-k8s/resources/config/k8sconfig.json diff --git a/kubernetes/multicloud/charts/multicloud-k8s/templates/configmap.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/configmap.yaml index a159b65379..a159b65379 100644 --- a/kubernetes/multicloud/charts/multicloud-k8s/templates/configmap.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/templates/configmap.yaml diff --git a/kubernetes/multicloud/charts/multicloud-k8s/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml index a64324a86e..9f50d35784 100644 --- a/kubernetes/multicloud/charts/multicloud-k8s/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml @@ -36,7 +36,7 @@ spec: release: {{ include "common.release" . }} spec: containers: - - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }} command: ["/opt/multicloud/k8splugin/k8plugin"] @@ -72,7 +72,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - - image: "{{ include "common.repository" . }}/{{ .Values.global.artifactImage }}" + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.artifactImage }} name: framework-artifactbroker command: ["/opt/app/distribution/bin/artifact-dist.sh"] args: ["/opt/app/distribution/etc/mounted/config.json"] diff --git a/kubernetes/multicloud/charts/multicloud-k8s/templates/service.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/service.yaml index b2b39db899..b2b39db899 100644 --- a/kubernetes/multicloud/charts/multicloud-k8s/templates/service.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/templates/service.yaml diff --git a/kubernetes/multicloud/charts/multicloud-k8s/values.yaml b/kubernetes/multicloud/components/multicloud-k8s/values.yaml index f0bfedb43a..5c840ec9a4 100644 --- a/kubernetes/multicloud/charts/multicloud-k8s/values.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/values.yaml @@ -17,17 +17,14 @@ ################################################################# global: nodePortPrefixExt: 304 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 persistence: {} + artifactImage: onap/multicloud/framework-artifactbroker:1.6.0 + ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/multicloud/k8s:0.6.0 +image: onap/multicloud/k8s:0.7.0 pullPolicy: Always # flag to enable debugging - application support required @@ -74,6 +71,23 @@ mongo: mountSubPath: multicloud-k8s/mongo/data enabled: true disableNfsProvisioner: true + flavor: &storage_flavor large + resources: &storage_resources + small: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 10m + memory: 75Mi + large: + limits: + cpu: 200m + memory: 1Gi + requests: + cpu: 50m + memory: 300Mi + unlimited: {} #etcd chart overrides for k8splugin etcd: @@ -83,6 +97,8 @@ etcd: persistence: mountSubPath: multicloud-k8s/etcd/data enabled: true + flavor: *storage_flavor + resources: *storage_resources # No persistence right now as we rely on Mongo to handle that persistence: diff --git a/kubernetes/multicloud/charts/multicloud-fcaps/.helmignore b/kubernetes/multicloud/components/multicloud-pike/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/multicloud/charts/multicloud-fcaps/.helmignore +++ b/kubernetes/multicloud/components/multicloud-pike/.helmignore diff --git a/kubernetes/multicloud/charts/multicloud-pike/Chart.yaml b/kubernetes/multicloud/components/multicloud-pike/Chart.yaml index e86273c90b..e86273c90b 100644 --- a/kubernetes/multicloud/charts/multicloud-pike/Chart.yaml +++ b/kubernetes/multicloud/components/multicloud-pike/Chart.yaml diff --git a/kubernetes/multicloud/components/multicloud-pike/requirements.yaml b/kubernetes/multicloud/components/multicloud-pike/requirements.yaml new file mode 100644 index 0000000000..bdc19209e7 --- /dev/null +++ b/kubernetes/multicloud/components/multicloud-pike/requirements.yaml @@ -0,0 +1,22 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/multicloud/charts/multicloud-pike/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml index 8e40564093..43e681e615 100644 --- a/kubernetes/multicloud/charts/multicloud-pike/resources/config/log/log.yml +++ b/kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml @@ -1,3 +1,4 @@ +{{/* # Copyright (c) 2018 Intel Corporation. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} version: 1 disable_existing_loggers: False diff --git a/kubernetes/multicloud/charts/multicloud-pike/templates/NOTES.txt b/kubernetes/multicloud/components/multicloud-pike/templates/NOTES.txt index 7adeb620b5..7adeb620b5 100644 --- a/kubernetes/multicloud/charts/multicloud-pike/templates/NOTES.txt +++ b/kubernetes/multicloud/components/multicloud-pike/templates/NOTES.txt diff --git a/kubernetes/multicloud/charts/multicloud-pike/templates/configmap.yaml b/kubernetes/multicloud/components/multicloud-pike/templates/configmap.yaml index df5f76a478..df5f76a478 100644 --- a/kubernetes/multicloud/charts/multicloud-pike/templates/configmap.yaml +++ b/kubernetes/multicloud/components/multicloud-pike/templates/configmap.yaml diff --git a/kubernetes/multicloud/charts/multicloud-pike/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml index 76f3e8cbdc..b48e8dc431 100644 --- a/kubernetes/multicloud/charts/multicloud-pike/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml @@ -40,6 +40,8 @@ spec: spec: containers: - env: + - name: MSB_PROTO + value: {{ .Values.config.msbprotocol }} - name: MSB_ADDR value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}" - name: MSB_PORT @@ -54,6 +56,8 @@ spec: value: "{{ .Values.config.aai.username }}" - name: AAI_PASSWORD value: "{{ .Values.config.aai.password }}" + - name: SSL_ENABLED + value: "{{ .Values.config.ssl_enabled }}" name: {{ include "common.name" . }} volumeMounts: - mountPath: /var/log/onap @@ -63,7 +67,7 @@ spec: subPath: log.yml resources: {{ include "common.resources" . | indent 12 }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -82,7 +86,7 @@ spec: failureThreshold: {{ .Values.liveness.failureThreshold }} {{ end }} # side car containers - - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + - image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: filebeat-onap volumeMounts: diff --git a/kubernetes/multicloud/charts/multicloud-pike/templates/service.yaml b/kubernetes/multicloud/components/multicloud-pike/templates/service.yaml index 503fae375a..503fae375a 100644 --- a/kubernetes/multicloud/charts/multicloud-pike/templates/service.yaml +++ b/kubernetes/multicloud/components/multicloud-pike/templates/service.yaml diff --git a/kubernetes/multicloud/charts/multicloud-pike/values.yaml b/kubernetes/multicloud/components/multicloud-pike/values.yaml index ec79a1a847..3fc572631a 100644 --- a/kubernetes/multicloud/charts/multicloud-pike/values.yaml +++ b/kubernetes/multicloud/components/multicloud-pike/values.yaml @@ -22,7 +22,6 @@ global: # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 image: onap/multicloud/openstack-pike:1.5.5 pullPolicy: Always @@ -31,8 +30,10 @@ istioSidecar: true # application configuration config: + ssl_enabled: false + msbprotocol: https msbgateway: msb-iag - msbPort: 80 + msbPort: 443 aai: port: 8443 schemaVersion: v13 diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/Chart.yaml b/kubernetes/multicloud/components/multicloud-prometheus/Chart.yaml index 0f5533dbb5..0f5533dbb5 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/Chart.yaml +++ b/kubernetes/multicloud/components/multicloud-prometheus/Chart.yaml diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/Chart.yaml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/Chart.yaml index 52116145b4..52116145b4 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/Chart.yaml +++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/Chart.yaml diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/resources/config/alertmanager.yml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/resources/config/alertmanager.yml index 3dd1acb5b0..3dd1acb5b0 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/resources/config/alertmanager.yml +++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/resources/config/alertmanager.yml diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/configmap.yaml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/templates/configmap.yaml index 2dafcc381e..2dafcc381e 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/configmap.yaml +++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/templates/configmap.yaml diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/templates/deployment.yaml index d81d638731..ca56b670cd 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/templates/deployment.yaml @@ -40,7 +40,7 @@ spec: spec: containers: - name: {{ include "common.name" . }}-configmap-reload - image: "{{ .Values.global.configmapReload.image.repository }}:{{ .Values.global.configmapReload.image.tag }}" + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.global.configmapReload.image.repository }}:{{ .Values.global.configmapReload.image.tag }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} args: - --volume-dir=/etc/config @@ -51,7 +51,7 @@ spec: readOnly: true - name: {{ include "common.name" . }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} args: - --config.file=/etc/config/alertmanager.yml diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/pv.yaml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/templates/pv.yaml index aa1485da57..aa1485da57 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/pv.yaml +++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/templates/pv.yaml diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/pvc.yaml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/templates/pvc.yaml index 918d002cdb..918d002cdb 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/pvc.yaml +++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/templates/pvc.yaml diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/service.yaml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/templates/service.yaml index da5156a93a..da5156a93a 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/service.yaml +++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/templates/service.yaml diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/values.yaml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/values.yaml index ccd70b30cf..ccd70b30cf 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/values.yaml +++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-alertmanager/values.yaml diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/Chart.yaml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/Chart.yaml index 1456eff4e7..1456eff4e7 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/Chart.yaml +++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/Chart.yaml diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/resources/config/grafana.ini b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/resources/config/grafana.ini index 9dc0f09cd9..9dc0f09cd9 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/resources/config/grafana.ini +++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/resources/config/grafana.ini diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/configmap.yaml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/templates/configmap.yaml index ab570896db..ab570896db 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/configmap.yaml +++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/templates/configmap.yaml diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/templates/deployment.yaml index 7fc8ac8c1e..2dea842733 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/templates/deployment.yaml @@ -41,7 +41,7 @@ spec: {{- if .Values.dashboards }} initContainers: - name: {{ include "common.name" . }}-download-dashboards - image: "{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}" + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["sh", "/etc/grafana/download_dashboards.sh"] volumeMounts: @@ -54,7 +54,7 @@ spec: containers: - name: {{ include "common.name" . }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {{ toYaml .Values.resources | indent 10 }} diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/pv.yaml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/templates/pv.yaml index 0c7ea4b560..0c7ea4b560 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/pv.yaml +++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/templates/pv.yaml diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/pvc.yaml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/templates/pvc.yaml index 68ab6c487f..68ab6c487f 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/pvc.yaml +++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/templates/pvc.yaml diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/service.yaml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/templates/service.yaml index 775af0afa7..775af0afa7 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/service.yaml +++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/templates/service.yaml diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/values.yaml b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/values.yaml index 43f4e93a6f..43f4e93a6f 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/values.yaml +++ b/kubernetes/multicloud/components/multicloud-prometheus/charts/prometheus-grafana/values.yaml diff --git a/kubernetes/multicloud/components/multicloud-prometheus/requirements.yaml b/kubernetes/multicloud/components/multicloud-prometheus/requirements.yaml new file mode 100644 index 0000000000..bdc19209e7 --- /dev/null +++ b/kubernetes/multicloud/components/multicloud-prometheus/requirements.yaml @@ -0,0 +1,22 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/resources/config/prometheus.yml b/kubernetes/multicloud/components/multicloud-prometheus/resources/config/prometheus.yml index 0355b48ab5..0355b48ab5 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/resources/config/prometheus.yml +++ b/kubernetes/multicloud/components/multicloud-prometheus/resources/config/prometheus.yml diff --git a/kubernetes/sdnc/charts/ueb-listener/templates/configmap.yaml b/kubernetes/multicloud/components/multicloud-prometheus/templates/configmap.yaml index c41c3ef0d6..471c9094aa 100644 --- a/kubernetes/sdnc/charts/ueb-listener/templates/configmap.yaml +++ b/kubernetes/multicloud/components/multicloud-prometheus/templates/configmap.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2017 Amdocs, Bell Canada +# Copyright 2018 Intel Corporation, Inc # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,4 +25,4 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-prometheus/templates/deployment.yaml index cb76bace9c..3a5c8edb5f 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-prometheus/templates/deployment.yaml @@ -14,8 +14,6 @@ # limitations under the License. */}} -{{- if .Values.global.prometheus.enabled -}} - apiVersion: apps/v1 kind: Deployment metadata: @@ -39,7 +37,7 @@ spec: name: {{ include "common.name" . }} spec: initContainers: - - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + - image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-chown-init command: ["chown", "-R", "65534:65534", "{{ .Values.persistence.containerMountPath }}"] @@ -48,7 +46,7 @@ spec: mountPath: {{ .Values.persistence.containerMountPath }} containers: - name: {{ include "common.name" . }}-configmap-reload - image: "{{ .Values.global.configmapReload.image.repository }}:{{ .Values.global.configmapReload.image.tag }}" + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.global.configmapReload.image.repository }}:{{ .Values.global.configmapReload.image.tag }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} args: - --volume-dir=/etc/config @@ -59,7 +57,7 @@ spec: readOnly: true - name: {{ include "common.name" . }}-server - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} args: - --config.file=/etc/config/prometheus.yml @@ -121,5 +119,3 @@ spec: imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" restartPolicy: Always - -{{- end -}} diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/templates/pv.yaml b/kubernetes/multicloud/components/multicloud-prometheus/templates/pv.yaml index 9bd51de78c..1b67193e7a 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/templates/pv.yaml +++ b/kubernetes/multicloud/components/multicloud-prometheus/templates/pv.yaml @@ -14,7 +14,6 @@ # limitations under the License. */}} -{{- if .Values.global.prometheus.enabled -}} {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} {{- if eq "True" (include "common.needPV" .) -}} kind: PersistentVolume @@ -39,4 +38,3 @@ spec: path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} {{- end -}} {{- end -}} -{{- end -}} diff --git a/kubernetes/pnda/charts/dcae-pnda-bootstrap/templates/pvc.yaml b/kubernetes/multicloud/components/multicloud-prometheus/templates/pvc.yaml index e9775d842d..77cc681743 100644 --- a/kubernetes/pnda/charts/dcae-pnda-bootstrap/templates/pvc.yaml +++ b/kubernetes/multicloud/components/multicloud-prometheus/templates/pvc.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2019 Amdocs, Bell Canada, Orange +# Copyright 2018 Intel Corporation, Inc # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} + {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} kind: PersistentVolumeClaim apiVersion: v1 diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/templates/service.yaml b/kubernetes/multicloud/components/multicloud-prometheus/templates/service.yaml index 90e21b7354..b8dbb687fb 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/templates/service.yaml +++ b/kubernetes/multicloud/components/multicloud-prometheus/templates/service.yaml @@ -14,8 +14,6 @@ # limitations under the License. */}} -{{- if .Values.global.prometheus.enabled -}} - apiVersion: v1 kind: Service metadata: @@ -41,6 +39,4 @@ spec: protocol: TCP selector: app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - -{{- end -}}
\ No newline at end of file + release: {{ include "common.release" . }}
\ No newline at end of file diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/values.yaml b/kubernetes/multicloud/components/multicloud-prometheus/values.yaml index 5065392214..fa949c0c75 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/values.yaml +++ b/kubernetes/multicloud/components/multicloud-prometheus/values.yaml @@ -17,12 +17,6 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - busyboxRepository: registry.hub.docker.com - busyboxImage: library/busybox:latest alertmanager: enabled: false grafana: diff --git a/kubernetes/multicloud/charts/multicloud-pike/.helmignore b/kubernetes/multicloud/components/multicloud-starlingx/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/multicloud/charts/multicloud-pike/.helmignore +++ b/kubernetes/multicloud/components/multicloud-starlingx/.helmignore diff --git a/kubernetes/multicloud/charts/multicloud-starlingx/Chart.yaml b/kubernetes/multicloud/components/multicloud-starlingx/Chart.yaml index 1305d419bb..1fba2ae385 100644 --- a/kubernetes/multicloud/charts/multicloud-starlingx/Chart.yaml +++ b/kubernetes/multicloud/components/multicloud-starlingx/Chart.yaml @@ -15,4 +15,4 @@ apiVersion: v1 description: ONAP multicloud OpenStack Starlingx Plugin name: multicloud-starlingx -version: 3.0.0 +version: 6.0.0 diff --git a/kubernetes/multicloud/components/multicloud-starlingx/requirements.yaml b/kubernetes/multicloud/components/multicloud-starlingx/requirements.yaml new file mode 100644 index 0000000000..bdc19209e7 --- /dev/null +++ b/kubernetes/multicloud/components/multicloud-starlingx/requirements.yaml @@ -0,0 +1,22 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/config.json b/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/config.json index da0727c3a7..da0727c3a7 100644 --- a/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/config.json +++ b/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/config.json diff --git a/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml index 9112e352e4..e4d3d54b38 100644 --- a/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/log.yml +++ b/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml @@ -1,3 +1,4 @@ +{{/* # Copyright (c) 2019 Intel Corporation. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} version: 1 disable_existing_loggers: False diff --git a/kubernetes/multicloud/charts/multicloud-starlingx/templates/NOTES.txt b/kubernetes/multicloud/components/multicloud-starlingx/templates/NOTES.txt index 746215b541..746215b541 100644 --- a/kubernetes/multicloud/charts/multicloud-starlingx/templates/NOTES.txt +++ b/kubernetes/multicloud/components/multicloud-starlingx/templates/NOTES.txt diff --git a/kubernetes/multicloud/charts/multicloud-starlingx/templates/configmap.yaml b/kubernetes/multicloud/components/multicloud-starlingx/templates/configmap.yaml index e271a4f233..e271a4f233 100644 --- a/kubernetes/multicloud/charts/multicloud-starlingx/templates/configmap.yaml +++ b/kubernetes/multicloud/components/multicloud-starlingx/templates/configmap.yaml diff --git a/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml new file mode 100644 index 0000000000..5413327d0b --- /dev/null +++ b/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml @@ -0,0 +1,130 @@ +{{/* +# Copyright (c) 2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + name: {{ include "common.name" . }} + annotations: + sidecar.istio.io/inject: "{{.Values.istioSidecar}}" + spec: + containers: + - env: + - name: MSB_PROTO + value: {{ .Values.config.msbprotocol }} + - name: MSB_ADDR + value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}" + - name: MSB_PORT + value: "{{ .Values.config.msbPort }}" + - name: AAI_ADDR + value: aai.{{ include "common.namespace" . }} + - name: AAI_PORT + value: "{{ .Values.config.aai.port }}" + - name: AAI_SCHEMA_VERSION + value: "{{ .Values.config.aai.schemaVersion }}" + - name: AAI_USERNAME + value: "{{ .Values.config.aai.username }}" + - name: AAI_PASSWORD + value: "{{ .Values.config.aai.password }}" + - name: SSL_ENABLED + value: "{{ .Values.config.ssl_enabled }}" + name: {{ include "common.name" . }} + volumeMounts: + - mountPath: /var/log/onap + name: starlingx-log + - mountPath: /opt/starlingx/starlingx/pub/config/log.yml + name: starlingx-logconfig + subPath: log.yml + - mountPath: /opt/artifacts/ + name: artifact-data + resources: {{ include "common.resources" . | nindent 12 }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{ if .Values.liveness.enabled }} + livenessProbe: + httpGet: + path: /api/multicloud-starlingx/v0/swagger.json + port: {{ .Values.service.internalPort }} + scheme: HTTPS + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} + successThreshold: {{ .Values.liveness.successThreshold }} + failureThreshold: {{ .Values.liveness.failureThreshold }} + {{ end }} + # side car containers + - image: {{ include "repositoryGenerator.image.logging" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: filebeat-onap + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + name: filebeat-conf + subPath: filebeat.yml + - mountPath: /var/log/onap + name: starlingx-log + - mountPath: /usr/share/filebeat/data + name: starlingx-data-filebeat + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.artifactImage }} + name: framework-artifactbroker + command: ["/opt/app/distribution/bin/artifact-dist.sh"] + args: ["/opt/app/distribution/etc/mounted/config.json"] + ports: + - containerPort: 9014 + protocol: TCP + volumeMounts: + - mountPath: /opt/app/distribution/etc/mounted/config.json + name: starlingx-logconfig + subPath: config.json + - mountPath: /data + name: artifact-data + + volumes: + - name: starlingx-log + emptyDir: {} + - name: starlingx-data-filebeat + emptyDir: {} + - name: filebeat-conf + configMap: + name: multicloud-filebeat-configmap + - name: starlingx-logconfig + configMap: + name: {{ include "common.fullname" . }}-log-configmap + - name: artifact-data + emptyDir: {} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" + restartPolicy: Always diff --git a/kubernetes/multicloud/charts/multicloud-starlingx/templates/service.yaml b/kubernetes/multicloud/components/multicloud-starlingx/templates/service.yaml index cf67f106ee..cf67f106ee 100644 --- a/kubernetes/multicloud/charts/multicloud-starlingx/templates/service.yaml +++ b/kubernetes/multicloud/components/multicloud-starlingx/templates/service.yaml diff --git a/kubernetes/multicloud/charts/multicloud-starlingx/values.yaml b/kubernetes/multicloud/components/multicloud-starlingx/values.yaml index cb065d6f20..cde6f67cc5 100644 --- a/kubernetes/multicloud/charts/multicloud-starlingx/values.yaml +++ b/kubernetes/multicloud/components/multicloud-starlingx/values.yaml @@ -17,6 +17,7 @@ ################################################################# global: nodePortPrefixExt: 304 + artifactImage: onap/multicloud/framework-artifactbroker:1.6.0 ################################################################# # Application configuration defaults. diff --git a/kubernetes/multicloud/charts/multicloud-starlingx/.helmignore b/kubernetes/multicloud/components/multicloud-vio/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/multicloud/charts/multicloud-starlingx/.helmignore +++ b/kubernetes/multicloud/components/multicloud-vio/.helmignore diff --git a/kubernetes/multicloud/charts/multicloud-vio/Chart.yaml b/kubernetes/multicloud/components/multicloud-vio/Chart.yaml index 4bb6ba05d5..4bb6ba05d5 100644 --- a/kubernetes/multicloud/charts/multicloud-vio/Chart.yaml +++ b/kubernetes/multicloud/components/multicloud-vio/Chart.yaml diff --git a/kubernetes/multicloud/components/multicloud-vio/requirements.yaml b/kubernetes/multicloud/components/multicloud-vio/requirements.yaml new file mode 100644 index 0000000000..bdc19209e7 --- /dev/null +++ b/kubernetes/multicloud/components/multicloud-vio/requirements.yaml @@ -0,0 +1,22 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/multicloud/charts/multicloud-vio/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-vio/resources/config/log/log.yml index 750b8c4140..137a6908f3 100644 --- a/kubernetes/multicloud/charts/multicloud-vio/resources/config/log/log.yml +++ b/kubernetes/multicloud/components/multicloud-vio/resources/config/log/log.yml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} version: 1 disable_existing_loggers: False diff --git a/kubernetes/multicloud/charts/multicloud-vio/templates/NOTES.txt b/kubernetes/multicloud/components/multicloud-vio/templates/NOTES.txt index befedf4578..befedf4578 100644 --- a/kubernetes/multicloud/charts/multicloud-vio/templates/NOTES.txt +++ b/kubernetes/multicloud/components/multicloud-vio/templates/NOTES.txt diff --git a/kubernetes/multicloud/charts/multicloud-vio/templates/configmap.yaml b/kubernetes/multicloud/components/multicloud-vio/templates/configmap.yaml index ed43b24c76..ed43b24c76 100644 --- a/kubernetes/multicloud/charts/multicloud-vio/templates/configmap.yaml +++ b/kubernetes/multicloud/components/multicloud-vio/templates/configmap.yaml diff --git a/kubernetes/multicloud/charts/multicloud-vio/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-vio/templates/deployment.yaml index 5cab1ad205..520f86a7d1 100644 --- a/kubernetes/multicloud/charts/multicloud-vio/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-vio/templates/deployment.yaml @@ -64,7 +64,7 @@ spec: subPath: log.yml resources: {{ include "common.resources" . | indent 12 }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -83,7 +83,7 @@ spec: failureThreshold: {{ .Values.liveness.failureThreshold }} {{ end -}} # side car containers - - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + - image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: filebeat-onap volumeMounts: diff --git a/kubernetes/multicloud/charts/multicloud-vio/templates/service.yaml b/kubernetes/multicloud/components/multicloud-vio/templates/service.yaml index 4a926df420..4a926df420 100644 --- a/kubernetes/multicloud/charts/multicloud-vio/templates/service.yaml +++ b/kubernetes/multicloud/components/multicloud-vio/templates/service.yaml diff --git a/kubernetes/multicloud/charts/multicloud-vio/values.yaml b/kubernetes/multicloud/components/multicloud-vio/values.yaml index c4618fa9c5..1a5af2ca48 100644 --- a/kubernetes/multicloud/charts/multicloud-vio/values.yaml +++ b/kubernetes/multicloud/components/multicloud-vio/values.yaml @@ -23,7 +23,6 @@ global: # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 image: onap/multicloud/vio:1.4.1 pullPolicy: Always diff --git a/kubernetes/multicloud/charts/multicloud-vio/.helmignore b/kubernetes/multicloud/components/multicloud-windriver/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/multicloud/charts/multicloud-vio/.helmignore +++ b/kubernetes/multicloud/components/multicloud-windriver/.helmignore diff --git a/kubernetes/multicloud/charts/multicloud-windriver/Chart.yaml b/kubernetes/multicloud/components/multicloud-windriver/Chart.yaml index eadb375669..eadb375669 100644 --- a/kubernetes/multicloud/charts/multicloud-windriver/Chart.yaml +++ b/kubernetes/multicloud/components/multicloud-windriver/Chart.yaml diff --git a/kubernetes/multicloud/components/multicloud-windriver/requirements.yaml b/kubernetes/multicloud/components/multicloud-windriver/requirements.yaml new file mode 100644 index 0000000000..bdc19209e7 --- /dev/null +++ b/kubernetes/multicloud/components/multicloud-windriver/requirements.yaml @@ -0,0 +1,22 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/multicloud/charts/multicloud-windriver/resources/config/log/config.json b/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/config.json index 655076a901..655076a901 100644 --- a/kubernetes/multicloud/charts/multicloud-windriver/resources/config/log/config.json +++ b/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/config.json diff --git a/kubernetes/multicloud/charts/multicloud-windriver/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml index 7e1735df08..79ff56adaa 100644 --- a/kubernetes/multicloud/charts/multicloud-windriver/resources/config/log/log.yml +++ b/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} version: 1 disable_existing_loggers: False diff --git a/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/test.txt b/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/test.txt new file mode 100644 index 0000000000..6c1e709b92 --- /dev/null +++ b/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/test.txt @@ -0,0 +1 @@ +resources: {{ include "common.resources" . | indent 12 | trim}}
\ No newline at end of file diff --git a/kubernetes/multicloud/charts/multicloud-windriver/templates/NOTES.txt b/kubernetes/multicloud/components/multicloud-windriver/templates/NOTES.txt index befedf4578..befedf4578 100644 --- a/kubernetes/multicloud/charts/multicloud-windriver/templates/NOTES.txt +++ b/kubernetes/multicloud/components/multicloud-windriver/templates/NOTES.txt diff --git a/kubernetes/multicloud/charts/multicloud-windriver/templates/configmap.yaml b/kubernetes/multicloud/components/multicloud-windriver/templates/configmap.yaml index ed43b24c76..ed43b24c76 100644 --- a/kubernetes/multicloud/charts/multicloud-windriver/templates/configmap.yaml +++ b/kubernetes/multicloud/components/multicloud-windriver/templates/configmap.yaml diff --git a/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml new file mode 100644 index 0000000000..2ed0b13249 --- /dev/null +++ b/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml @@ -0,0 +1,144 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + name: {{ include "common.name" . }} + annotations: + sidecar.istio.io/inject: "{{.Values.istioSidecar}}" + spec: + initContainers: + - command: ["sh", "-c", "chown -R 100:101 /data"] + image: {{ include "repositoryGenerator.image.busybox" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-init + volumeMounts: + - mountPath: /data + name: artifact-data + containers: + - env: + - name: MSB_PROTO + value: {{ .Values.config.msbprotocol }} + - name: MSB_ADDR + value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}" + - name: MSB_PORT + value: "{{ .Values.config.msbPort }}" + - name: AAI_ADDR + value: aai.{{ include "common.namespace" . }} + - name: AAI_PORT + value: "{{ .Values.config.aai.port }}" + - name: AAI_SCHEMA_VERSION + value: "{{ .Values.config.aai.schemaVersion }}" + - name: AAI_USERNAME + value: "{{ .Values.config.aai.username }}" + - name: AAI_PASSWORD + value: "{{ .Values.config.aai.password }}" + - name: SSL_ENABLED + value: "{{ .Values.config.ssl_enabled }}" + name: {{ include "common.name" . }} + volumeMounts: + - mountPath: /var/log/onap + name: windriver-log + - mountPath: /opt/windriver/titanium_cloud/pub/config/log.yml + name: windriver-logconfig + subPath: log.yml + - mountPath: /opt/artifacts/ + name: artifact-data + resources: {{ include "common.resources" . | nindent 12 }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{ if .Values.liveness.enabled }} + livenessProbe: + httpGet: + path: /api/multicloud-titaniumcloud/v1/swagger.json + port: {{ .Values.service.internalPort }} + scheme: HTTPS + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} + successThreshold: {{ .Values.liveness.successThreshold }} + failureThreshold: {{ .Values.liveness.failureThreshold }} + {{ end }} + # side car containers + - image: {{ include "repositoryGenerator.image.logging" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: filebeat-onap + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + name: filebeat-conf + subPath: filebeat.yml + - mountPath: /var/log/onap + name: windriver-log + - mountPath: /usr/share/filebeat/data + name: windriver-data-filebeat + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.artifactImage }} + name: framework-artifactbroker + command: ["/opt/app/distribution/bin/artifact-dist.sh"] + args: ["/opt/app/distribution/etc/mounted/config.json"] + ports: + - containerPort: 9014 + protocol: TCP + volumeMounts: + - mountPath: /opt/app/distribution/etc/mounted/config.json + name: windriver-logconfig + subPath: config.json + - mountPath: /data + name: artifact-data + + volumes: + - name: windriver-log + emptyDir: {} + - name: windriver-data-filebeat + emptyDir: {} + - name: filebeat-conf + configMap: + name: multicloud-filebeat-configmap + - name: windriver-logconfig + configMap: + name: {{ include "common.fullname" . }}-log-configmap + - name: artifact-data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }} + {{- else }} + emptyDir: {} + {{- end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" + restartPolicy: Always diff --git a/kubernetes/multicloud/charts/multicloud-windriver/templates/pv.yaml b/kubernetes/multicloud/components/multicloud-windriver/templates/pv.yaml index f798053f71..f798053f71 100644 --- a/kubernetes/multicloud/charts/multicloud-windriver/templates/pv.yaml +++ b/kubernetes/multicloud/components/multicloud-windriver/templates/pv.yaml diff --git a/kubernetes/multicloud/charts/multicloud-windriver/templates/pvc.yaml b/kubernetes/multicloud/components/multicloud-windriver/templates/pvc.yaml index 3c4d646638..3c4d646638 100644 --- a/kubernetes/multicloud/charts/multicloud-windriver/templates/pvc.yaml +++ b/kubernetes/multicloud/components/multicloud-windriver/templates/pvc.yaml diff --git a/kubernetes/multicloud/charts/multicloud-windriver/templates/service.yaml b/kubernetes/multicloud/components/multicloud-windriver/templates/service.yaml index 5a555b3222..5a555b3222 100644 --- a/kubernetes/multicloud/charts/multicloud-windriver/templates/service.yaml +++ b/kubernetes/multicloud/components/multicloud-windriver/templates/service.yaml diff --git a/kubernetes/multicloud/charts/multicloud-windriver/values.yaml b/kubernetes/multicloud/components/multicloud-windriver/values.yaml index 8ab4d56010..e25a96ba05 100644 --- a/kubernetes/multicloud/charts/multicloud-windriver/values.yaml +++ b/kubernetes/multicloud/components/multicloud-windriver/values.yaml @@ -18,14 +18,13 @@ ################################################################# global: nodePortPrefix: 302 - ubuntuInitRepository: oomk8s - ubuntuInitImage: ubuntu-init:1.0.0 + artifactImage: onap/multicloud/framework-artifactbroker:1.6.0 + persistence: {} ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 image: onap/multicloud/openstack-windriver:1.5.5 pullPolicy: Always diff --git a/kubernetes/multicloud/requirements.yaml b/kubernetes/multicloud/requirements.yaml index caff1e5dc4..a37b9f7a83 100644 --- a/kubernetes/multicloud/requirements.yaml +++ b/kubernetes/multicloud/requirements.yaml @@ -17,3 +17,38 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' + - name: multicloud-azure + version: ~6.x-0 + repository: 'file://components/multicloud-azure' + condition: multicloud-azure.enabled + - name: multicloud-fcaps + version: ~6.x-0 + repository: 'file://components/multicloud-fcaps' + condition: multicloud-fcaps.enabled + - name: multicloud-k8s + version: ~6.x-0 + repository: 'file://components/multicloud-k8s' + condition: multicloud-k8s.enabled + - name: multicloud-pike + version: ~6.x-0 + repository: 'file://components/multicloud-pike' + condition: multicloud-pike.enabled + - name: multicloud-prometheus + version: ~6.x-0 + repository: 'file://components/multicloud-prometheus' + condition: multicloud-prometheus.enabled + - name: multicloud-starlingx + version: ~6.x-0 + repository: 'file://components/multicloud-starlingx' + condition: multicloud-starlingx.enabled + - name: multicloud-vio + version: ~6.x-0 + repository: 'file://components/multicloud-vio' + condition: multicloud-vio.enabled + - name: multicloud-windriver + version: ~6.x-0 + repository: 'file://components/multicloud-windriver' + condition: multicloud-windriver.enabled diff --git a/kubernetes/multicloud/resources/config/log/filebeat/filebeat.yml b/kubernetes/multicloud/resources/config/log/filebeat/filebeat.yml index aa82aa71b9..3fa70aae56 100644 --- a/kubernetes/multicloud/resources/config/log/filebeat/filebeat.yml +++ b/kubernetes/multicloud/resources/config/log/filebeat/filebeat.yml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} filebeat.prospectors: #it is mandatory, in our case it's log - input_type: log diff --git a/kubernetes/multicloud/resources/config/log/framework/log.yml b/kubernetes/multicloud/resources/config/log/framework/log.yml index 6c89ff3272..023ff81d50 100644 --- a/kubernetes/multicloud/resources/config/log/framework/log.yml +++ b/kubernetes/multicloud/resources/config/log/framework/log.yml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} version: 1 disable_existing_loggers: False diff --git a/kubernetes/multicloud/templates/deployment.yaml b/kubernetes/multicloud/templates/deployment.yaml index 8cae0b66cd..a5b8297e2f 100644 --- a/kubernetes/multicloud/templates/deployment.yaml +++ b/kubernetes/multicloud/templates/deployment.yaml @@ -59,7 +59,7 @@ spec: value: "{{ .Values.config.ssl_enabled }}" resources: {{ include "common.resources" . | indent 12 }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }} volumeMounts: @@ -89,7 +89,7 @@ spec: {{ end -}} # side car containers - - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + - image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: filebeat-onap volumeMounts: diff --git a/kubernetes/multicloud/values.yaml b/kubernetes/multicloud/values.yaml index d075291db2..12d5d6a046 100644 --- a/kubernetes/multicloud/values.yaml +++ b/kubernetes/multicloud/values.yaml @@ -18,9 +18,7 @@ ################################################################# global: nodePortPrefix: 302 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - artifactImage: onap/multicloud/framework-artifactbroker:1.5.1 + artifactImage: onap/multicloud/framework-artifactbroker:1.6.0 prometheus: enabled: false persistence: {} @@ -29,13 +27,29 @@ global: # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/multicloud/framework:1.5.1 +image: onap/multicloud/framework:1.6.0 pullPolicy: Always #Istio sidecar injection policy istioSidecar: true +multicloud-azure: + enabled: true +multicloud-fcaps: + enabled: true +multicloud-k8s: + enabled: true +multicloud-pike: + enabled: true +multicloud-prometheus: + enabled: false +multicloud-starlingx: + enabled: true +multicloud-vio: + enabled: true +multicloud-windriver: + enabled: true + # application configuration config: ssl_enabled: true diff --git a/kubernetes/nbi/requirements.yaml b/kubernetes/nbi/requirements.yaml index 7ce343627a..f76d598417 100644 --- a/kubernetes/nbi/requirements.yaml +++ b/kubernetes/nbi/requirements.yaml @@ -34,3 +34,6 @@ dependencies: version: ~6.x-0 repository: '@local' condition: not global.mariadbGalera.localCluster + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml index 22dd4a1ded..4be444ad1b 100644 --- a/kubernetes/nbi/templates/deployment.yaml +++ b/kubernetes/nbi/templates/deployment.yaml @@ -1,5 +1,7 @@ +{{/* # Copyright © 2018 Orange # Modifications Copyright © 2018 Amdocs, Bell Canada +# Modifications Copyright © 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,8 +14,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} @@ -24,6 +27,9 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: + selector: + matchLabels: + app: {{ include "common.name" . }} replicas: {{ .Values.replicaCount }} template: metadata: @@ -37,7 +43,7 @@ spec: {{- end }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -45,7 +51,7 @@ spec: # so K8s doesn't restart unresponsive container {{- if .Values.global.aafEnabled }} command: - - bash + - sh args: - -c - | @@ -94,6 +100,10 @@ spec: value: {{ .Values.config.openStackVNFTenantId | quote }} - name: ONAP_CLOUDOWNER value: {{ .Values.config.cloudOwner }} + - name: ONAP_K8SCLOUDREGIONID + value: {{ .Values.config.k8sCloudRegionId }} + - name: ONAP_K8SCLOUDOWNER + value: {{ .Values.config.k8sCloudOwner }} - name: NBI_URL value: "https://nbi.{{ include "common.namespace" . }}:8443/nbi/api/v4" - name: SDC_HOST @@ -136,31 +146,9 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - # side car containers - # - name: filebeat-onap - # image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" - # imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - # volumeMounts: - # - mountPath: /usr/share/filebeat/filebeat.yml - # name: filebeat-conf - # subPath: filebeat.yml - # - mountPath: /home/esr/works/logs - # name: esr-server-logs - # - mountPath: /usr/share/filebeat/data - # name: esr-server-filebeat volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime - # - name: filebeat-conf - # configMap: - # name: {{ include "common.fullname" . }}-esr-filebeat - # - name: esr-server-logs - # emptyDir: {} - # - name: esr-server-filebeat - # emptyDir: {} - # - name: esrserver-log - # configMap: - # name: {{ include "common.fullname" . }}-esr-esrserver-log imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/nbi/templates/ingress.yaml b/kubernetes/nbi/templates/ingress.yaml index 0cd8cfbd36..06e66ebbf1 100644 --- a/kubernetes/nbi/templates/ingress.yaml +++ b/kubernetes/nbi/templates/ingress.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.ingress" . }} diff --git a/kubernetes/nbi/templates/secret.yaml b/kubernetes/nbi/templates/secret.yaml index bd7eb8ea40..34932b713d 100644 --- a/kubernetes/nbi/templates/secret.yaml +++ b/kubernetes/nbi/templates/secret.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/nbi/templates/service.yaml b/kubernetes/nbi/templates/service.yaml index ccc1a13e71..4d5359ce0e 100644 --- a/kubernetes/nbi/templates/service.yaml +++ b/kubernetes/nbi/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml index 3828e25190..61d7680824 100644 --- a/kubernetes/nbi/values.yaml +++ b/kubernetes/nbi/values.yaml @@ -18,10 +18,6 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 mariadbGalera: &mariadbGalera #This flag allows SO to instantiate its own mariadb-galera cluster localCluster: false @@ -29,8 +25,6 @@ global: internalPort: 3306 nameOverride: mariadb-galera aafEnabled: true - busyBoxImage: busybox:1.30 - busyBoxRepository: docker.io ################################################################# # AAF part @@ -72,7 +66,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/externalapi/nbi:7.0.0 +image: onap/externalapi/nbi:7.0.2 pullPolicy: IfNotPresent sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU= aai_authorization: Basic QUFJOkFBSQ== @@ -84,6 +78,8 @@ config: logstashServiceName: log-ls logstashPort: 5044 cloudOwner: CloudOwner + k8sCloudRegionId: k8sregionfour + k8sCloudOwner: k8scloudowner4 ecompInstanceId: OOM openStackRegion: RegionOne openStackVNFTenantId: 31047205ce114b60833b23e400d6a535 diff --git a/kubernetes/onap/requirements.yaml b/kubernetes/onap/requirements.yaml index 9385adea9a..51f1743773 100755 --- a/kubernetes/onap/requirements.yaml +++ b/kubernetes/onap/requirements.yaml @@ -1,4 +1,6 @@ # Copyright © 2019 Amdocs, Bell Canada +# Copyright (c) 2020 Nordix Foundation, Modifications +# Modifications Copyright © 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -96,10 +98,6 @@ dependencies: version: ~6.x-0 repository: '@local' condition: nbi.enabled - - name: pnda - version: ~6.x-0 - repository: '@local' - condition: pnda.enabled - name: policy version: ~6.x-0 repository: '@local' @@ -116,6 +114,9 @@ dependencies: version: ~6.x-0 repository: '@local' condition: oof.enabled + - name: repository-wrapper + version: ~6.x-0 + repository: '@local' - name: robot version: ~6.x-0 repository: '@local' @@ -152,3 +153,15 @@ dependencies: version: ~6.x-0 repository: '@local' condition: modeling.enabled + - name: platform + version: ~6.x-0 + repository: '@local' + condition: platform.enabled + - name: a1policymanagement + version: ~6.x-0 + repository: '@local' + condition: a1policymanagement.enabled + - name: cert-wrapper + version: ~6.x-0 + repository: '@local' + condition: cert-wrapper.enabled diff --git a/kubernetes/onap/resources/environments/dev.yaml b/kubernetes/onap/resources/environments/dev.yaml index fa8619ed93..dd22d8fc75 100644 --- a/kubernetes/onap/resources/environments/dev.yaml +++ b/kubernetes/onap/resources/environments/dev.yaml @@ -31,8 +31,9 @@ global: # any other repository that hosts images for ONAP components. #repository: nexus3.onap.org:10001 - # readiness check - temporary repo until images migrated to nexus3 - readinessRepository: oomk8s + # readiness check + readinessImage: onap/oom/readiness:3.0.1 + # logging agent - temporary repo until images migrated to nexus3 loggingRepository: docker.elastic.co diff --git a/kubernetes/onap/resources/environments/public-cloud.yaml b/kubernetes/onap/resources/environments/public-cloud.yaml index 3062e4e3fa..4a910987a9 100644 --- a/kubernetes/onap/resources/environments/public-cloud.yaml +++ b/kubernetes/onap/resources/environments/public-cloud.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Copyright (c) 2020 Nordix Foundation, Modifications # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -146,9 +147,6 @@ sdnc: sdnc-ansible-server: readiness: initialDelaySeconds: 120 - sdnc-portal: - readiness: - initialDelaySeconds: 120 ueb-listener: liveness: initialDelaySeconds: 60 @@ -177,3 +175,10 @@ mariadb-galera: readiness: initialDelaySeconds: 120 +a1policymanagement: + liveness: + initialDelaySeconds: 60 + periodSeconds: 10 + readiness: + initialDelaySeconds: 60 + periodSeconds: 10 diff --git a/kubernetes/onap/resources/overrides/environment.yaml b/kubernetes/onap/resources/overrides/environment.yaml index 2788e244e2..61b1838b83 100644 --- a/kubernetes/onap/resources/overrides/environment.yaml +++ b/kubernetes/onap/resources/overrides/environment.yaml @@ -92,6 +92,11 @@ clamp: initialDelaySeconds: 60 readiness: initialDelaySeconds: 60 + clamp-mariadb: + liveness: + initialDelaySeconds: 30 + readiness: + initialDelaySeconds: 30 dcaegen2: dcae-cloudify-manager: liveness: @@ -213,9 +218,6 @@ sdnc: sdnc-ansible-server: readiness: initialDelaySeconds: 120 - sdnc-portal: - readiness: - initialDelaySeconds: 120 ueb-listener: liveness: initialDelaySeconds: 60 diff --git a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml index 5b59c65db7..be052996b7 100644 --- a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml +++ b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml @@ -34,8 +34,9 @@ global: user: docker password: docker - # readiness check - temporary repo until images migrated to nexus3 - readinessRepository: oomk8s + # readiness check + readinessImage: onap/oom/readiness:3.0.1 + # logging agent - temporary repo until images migrated to nexus3 loggingRepository: docker.elastic.co @@ -95,8 +96,6 @@ contrib: enabled: false dcaegen2: enabled: false -pnda: - enabled: false dmaap: enabled: true esr: diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml index 86f898d18c..1d0663ea65 100644 --- a/kubernetes/onap/resources/overrides/onap-all.yaml +++ b/kubernetes/onap/resources/overrides/onap-all.yaml @@ -1,4 +1,6 @@ # Copyright © 2019 Amdocs, Bell Canada +# Copyright (c) 2020 Nordix Foundation, Modifications +# Modifications Copyright © 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -79,3 +81,7 @@ vnfsdk: enabled: true modeling: enabled: true +platform: + enabled: true +a1policymanagement: + enabled: true
\ No newline at end of file diff --git a/kubernetes/onap/resources/overrides/aaf-cert-service-environment.yaml b/kubernetes/onap/resources/overrides/oom-cert-service-environment.yaml index da00f61e2f..9914e1496e 100644 --- a/kubernetes/onap/resources/overrides/aaf-cert-service-environment.yaml +++ b/kubernetes/onap/resources/overrides/oom-cert-service-environment.yaml @@ -1,4 +1,5 @@ # Copyright © 2020 Nordix Foundation +# Modifications Copyright © 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -34,7 +35,7 @@ ################################################################# global: cmpv2Enabled: true - aaf: + platform: certServiceClient: envVariables: # Certificate related diff --git a/kubernetes/onap/templates/clusterrolebinding.yaml b/kubernetes/onap/templates/clusterrolebinding.yaml index 2367143b11..d8584db65a 100644 --- a/kubernetes/onap/templates/clusterrolebinding.yaml +++ b/kubernetes/onap/templates/clusterrolebinding.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,8 +12,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ include "common.namespace" . }}-binding diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index b96385cf07..3c8b1e9d90 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -1,4 +1,6 @@ # Copyright © 2019 Amdocs, Bell Canada +# Copyright (c) 2020 Nordix Foundation, Modifications +# Modifications Copyright © 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -38,35 +40,73 @@ global: addTestingComponents: &testing false # ONAP Repository - # Uncomment the following to enable the use of a single docker - # repository but ONLY if your repository mirrors all ONAP - # docker images. This includes all images from dockerhub and - # any other repository that hosts images for ONAP components. - #repository: nexus3.onap.org:10001 + # Four different repositories are used + # You can change individually these repositories to ones that will serve the + # right images. If credentials are needed for one of them, see below. + repository: nexus3.onap.org:10001 + dockerHubRepository: &dockerHubRepository docker.io + elasticRepository: &elasticRepository docker.elastic.co + googleK8sRepository: k8s.gcr.io + + + #/!\ DEPRECATED /!\ + # Legacy repositories which will be removed at the end of migration. + # Please don't use + loggingRepository: *elasticRepository + busyboxRepository: *dockerHubRepository + + # Default credentials + # they're optional. If the target repository doesn't need them, comment them repositoryCred: user: docker password: docker - dockerHubRepository: docker.io - - # readiness check - temporary repo until images migrated to nexus3 - readinessRepository: oomk8s - readinessImage: readiness-check:2.2.2 + # If you want / need authentication on the repositories, please set + # Don't set them if the target repo is the same than others + # so id you've set repository to value `my.private.repo` and same for + # dockerHubRepository, you'll have to configure only repository (exclusive) OR + # dockerHubCred. + # dockerHubCred: + # user: myuser + # password: mypassord + # elasticCred: + # user: myuser + # password: mypassord + # googleK8sCred: + # user: myuser + # password: mypassord + + + # common global images + # Busybox for simple shell manipulation + busyboxImage: busybox:1.32 # curl image curlImage: curlimages/curl:7.69.1 - # logging agent - temporary repo until images migrated to nexus3 - loggingRepository: docker.elastic.co + # env substitution image + envsubstImage: dibi/envsubst:1 + + # generate htpasswd files image + # there's only latest image for htpasswd + htpasswdImage: xmartlabs/htpasswd:latest + + # kubenretes client image + kubectlImage: bitnami/kubectl:1.19 + + # logging agent + loggingImage: beats/filebeat:5.5.0 - # dockerHub main repository - dockerHubRepository: docker.io + # mariadb client image + mariadbImage: mariadb:10.1.48 - # busybox repo and image - busyboxRepository: docker.io - busyboxImage: busybox:1.30 + # nginx server image + nginxImage: bitnami/nginx:1.18-debian-10 - # kubeclt image - kubectlImage: "bitnami/kubectl:1.15" + # postgreSQL client and server image + postgresImage: crunchydata/crunchy-postgres:centos7-10.11-4.2.1 + + # readiness check image + readinessImage: onap/oom/readiness:3.0.1 # image pull policy pullPolicy: Always @@ -90,12 +130,23 @@ global: # flag to enable debugging - application support required debugEnabled: false + # default password complexity + # available options: phrase, name, pin, basic, short, medium, long, maximum security + # More datails: https://masterpassword.app/masterpassword-algorithm.pdf + passwordStrength: long + + # configuration to set log level to all components (the one that are using + # "common.log.level" to set this) + # can be overrided per components by setting logConfiguration.logLevelOverride + # to the desired value + # logLevel: DEBUG + #Global ingress configuration ingress: enabled: false virtualhost: - enabled: true - baseurl: "simpledemo.onap.org" + enabled: true + baseurl: "simpledemo.onap.org" # Global Service Mesh configuration # POC Mode, don't use it in production @@ -111,12 +162,12 @@ global: # Enabling CMPv2 cmpv2Enabled: true - aaf: + platform: certServiceClient: - image: onap/org.onap.aaf.certservice.aaf-certservice-client:1.2.0 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0 secret: - name: aaf-cert-service-client-tls-secret - mountPath: /etc/onap/aaf/certservice/certs/ + name: oom-cert-service-client-tls-secret + mountPath: /etc/onap/oom/certservice/certs/ envVariables: # Certificate related cmpv2Organization: "Linux-Foundation" @@ -126,13 +177,19 @@ global: cmpv2Country: "US" # Client configuration related caName: "RA" - requestURL: "https://aaf-cert-service:8443/v1/certificate/" + requestURL: "https://oom-cert-service:8443/v1/certificate/" requestTimeout: "30000" - keystorePath: "/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks" + keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks" + outputType: "P12" keystorePassword: "secret" - truststorePath: "/etc/onap/aaf/certservice/certs/truststore.jks" + truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks" truststorePassword: "secret" + # Indicates offline deployment build + # Set to true if you are rendering helm charts for offline deployment + # Otherwise keep it disabled + offlineDeploymentBuild: false + # TLS # Set to false if you want to disable TLS for NodePorts. Be aware that this # will loosen your security. @@ -144,13 +201,12 @@ global: # default centralizedLoggingEnabled: ¢ralizedLogging false - -# Example of specific for the components where you want to disable TLS only for -# it: -# if set this element will force or not tls even if global.serviceMesh.tls and -# global.tlsEnabled is set otherwise. -# robot: -# tlsOverride: false + # Example of specific for the components where you want to disable TLS only for + # it: + # if set this element will force or not tls even if global.serviceMesh.tls and + # global.tlsEnabled is set otherwise. + # robot: + # tlsOverride: false # Global storage configuration # Set to "-" for default, or with the name of the storage class @@ -215,8 +271,6 @@ dcaegen2: enabled: false dcaemod: enabled: false -pnda: - enabled: false dmaap: enabled: false esr: @@ -283,6 +337,12 @@ so: openStackServiceTenantName: "service" openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e" + # in order to enable static password for so-monitoring uncomment: + # so-monitoring: + # server: + # monitoring: + # password: demo123456! + # configure embedded mariadb mariadb: config: @@ -297,3 +357,12 @@ vnfsdk: enabled: false modeling: enabled: false +platform: + enabled: false +a1policymanagement: + enabled: false + +cert-wrapper: + enabled: true +repository-wrapper: + enabled: true diff --git a/kubernetes/oof/.helmignore b/kubernetes/oof/.helmignore new file mode 100644 index 0000000000..68ffb32406 --- /dev/null +++ b/kubernetes/oof/.helmignore @@ -0,0 +1 @@ +components/ diff --git a/kubernetes/oof/Makefile b/kubernetes/oof/Makefile index e27258aafc..ad7fad7bbd 100644 --- a/kubernetes/oof/Makefile +++ b/kubernetes/oof/Makefile @@ -1,4 +1,4 @@ -# Copyright © 2017 Amdocs, AT&T, Bell Canada, VMware +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,6 +12,46 @@ # See the License for the specific language governing permissions and # limitations under the License. -make-has: - cd charts && helm dep up oof-has - cd charts && helm dep up oof-cmso +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi +else + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi +endif + + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.cred.props b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.cred.props deleted file mode 100644 index b56c500ffd..0000000000 --- a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.cred.props +++ /dev/null @@ -1,22 +0,0 @@ - # ------------------------------------------------------------------------- - # Copyright (c) 2019 AT&T Intellectual Property - # - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - # - # ------------------------------------------------------------------------- - # - -aaf_id=oof@oof.onap.org -aaf_password=demo123456! -cadi_keyfile=/share/etc/certs/org.onap.oof.keyfile -cadi_truststore=/share/etc/certs//truststoreONAPall.jks diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.jks b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.jks Binary files differdeleted file mode 100644 index f1e01085f9..0000000000 --- a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.jks +++ /dev/null diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.keyfile b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.keyfile deleted file mode 100644 index 78a6afba63..0000000000 --- a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.keyfile +++ /dev/null @@ -1,27 +0,0 @@ -dX1X5XcwStbiOmKV2k-px6nukVP3Ucg3mB6Rx3IyAyAQOZx8nU-TBK9kOV635VI5559pLF6z7jGR -BcBfEgQtiO93vGKsSfkiVjorFz5UDqqXvoW6kFz4yQHBYR8cfFIRQ4L6mitfrs6gsM0d7CBqBz29 -I5lyzeSzmaPmJDP92jw--y3cvGRYYNLGvl3U3IIeCFX9IkDY29OZazaQaihAZx2trjLZKEeuzLN1 -6JQGbKEqCCRzZ46TXnH1DKRPxxV2aNzb_3I8402XUmlGBPf0Ucyj2wlBWrSApVVaxKKIEgIjf7vs -x2fEMD-ye--2MkalDZ6Tm_x75GFKiia7Uc2fBBb4xHGZZEmKTh4php1Gu3v1bVY8hjXXVTpF-WXm -cm9T4uczm_CgnKE4PtqLnYQg87LI8ONbWIE5jkgu1D4lhWkzO8nMrQlnFT0HlB-CRGu_xRsIWvnc -bTA8K4iKJMHm7IhRfrBFNRBSq8AH_9LoUfTQ62C-Nt8g6Wu7ox6fO_dus1S9H9ndNzos31IVrn1h -5QHxuBCUORISWjGoEQSM6spz3pyvbNMgKpkkg2izwXzDwc3RbqOgiSY8WtpKXuWceU-Ltl_npFpO -O1suykGF6fnuql87ERJ7mcEiNd8L2_GuxTr-0YbbWgCK2IBDyfNc6ayTcjN0huoF72umE0ODQ0aK -0HUAWAV4W6cWXEj7iOpMx1jkDURbWEdPetlz-LZKv7aN3s65Cl4Nib7ltWrs9ilP5J-KUKTkUPpM -poBWXVZf4IjNx3H2KFzdLeGSXO3kG46tQDeeloFuY2yk1FWeyS9xLS60H2komdIW6qRVVBzeJHRN -7dYMK5AhAgOghhe5XBhH1yHVdjLJuOMXPRrXe8dTyNU6fD1rHuvGukwSLW9lXsQkJBENfsIxY-At --j6Gm54G_Dz5k7tu7ThpCREVxNoBDMOBC_RemS0P-pqHSEpxEc0OjLQbVSPBQRa3eaRiqLMz_dop -FGJt56UE73Qn0HWQw16lSdKSDtuSlByEwbQ8fRFN6e2f6DCHwW81kPpfJBcoPgO4RcoazNfbLXGI -c3q9SSpOy6r33lPT8ZigURWiNqgO2NgWswAhaN1lllbXooQxhmTnokTxi8lbQ45ZMI0n5TKFJVAB -TtEpi4VESECsda-Rlt2w-SE9QMSSxbdYcoMutupHoj2EuRcEDAW9ghLcfBqBkGapS_Vk-E7VYBqT -mCzuKx5WdvNj9RFCIHq7U6axpddRd7XGgKhQwyLo075DLlpULcXjHegh2Dv_U-CgwMc7J4NfCNYL -atLIkKAhxiaHt7nkhSVKsJK89-7_NQd-OubYnUNMREoEBJautCFfyiL5fooEb2Vdu1S-27fAYk3f -9Zv4j_lwldSGBkNZg8vKGsSLgl9acdXld_zyUI9iGe-cj5eibI7LLpaxRL9UyBJWvElyDdTQvTZL -DdpWmy3QF9GUGx0AwZixPixXdIHmmu2yOu1kFqNAjHqfVfoyNETlGrQRM5IPQ6RmBhWC3Iv5mSNA -FZ0J95bvy9_HS718wAhlEiw4B6FGnTR8KZozfOtr2ihh8QybBgvvJrs-68RIB56gWyavbn-aAnXi -zTI1YYCVzBDVv4XPzqK4itVl5gPb3KCHPUSlrVhkPLXAUix3b4-nu4pk8veAE1CYZCIy_GqPNUOT -LqLl4-WMHodF7SLNzvPSqgolCC1TjnuO1ysOHlK86W7nZPyrpnideiLbGs6G51cG0pIcDIyWNm6d -9TXQTiRx87cZxRxEEFz57ftjqy3qhg_sw2ziFWOeItEO6OaOgwfH2OtMToeBWiJepyfG1eB4n7jH -OsTQLSvCt2gHI1zXyCtYBZKeZI2dxO6cOdh5ljIuS0rABHe1BP2ZkKmJIXoEPFstJlAz4GPaghL4 -8rCndhdyoW7CayzBAAe5balYq63qjqUD_eOIp-pHcEe0Mfbmzu4CDSK8-40Qia6ApskFsRCkzu1V -Pf1fH6-3rvQZFqt6irr_7HWUFhGRcXw9kBOy8h24nTawv-L6eydW5iX0pwRMz_QfHo_Krm6O
\ No newline at end of file diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.location.props b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.location.props deleted file mode 100644 index 7e154c4665..0000000000 --- a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.location.props +++ /dev/null @@ -1,20 +0,0 @@ - # ------------------------------------------------------------------------- - # Copyright (c) 2019 AT&T Intellectual Property - # - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - # - # ------------------------------------------------------------------------- - # - -cadi_latitude=0.00 -cadi_longitude=0.00 diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.props b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.props deleted file mode 100644 index c96e7f7b04..0000000000 --- a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.props +++ /dev/null @@ -1,26 +0,0 @@ - # ------------------------------------------------------------------------- - # Copyright (c) 2019 AT&T Intellectual Property - # - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - # - # ------------------------------------------------------------------------- - # - -aaf_id=oof@oof.onap.org -aaf_locate_url=https://aaf-locate:8095 -aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1 -cadi_etc_dir=/share/etc/certs/ -cadi_latitude=0.00 -cadi_longitude=0.00 -cadi_prop_files=/share/etc/certs/org.onap.oof.location.props:/share/etc/certs/org.onap.oof.cred.props -cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1 diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/truststoreONAPall.jks b/kubernetes/oof/charts/oof-cmso/resources/certs/truststoreONAPall.jks Binary files differdeleted file mode 100644 index ff844b109d..0000000000 --- a/kubernetes/oof/charts/oof-cmso/resources/certs/truststoreONAPall.jks +++ /dev/null diff --git a/kubernetes/oof/charts/oof-cmso/values.yaml b/kubernetes/oof/charts/oof-cmso/values.yaml deleted file mode 100644 index b1c3561538..0000000000 --- a/kubernetes/oof/charts/oof-cmso/values.yaml +++ /dev/null @@ -1,92 +0,0 @@ -# Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: cmso-db-root-password - name: '{{ include "common.release" . }}-cmso-db-root-password' - type: password - password: '' - policy: generate - - uid: cmso-db-secret - name: '{{ include "common.release" . }}-cmso-db-secret' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' - login: '{{ .Values.config.db.userName }}' - password: '{{ .Values.config.db.userPassword }}' - passwordPolicy: generate - -mariadb-galera: - replicaCount: 1 - nameOverride: cmso-db - service: - type: ClusterIP - name: oof-cmso-dbhost - portName: cmso-dbhost - nfsprovisionerPrefix: cmso - sdnctlPrefix: cmso - persistence: - mountSubPath: cmso/data - enabled: true - disableNfsProvisioner: true - config: - mariadbRootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password' - userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret' - mysqlDatabase: cmso - externalConfig: | - [mysqld] - lower_case_table_names = 1 - -global: - commonConfigPrefix: "oof-cmso" - truststoreFile: "truststoreONAPall.jks" - keystoreFile: "org.onap.oof.jks" - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - keystorePassword: OA7*y0PEGTma?$be2z#0$:L] - truststorePassword: - authentication: aaf-auth - busyBoxImage: busybox:1.30 - busyBoxRepository: docker.io - -flavor: small - -config: - log: - logstashServiceName: log-ls - logstashPort: 5044 - db: - # userCredentialsExternalsecret: some secret - userName: cmso-admin - # userPassword: password - -oof-cmso-service: - config: - db: - userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret' - rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password' - host: oof-cmso-dbhost - container: cmso-db - mysqlDatabase: cmso - -oof-cmso-optimizer: - config: - db: - userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret' - rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password' - host: oof-cmso-dbhost - container: cmso-db - mysqlDatabase: optimizer diff --git a/kubernetes/oof/charts/oof-has/resources/config/AAF_RootCA.cer b/kubernetes/oof/charts/oof-has/resources/config/AAF_RootCA.cer deleted file mode 100755 index e9a50d7ea0..0000000000 --- a/kubernetes/oof/charts/oof-has/resources/config/AAF_RootCA.cer +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV -BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx -NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK -DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC -ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 -XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn -H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM -pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 -NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg -2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY -wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd -ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM -P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 -aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY -PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G -A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ -UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN -BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz -L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 -7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx -c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf -jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 -RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h -PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF -CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ -Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A -cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR -ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX -dYY= ------END CERTIFICATE----- diff --git a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.crt b/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.crt deleted file mode 100644 index 68f474b44f..0000000000 --- a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.crt +++ /dev/null @@ -1,89 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFEDCCA/igAwIBAgIILW/fiLbps5cwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE -BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp -bnRlcm1lZGlhdGVDQV85MB4XDTIwMDQwNDE4NDMxNloXDTIxMDQwNDE4NDMxNlow -XjERMA8GA1UEAwwIb29mLm9uYXAxHTAbBgNVBAsMFG9vZkBvb2Yub25hcC5vcmc6 -REVWMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv9ebvHIAgYYtJZDvxwDLR -UlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+CLYpRbLQ -IlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8MS2XrnxB -HpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCKGUfEjKb+ -LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaHKfVxm1ZH -hvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2guGQUGsib -AgMBAAGjggHnMIIB4zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB -Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze -81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ -MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUkjCndmbyBIsg2xtiFYgeONQa8Ysw -ggEtBgNVHREEggEkMIIBIIEfbWFyay5kLm1hbmFnZXJAcGVvcGxlLm9zYWFmLmNv -bYIIb29mLm9uYXCCCWNtc28tb25hcIIcY21zby5hcGkuc2ltcGxlZGVtby5vbmFw -Lm9yZ4IJY21zby5vbmFwgghvb2YtY21zb4ISb29mLWNtc28tb3B0aW1pemVyghJv -b2YtY21zby10aWNrZXRtZ3SCEW9vZi1jbXNvLXRvcG9sb2d5ggtvb2YtaGFzLWFw -aYIQb29mLWhhcy1hcGkub25hcIIIb29mLW9uYXCCCm9vZi1vcHRlbmeCD29vZi1v -cHRlbmcub25hcIIIb29mLW9zZGaCDW9vZi1vc2RmLm9uYXCCG29vZi5hcGkuc2lt -cGxlZGVtby5vbmFwLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAHoAD6tRvFPAtUfkU -FsTO2p7lftMld0CzeAWfEln9vBXwr0ZGdNTP2TWJAcenIE1cwJavyQuDc3sZ4Z20 -/pOz1/oic9gnlVFe46/KRcwVUVXBU1EJlXB2UPU/v4MNrkWUcgqzEcxfKmBWl/My -7OlQFc7zAeqZw6XtnaLzMipaXg98M7sWnfS4t116wfwmHIkP2RY7dAp1XAbzOW+X -koFvfuj6MljxEzy8oc90SxhQHWNhWH73FxW0MuP+qf6x5PRciXIq6NJOrkG91Z0L -mksGtWU58Y7uP9DzcxaOB4cv3UpK4rx//IUnAN4/aDxLq566A5qj21ftMhHlCFg5 -GsHFjQ== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB -RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN -MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG -A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL -neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d -o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3 -nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV -v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO -15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw -gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV -M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/ -BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B -AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q -ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl -u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+ -+pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/ -QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht -8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX -kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3 -aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky -uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w -tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep -BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV -BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx -NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK -DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC -ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 -XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn -H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM -pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 -NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg -2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY -wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd -ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM -P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 -aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY -PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G -A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ -UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN -BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz -L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 -7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx -c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf -jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 -RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h -PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF -CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ -Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A -cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR -ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX -dYY= ------END CERTIFICATE----- - - diff --git a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.key b/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.key deleted file mode 100644 index a83edd1f86..0000000000 --- a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCv9ebvHIAgYYtJ -ZDvxwDLRUlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+ -CLYpRbLQIlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8 -MS2XrnxBHpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCK -GUfEjKb+LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaH -KfVxm1ZHhvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2g -uGQUGsibAgMBAAECggEAZFnZWoTmjZET3sdLaJQ0ZyyKwuFnURqyO5m6YuWTaj4Q -MFLBRJplneAQmOEGcdo5PsKcHDYM5185D6foO6GEWS86Dgqqm3TjAX0kUeRZY63V -SpyBCWWsaH+vOKeL/T5UAF5PZky6kDFGlo11cwwP0ROdcuxflkck0DopoG7vMQE0 -XvOWDn9z7WLu6hph7RnweW5Wou3VG2WSlE8i7gngAExxRFs2RxUr3UHooUX0pLOY -Qk/ofsWB6AhMD02BAIgKEWZK33+uTHUchbm3zA1sAx8vXoA5G9uSh/E+YnXbt3D0 -0wrHIJy+BW3f4WfGc7tE3HpsnLsnUwBV48DvG/zAAQKBgQD4HshYjEkT4WAVnzbe -FaivRh67sFqHvkpSA4gmNdot1Q4MeZ1I5u2lKBntbxyk72m/zA/7qw2h1PT2r430 -XA2/cV+YHCiTbPqfm0Lj+w0ht+RmF3VQB1uHWjsVvybPIeuwVLZ3hgu2Tl2oDCKd -8bKLpvj4fwZRxbp3G5VjuQztiwKBgQC1jHYVaUHkekshHG0HFPBKAEU8urSeKzoD -Y7SyrDLQwx3rqhY3v0VZntjnT47JEThECunl5Aun0YJyMs12Ex0zI7ciC9WIgbHx -Qhs/46uhKPuiEHzBsET6CX7wDBJMBIN6HrNMsSdCTmWZu6LGJSlHasEXnmKsTngF -nYdBeQATMQKBgGMvOvtaqOPPli9OhApnMhVOvH5e0vGsed0rGEPeByeHIaSPAPbh -iWIaE7M8VYEBS46mLkV2bW6hyILMTry+B6jd007lArtcNxuSXzzvYKJ39k9xVS32 -ovoKcdARp5vpfWPxmTdSWGA6F2pT34qv0aXNy3zamlYZ6p4uYpuIn8hdAoGAKL5h -MeTxeMlJWyD6BwDX/IObBkoQhv7EgkY6I28p6FghuuXtHo26jqZrn13neZB3xC1+ -2K0ZQIxwbhigq8MWZoe5bdaiEYSp3q8rVmdN+VktP+3bUcyxbjv7VPwgjxbkOt/w -9WE8olDd1Gab3UQxw2ld9GMDWhAyN3BnDnaNYcECgYBFyc/maooUp2x1SEh3UisY -vkpzYvUyHGiq2/gwm1htz8HQO75RuNY/YtxN1m9jrMArPBy6OgQ/Wk3Zi6S8HqYY -ENTUUsIVr33nJT3rOWWJ2qdAmo6kAWt/J3LPNV01MWZ2cU4DcEDF1ZVkGFVgI0ZC -h+G1ZXD4PyjI6KWhRC3JuA== ------END PRIVATE KEY-----
\ No newline at end of file diff --git a/kubernetes/oof/components/Makefile b/kubernetes/oof/components/Makefile new file mode 100755 index 0000000000..d62cb0b700 --- /dev/null +++ b/kubernetes/oof/components/Makefile @@ -0,0 +1,56 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi +else + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi +endif + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/oof/components/oof-cmso/.helmignore b/kubernetes/oof/components/oof-cmso/.helmignore new file mode 100644 index 0000000000..68ffb32406 --- /dev/null +++ b/kubernetes/oof/components/oof-cmso/.helmignore @@ -0,0 +1 @@ +components/ diff --git a/kubernetes/oof/charts/oof-cmso/Chart.yaml b/kubernetes/oof/components/oof-cmso/Chart.yaml index a21ed25927..a21ed25927 100644 --- a/kubernetes/oof/charts/oof-cmso/Chart.yaml +++ b/kubernetes/oof/components/oof-cmso/Chart.yaml diff --git a/kubernetes/oof/components/oof-cmso/Makefile b/kubernetes/oof/components/oof-cmso/Makefile new file mode 100644 index 0000000000..33d61041cd --- /dev/null +++ b/kubernetes/oof/components/oof-cmso/Makefile @@ -0,0 +1,56 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi +else + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi +endif + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/oof/components/oof-cmso/components/Makefile b/kubernetes/oof/components/oof-cmso/components/Makefile new file mode 100755 index 0000000000..36ea7b6c2b --- /dev/null +++ b/kubernetes/oof/components/oof-cmso/components/Makefile @@ -0,0 +1,56 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi +else + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi +endif + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/Chart.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/Chart.yaml index 7b55f08569..7b55f08569 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/Chart.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/Chart.yaml diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/requirements.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/requirements.yaml new file mode 100644 index 0000000000..2b3543a04f --- /dev/null +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/requirements.yaml @@ -0,0 +1,24 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/cadi.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/cadi.properties index 871341d1fa..d7387dd1e1 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/cadi.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/cadi.properties @@ -1,21 +1,23 @@ +{{/* #------------------------------------------------------------------------------- # ============LICENSE_START============================================== # Copyright (c) 2019 AT&T Intellectual Property. # ======================================================================= # Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain a +# not use this file except in compliance with the License. You may obtain a # copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express -# or implied. See the License for the specific language governing +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express +# or implied. See the License for the specific language governing # permissions and limitations under the License. # ============LICENSE_END================================================= -# +# #------------------------------------------------------------------------------- +*/}} cadi_loglevel=DEBUG -cadi_prop_files=/share/etc/certs/org.onap.oof.props +cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/liquibase.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/liquibase.properties index 32d77bb663..46855120cd 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/liquibase.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/liquibase.properties @@ -1,3 +1,4 @@ +{{/* ### # Copyright (c) 2019 AT&T Intellectual Property. # Modifications Copyright (c) 2018 IBM. @@ -28,6 +29,7 @@ # See the License for the specific language governing permissions and # limitations under the License. ### +*/}} spring.datasource.jdbcUrl=jdbc:mariadb://${DB_HOST}:${DB_PORT}/${DB_SCHEMA}?createDatabaseIfNotExist=true spring.datasource.driver-class-name=org.mariadb.jdbc.Driver spring.datasource.username=${DB_USERNAME} diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/logback.xml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/logback.xml index e4386fd249..e4386fd249 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/logback.xml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/logback.xml diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/optimizer.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties index 32636f4b2e..4bf8f74666 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/optimizer.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties @@ -1,3 +1,4 @@ +{{/* #------------------------------------------------------------------------------- # ============LICENSE_START============================================== # Copyright (c) 2019 AT&T Intellectual Property. @@ -16,6 +17,7 @@ # ============LICENSE_END================================================= # #------------------------------------------------------------------------------- +*/}} spring.datasource.url=jdbc:mariadb://${DB_HOST}:${DB_PORT}/${DB_SCHEMA} spring.datasource.driver-class-name=org.mariadb.jdbc.Driver spring.datasource.username=${DB_USERNAME} @@ -59,5 +61,5 @@ aaf.enabled=true aaf.namespace=org.onap.oof cadi_loglevel=DEBUG -cadi_prop_files=/share/etc/certs/org.onap.oof.props -aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
\ No newline at end of file +cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props +aaf.user.roles=/share/etc/certs/AAFUserRoles.properties diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/NOTES.txt b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/NOTES.txt index 1103affff1..1103affff1 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/NOTES.txt +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/NOTES.txt diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/configmap.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/configmap.yaml index e4d0a5c256..69614344fc 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/configmap.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml index 67808472b6..c1d2602713 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml @@ -1,4 +1,6 @@ +{{/* # Copyright © 2018 AT&T +# Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,8 +13,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} @@ -23,6 +26,9 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: + selector: + matchLabels: + app: {{ include "common.name" . }} replicas: {{ .Values.replicaCount }} template: metadata: @@ -32,7 +38,7 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - {{ .Values.config.db.container }} @@ -42,18 +48,32 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness + - name: {{ include "common.name" . }}-db-config-readiness + command: + - /app/ready.py + args: + - -j + - "{{ include "common.release" . }}-cmso-db-config-config-job" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-chown command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"] - image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-logs mountPath: /share/logs - name: db-init - image: "{{ include "common.repository" . }}/{{ .Values.dbinit.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbinit.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: DB_HOST @@ -61,20 +81,21 @@ spec: - name: DB_PORT value: {{ .Values.config.db.port | quote}} - name: DB_USERNAME - value: {{ .Values.config.db.root }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}} - name: DB_SCHEMA value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}} terminationMessagePolicy: File volumeMounts: - name: {{ include "common.fullname" . }}-config mountPath: /share/etc/config - name: {{ include "common.fullname" . }}-logs mountPath: /share/logs +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: DB_HOST @@ -82,21 +103,26 @@ spec: - name: DB_PORT value: {{ .Values.config.db.port | quote}} - name: DB_USERNAME - value: {{ .Values.config.db.root }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}} - name: DB_SCHEMA value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}} - name: JAVA_TRUSTSTORE - value: /share/etc/certs/{{ .Values.global.truststoreFile }} + value: /share/etc/osaaf/local/{{ .Values.global.truststoreFile }} - name: SSL_KEYSTORE - value: /share/etc/certs/{{ .Values.global.keystoreFile }} + value: /share/etc/osaaf/local/{{ .Values.global.keystoreFile }} - name: JAVA_TRUSTSTORE_PASSWORD value: {{ .Values.global.truststorePassword }} - - name: SSL_KEYSTORE_PASSWORD - value: {{ .Values.global.keystorePassword }} - name: AUTHENTICATION value: {{ .Values.global.authentication }} + command: + - /bin/sh + args: + - "-c" + - | + export SSL_KEYSTORE_PASSWORD=$(cat /share/etc/osaaf/local/.pass) + ./startService.sh ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -114,6 +140,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 8 }} - name: {{ include "common.fullname" . }}-logs mountPath: /share/logs - name: {{ include "common.fullname" . }}-logs @@ -135,6 +162,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: + {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/secret.yaml index bd7eb8ea40..34932b713d 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/secret.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/service.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/service.yaml index d0b586acf7..e8db9f7b2e 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/service.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml index f3f176fded..0c7eb8d6a7 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2019 AT&T +# Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,20 +18,18 @@ ################################################################# global: # global defaults nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 + readinessImage: onap/oom/readiness:3.0.1 subChartsOnly: enabled: true # application image -repository: nexus3.onap.org:10001 -image: onap/optf-cmso-optimizer:2.2.0 +image: onap/optf-cmso-optimizer:2.3.0 pullPolicy: Always #init container image dbinit: - image: onap/optf-cmso-dbinit:2.2.0 + image: onap/optf-cmso-dbinit:2.3.0 # flag to enable debugging - application support required debugEnabled: false @@ -40,11 +39,6 @@ debugEnabled: false # Secrets metaconfig ################################################################# secrets: - - uid: cmso-db-root-password - type: password - password: '{{ .Values.config.db.rootPassword }}' - externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}' - policy: required - uid: cmso-db-user-secret type: basicAuth externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' @@ -89,11 +83,10 @@ service: config: db: port: 3306 - root: root # rootPassword: pass # rootPasswordExternalSecret: some secret -# user: cmso-admin -# password: pass + user: cmso-admin + password: pass # userCredentialsExternalSecret: some-secret # host: host # container: container diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/Chart.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/Chart.yaml index 09150985db..09150985db 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/Chart.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/Chart.yaml diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/requirements.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/requirements.yaml new file mode 100644 index 0000000000..6a956790c7 --- /dev/null +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/requirements.yaml @@ -0,0 +1,24 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/cadi.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cadi.properties index 871341d1fa..d7387dd1e1 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/cadi.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cadi.properties @@ -1,21 +1,23 @@ +{{/* #------------------------------------------------------------------------------- # ============LICENSE_START============================================== # Copyright (c) 2019 AT&T Intellectual Property. # ======================================================================= # Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain a +# not use this file except in compliance with the License. You may obtain a # copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express -# or implied. See the License for the specific language governing +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express +# or implied. See the License for the specific language governing # permissions and limitations under the License. # ============LICENSE_END================================================= -# +# #------------------------------------------------------------------------------- +*/}} cadi_loglevel=DEBUG -cadi_prop_files=/share/etc/certs/org.onap.oof.props +cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/cmso.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties index 68b36886e0..6525a4ee9c 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/cmso.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties @@ -108,5 +108,5 @@ aaf.enabled=true aaf.namespace=org.onap.oof cadi_loglevel=DEBUG -cadi_prop_files=/share/etc/certs/org.onap.oof.props +cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props aaf.user.roles=/share/etc/certs/AAFUserRoles.properties diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/liquibase.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/liquibase.properties index 66dad37bd8..fb61e08fff 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/liquibase.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/liquibase.properties @@ -1,3 +1,4 @@ +{{/* ### # Copyright  2017-2018 AT&T Intellectual Property. # Modifications Copyright  2018 IBM. @@ -28,6 +29,7 @@ # See the License for the specific language governing permissions and # limitations under the License. ### +*/}} spring.datasource.jdbcUrl=jdbc:mariadb://${DB_HOST}:${DB_PORT}/${DB_SCHEMA}?createDatabaseIfNotExist=true spring.datasource.driver-class-name=org.mariadb.jdbc.Driver spring.datasource.username=${DB_USERNAME} diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/logback.xml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/logback.xml index e4386fd249..e4386fd249 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/logback.xml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/logback.xml diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/optimizer.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/optimizer.properties index 1e4a8417c4..141b164e99 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/optimizer.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/optimizer.properties @@ -1,3 +1,4 @@ +{{/* #------------------------------------------------------------------------------- # Copyright (c) 2017-2018 AT&T Intellectual Property. # Modifications Copyright ? 2018 IBM. @@ -28,7 +29,8 @@ # See the License for the specific language governing permissions and # limitations under the License. #------------------------------------------------------------------------------- +*/}} cmso.optimizer.request.url=https://oof-cmso-optimizer:7997/optimizer/v1/optimize/schedule cmso.optimizer.status.url=https://oof-cmso-optimizer:7997/optimizer/v1/optimize/schedule -cmso.optimizer.health.url=https://oof-cmso-optimizer:7997/optimizer/v1/health?checkInterfaces=true
\ No newline at end of file +cmso.optimizer.health.url=https://oof-cmso-optimizer:7997/optimizer/v1/health?checkInterfaces=true diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/ticketmgt.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/ticketmgt.properties index bdf483d289..124df5712b 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/ticketmgt.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/ticketmgt.properties @@ -1,3 +1,4 @@ +{{/* #------------------------------------------------------------------------------- # Copyright 2017-2018 AT&T Intellectual Property. # Modifications Copyright 2018 IBM. @@ -28,6 +29,7 @@ # See the License for the specific language governing permissions and # limitations under the License. #------------------------------------------------------------------------------- +*/}} tm.vnfs.per.ticket=1 tm.getPath=http://localhost:8089/cmso/v1/tm/getChangeRecord diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/NOTES.txt b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/NOTES.txt index 1103affff1..1103affff1 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/NOTES.txt +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/NOTES.txt diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/configmap.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/configmap.yaml index e4d0a5c256..69614344fc 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/configmap.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml index ca45d7ee12..27d52a24ba 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml @@ -1,4 +1,6 @@ +{{/* # Copyright (c) 2018 AT&T +# Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,8 +13,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} @@ -23,6 +26,9 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: + selector: + matchLabels: + app: {{ include "common.name" . }} replicas: {{ .Values.replicaCount }} template: metadata: @@ -32,7 +38,7 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - {{ .Values.config.db.container }} @@ -42,18 +48,32 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness + - name: {{ include "common.name" . }}-db-config-readiness + command: + - /app/ready.py + args: + - -j + - "{{ include "common.release" . }}-cmso-db-config-config-job" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-chown command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"] - image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-logs mountPath: /share/logs - name: db-init - image: "{{ include "common.repository" . }}/{{ .Values.dbinit.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbinit.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: DB_HOST @@ -61,21 +81,22 @@ spec: - name: DB_PORT value: {{ .Values.config.db.port | quote}} - name: DB_USERNAME - value: {{ .Values.config.db.root }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}} - name: DB_SCHEMA value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}} terminationMessagePolicy: File volumeMounts: - name: {{ include "common.fullname" . }}-config mountPath: /share/etc/config - name: {{ include "common.fullname" . }}-logs mountPath: /share/logs +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: # side car containers - name: filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /usr/share/filebeat/filebeat.yml @@ -88,7 +109,7 @@ spec: resources: {{ include "common.resources" . }} - name: mso-simulator - image: "{{ include "common.repository" . }}/{{ .Values.robotimage }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.robotimage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-config @@ -98,7 +119,7 @@ spec: resources: {{ include "common.resources" . }} - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: DB_HOST @@ -112,15 +133,20 @@ spec: - name: DB_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}} - name: JAVA_TRUSTSTORE - value: /share/etc/certs/{{ .Values.global.truststoreFile }} + value: /share/etc/osaaf/local/{{ .Values.global.truststoreFile }} - name: SSL_KEYSTORE - value: /share/etc/certs/{{ .Values.global.keystoreFile }} + value: /share/etc/osaaf/local/{{ .Values.global.keystoreFile }} - name: JAVA_TRUSTSTORE_PASSWORD value: {{ .Values.global.truststorePassword }} - - name: SSL_KEYSTORE_PASSWORD - value: {{ .Values.global.keystorePassword }} - name: AUTHENTICATION value: {{ .Values.global.authentication }} + command: + - /bin/sh + args: + - "-c" + - | + export SSL_KEYSTORE_PASSWORD=$(cat /share/etc/osaaf/local/.pass) + ./startService.sh ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -138,6 +164,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 8 }} - name: {{ include "common.fullname" . }}-logs mountPath: /share/logs - name: {{ include "common.fullname" . }}-logs @@ -159,6 +186,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: + {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/secret.yaml index bd7eb8ea40..34932b713d 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/secret.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/service.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/service.yaml index d0b586acf7..e8db9f7b2e 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/service.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml index 90a74bd3ed..9973f85cff 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2018-2019 AT&T +# Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,21 +18,18 @@ ################################################################# global: # global defaults nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 subChartsOnly: enabled: true # application image -repository: nexus3.onap.org:10001 -image: onap/optf-cmso-service:2.2.0 -robotimage: onap/optf-cmso-robot:2.2.0 +image: onap/optf-cmso-service:2.3.0 +robotimage: onap/optf-cmso-robot:2.3.0 pullPolicy: Always #init container image dbinit: - image: onap/optf-cmso-dbinit:2.2.0 + image: onap/optf-cmso-dbinit:2.3.0 # flag to enable debugging - application support required debugEnabled: false @@ -40,11 +38,6 @@ debugEnabled: false # Secrets metaconfig ################################################################# secrets: - - uid: cmso-db-root-password - type: password - password: '{{ .Values.config.db.rootPassword }}' - externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}' - policy: required - uid: cmso-db-user-secret type: basicAuth externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' @@ -89,11 +82,10 @@ service: config: db: port: 3306 - root: root # rootPassword: pass # rootPasswordExternalSecret: some secret -# user: cmso-admin -# password: pass + user: cmso-admin + password: pass # userCredentialsExternalSecret: some-secret # host: host # container: container diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/Chart.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/Chart.yaml index 030b3f63d0..030b3f63d0 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/Chart.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/Chart.yaml diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/requirements.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/requirements.yaml new file mode 100644 index 0000000000..6a956790c7 --- /dev/null +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/requirements.yaml @@ -0,0 +1,24 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/cadi.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/resources/config/cadi.properties index 871341d1fa..d7387dd1e1 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/cadi.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/resources/config/cadi.properties @@ -1,21 +1,23 @@ +{{/* #------------------------------------------------------------------------------- # ============LICENSE_START============================================== # Copyright (c) 2019 AT&T Intellectual Property. # ======================================================================= # Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain a +# not use this file except in compliance with the License. You may obtain a # copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express -# or implied. See the License for the specific language governing +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express +# or implied. See the License for the specific language governing # permissions and limitations under the License. # ============LICENSE_END================================================= -# +# #------------------------------------------------------------------------------- +*/}} cadi_loglevel=DEBUG -cadi_prop_files=/share/etc/certs/org.onap.oof.props +cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/logback.xml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/resources/config/logback.xml index e4386fd249..e4386fd249 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/logback.xml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/resources/config/logback.xml diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/ticketmgt.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/resources/config/ticketmgt.properties index e8fb5b6b4f..6480537988 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/ticketmgt.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/resources/config/ticketmgt.properties @@ -1,38 +1,40 @@ +{{/* #------------------------------------------------------------------------------- # Copyright 2017-2019 AT&T Intellectual Property. # Modifications Copyright 2018 IBM. -# +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -# -# +# +# # Unless otherwise specified, all documentation contained herein is licensed # under the Creative Commons License, Attribution 4.0 Intl. (the ??License?); # you may not use this documentation except in compliance with the License. # You may obtain a copy of the License at -# +# # https://creativecommons.org/licenses/by/4.0/ -# +# # Unless required by applicable law or agreed to in writing, documentation # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. #------------------------------------------------------------------------------- +*/}} cadi_loglevel=DEBUG -cadi_prop_files=/share/etc/certs/org.onap.oof.props +cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props aaf.user.roles=/share/etc/certs/AAFUserRoles.properties aaf.urls=https://aaf-locate:8095 aaf.user.role.properties=/share/etc/certs/AAFUserRoles.properties aaf.enabled=true -aaf.namespace=org.onap.oof
\ No newline at end of file +aaf.namespace=org.onap.oof diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/NOTES.txt b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/templates/NOTES.txt index 1103affff1..1103affff1 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/NOTES.txt +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/templates/NOTES.txt diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/configmap.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/templates/configmap.yaml index e4d0a5c256..69614344fc 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/configmap.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/deployment.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/templates/deployment.yaml index 0b0b7e0890..9f9484ff94 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,8 +12,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} @@ -23,6 +25,9 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: + selector: + matchLabels: + app: {{ include "common.name" . }} replicas: {{ .Values.replicaCount }} template: metadata: @@ -33,26 +38,32 @@ spec: initContainers: - name: {{ include "common.name" . }}-chown command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"] - image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-logs mountPath: /share/logs +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: JAVA_TRUSTSTORE - value: /share/etc/certs/{{ .Values.global.truststoreFile }} + value: /share/etc/osaaf/local/{{ .Values.global.truststoreFile }} - name: SSL_KEYSTORE - value: /share/etc/certs/{{ .Values.global.keystoreFile }} + value: /share/etc/osaaf/local/{{ .Values.global.keystoreFile }} - name: JAVA_TRUSTSTORE_PASSWORD value: {{ .Values.global.truststorePassword }} - - name: SSL_KEYSTORE_PASSWORD - value: {{ .Values.global.keystorePassword }} - name: AUTHENTICATION value: proprietary-auth + command: + - /bin/sh + args: + - "-c" + - | + export SSL_KEYSTORE_PASSWORD=$(cat /share/etc/osaaf/local/.pass) + ./startService.sh ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -70,6 +81,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 8 }} - name: {{ include "common.fullname" . }}-logs mountPath: /share/logs - name: {{ include "common.fullname" . }}-logs @@ -91,6 +103,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: + {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/service.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/templates/service.yaml index d0b586acf7..e8db9f7b2e 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/service.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml index 846245a42c..3720c7d44b 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml @@ -17,15 +17,13 @@ ################################################################# global: # global defaults nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 + readinessImage: onap/oom/readiness:3.0.1 authentication: proprietary-auth subChartsOnly: enabled: true # application image -repository: nexus3.onap.org:10001 -image: onap/optf-cmso-ticketmgt:2.2.0 +image: onap/optf-cmso-ticketmgt:2.3.0 pullPolicy: Always diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/Chart.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/Chart.yaml index 006d6c5a2c..006d6c5a2c 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/Chart.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/Chart.yaml diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/requirements.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/requirements.yaml new file mode 100644 index 0000000000..6a956790c7 --- /dev/null +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/requirements.yaml @@ -0,0 +1,24 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/cadi.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/resources/config/cadi.properties index 871341d1fa..d7387dd1e1 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/cadi.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/resources/config/cadi.properties @@ -1,21 +1,23 @@ +{{/* #------------------------------------------------------------------------------- # ============LICENSE_START============================================== # Copyright (c) 2019 AT&T Intellectual Property. # ======================================================================= # Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain a +# not use this file except in compliance with the License. You may obtain a # copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express -# or implied. See the License for the specific language governing +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express +# or implied. See the License for the specific language governing # permissions and limitations under the License. # ============LICENSE_END================================================= -# +# #------------------------------------------------------------------------------- +*/}} cadi_loglevel=DEBUG -cadi_prop_files=/share/etc/certs/org.onap.oof.props +cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/logback.xml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/resources/config/logback.xml index e4386fd249..e4386fd249 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/logback.xml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/resources/config/logback.xml diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/topology.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/resources/config/topology.properties index e8fb5b6b4f..6480537988 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/topology.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/resources/config/topology.properties @@ -1,38 +1,40 @@ +{{/* #------------------------------------------------------------------------------- # Copyright 2017-2019 AT&T Intellectual Property. # Modifications Copyright 2018 IBM. -# +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -# -# +# +# # Unless otherwise specified, all documentation contained herein is licensed # under the Creative Commons License, Attribution 4.0 Intl. (the ??License?); # you may not use this documentation except in compliance with the License. # You may obtain a copy of the License at -# +# # https://creativecommons.org/licenses/by/4.0/ -# +# # Unless required by applicable law or agreed to in writing, documentation # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. #------------------------------------------------------------------------------- +*/}} cadi_loglevel=DEBUG -cadi_prop_files=/share/etc/certs/org.onap.oof.props +cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props aaf.user.roles=/share/etc/certs/AAFUserRoles.properties aaf.urls=https://aaf-locate:8095 aaf.user.role.properties=/share/etc/certs/AAFUserRoles.properties aaf.enabled=true -aaf.namespace=org.onap.oof
\ No newline at end of file +aaf.namespace=org.onap.oof diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/NOTES.txt b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/templates/NOTES.txt index 1103affff1..1103affff1 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/NOTES.txt +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/templates/NOTES.txt diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/configmap.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/templates/configmap.yaml index e4d0a5c256..69614344fc 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/configmap.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/deployment.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/templates/deployment.yaml index a23ac430c9..c08d9a3451 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,8 +12,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} @@ -23,6 +25,9 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: + selector: + matchLabels: + app: {{ include "common.name" . }} replicas: {{ .Values.replicaCount }} template: metadata: @@ -33,26 +38,32 @@ spec: initContainers: - name: {{ include "common.name" . }}-chown command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"] - image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-logs mountPath: /share/logs +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: JAVA_TRUSTSTORE - value: /share/etc/certs/{{ .Values.global.truststoreFile }} + value: /share/etc/osaaf/local/{{ .Values.global.truststoreFile }} - name: SSL_KEYSTORE - value: /share/etc/certs/{{ .Values.global.keystoreFile }} + value: /share/etc/osaaf/local/{{ .Values.global.keystoreFile }} - name: JAVA_TRUSTSTORE_PASSWORD value: {{ .Values.global.truststorePassword }} - - name: SSL_KEYSTORE_PASSWORD - value: {{ .Values.global.keystorePassword }} - name: AUTHENTICATION value: {{ .Values.global.authentication }} + command: + - /bin/sh + args: + - "-c" + - | + export SSL_KEYSTORE_PASSWORD=$(cat /share/etc/osaaf/local/.pass) + ./startService.sh ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -70,6 +81,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 8 }} - name: {{ include "common.fullname" . }}-logs mountPath: /share/logs - name: {{ include "common.fullname" . }}-logs @@ -91,6 +103,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: + {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/service.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/templates/service.yaml index d0b586acf7..e8db9f7b2e 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/service.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml index 775da43928..bdf1606dd4 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml @@ -17,15 +17,12 @@ ################################################################# global: # global defaults nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 subChartsOnly: enabled: true # application image -repository: nexus3.onap.org:10001 -image: onap/optf-cmso-topology:2.2.0 +image: onap/optf-cmso-topology:2.3.0 pullPolicy: Always diff --git a/kubernetes/oof/components/oof-cmso/requirements.yaml b/kubernetes/oof/components/oof-cmso/requirements.yaml new file mode 100644 index 0000000000..0e79ed0250 --- /dev/null +++ b/kubernetes/oof/components/oof-cmso/requirements.yaml @@ -0,0 +1,47 @@ +# Copyright © 2018 AT&T +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: mariadb-galera + version: ~6.x-0 + repository: '@local' + - name: mariadb-init + version: ~6.x-0 + repository: '@local' + - name: oof-cmso-optimizer + version: ~6.x-0 + repository: 'file://components/oof-cmso-optimizer' + condition: oof-cmso-optimizer.enabled + - name: oof-cmso-service + version: ~6.x-0 + repository: 'file://components/oof-cmso-service' + condition: oof-cmso-service.enabled + - name: oof-cmso-ticketmgt + version: ~6.x-0 + repository: 'file://components/oof-cmso-ticketmgt' + condition: oof-cmso-ticketmgt.enabled + - name: oof-cmso-topology + version: ~6.x-0 + repository: 'file://components/oof-cmso-topology' + condition: oof-cmso-topology.enabled + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/AAFUserRoles.properties b/kubernetes/oof/components/oof-cmso/resources/certs/AAFUserRoles.properties index e7fc221a20..e7fc221a20 100644 --- a/kubernetes/oof/charts/oof-cmso/resources/certs/AAFUserRoles.properties +++ b/kubernetes/oof/components/oof-cmso/resources/certs/AAFUserRoles.properties diff --git a/kubernetes/oof/charts/oof-cmso/resources/log/filebeat/filebeat.yml b/kubernetes/oof/components/oof-cmso/resources/log/filebeat/filebeat.yml index 50586783e9..450b6f427e 100644 --- a/kubernetes/oof/charts/oof-cmso/resources/log/filebeat/filebeat.yml +++ b/kubernetes/oof/components/oof-cmso/resources/log/filebeat/filebeat.yml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} filebeat.prospectors: #it is mandatory, in our case it's log diff --git a/kubernetes/oof/charts/oof-cmso/templates/configmap.yaml b/kubernetes/oof/components/oof-cmso/templates/configmap.yaml index f4a79627f6..03e006e6dc 100644 --- a/kubernetes/oof/charts/oof-cmso/templates/configmap.yaml +++ b/kubernetes/oof/components/oof-cmso/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/oof/charts/oof-cmso/templates/secret.yaml b/kubernetes/oof/components/oof-cmso/templates/secret.yaml index 3dbdd31b1f..992a471e08 100644 --- a/kubernetes/oof/charts/oof-cmso/templates/secret.yaml +++ b/kubernetes/oof/components/oof-cmso/templates/secret.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # Copyright © 2020 Samsung Electronics # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} --- diff --git a/kubernetes/oof/components/oof-cmso/values.yaml b/kubernetes/oof/components/oof-cmso/values.yaml new file mode 100644 index 0000000000..7405c487c4 --- /dev/null +++ b/kubernetes/oof/components/oof-cmso/values.yaml @@ -0,0 +1,149 @@ +# Copyright © 2018 AT&T +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: cmso-db-root-password + name: &rootPassword '{{ include "common.release" . }}-cmso-db-root-password' + type: password + password: '' + policy: generate + - uid: cmso-service-db-secret + name: &serviceDbCreds '{{ include "common.release" . }}-cmso-service-db-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.service.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.service.userName }}' + password: '{{ .Values.config.db.service.userPassword }}' + passwordPolicy: generate + - uid: cmso-db-secret + name: &optimizerDbCreds '{{ include "common.release" . }}-cmso-optimizer-db-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.optimizer.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.optimizer.userName }}' + password: '{{ .Values.config.db.optimizer.userPassword }}' + passwordPolicy: generate + +mariadb-galera: + replicaCount: 1 + nameOverride: &containerName cmso-db + service: + type: ClusterIP + name: &serviceName oof-cmso-dbhost + portName: cmso-dbhost + nfsprovisionerPrefix: cmso + sdnctlPrefix: cmso + persistence: + mountSubPath: cmso/data + enabled: true + disableNfsProvisioner: true + config: + mariadbRootPasswordExternalSecret: *rootPassword + # userCredentialsExternalSecret: *dbCreds + # mysqlDatabase: cmso + externalConfig: | + [mysqld] + lower_case_table_names = 1 + +global: + commonConfigPrefix: "oof-cmso" + truststoreFile: "truststoreONAPall.jks" + keystoreFile: "org.onap.oof.jks" + truststorePassword: + authentication: aaf-auth + +mariadb-init: + mariadbGalera: + containerName: *containerName + serviceName: *serviceName + servicePort: 3306 + userRootSecret: *rootPassword + config: + userCredentialsExternalSecret: *serviceDbCreds + mysqlDatabase: cmso + mysqlAdditionalDatabases: + optimizer: + externalSecret: *optimizerDbCreds + nameOverride: cmso-db-config + +flavor: small + +config: + log: + logstashServiceName: log-ls + logstashPort: 5044 + db: + service: + # userCredentialsExternalsecret: some secret + userName: cmso-admin + # userPassword: password + optimizer: + userName: cmso-optimizer + +#sub-charts configuration +certInitializer: &certInitConfig + fqdn: "oof.onap" + app_ns: "org.osaaf.aaf" + fqi: "oof@oof.onap.org" + fqi_namespace: org.onap.oof + public_fqdn: "oof.onap.org" + aafDeployFqi: "deployer@people.osaaf.org" + aafDeployPass: demo123456! + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + appMountPath: /share/etc/osaaf + aaf_add_config: > + cd {{ .Values.credsPath }}; + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password_jks= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1; + find ./ -type f -exec sed -i -e 's/\/opt\/app\/osaaf\/local/\/share\/etc\/osaaf\/local/g' {} \; + +oof-cmso-service: + enabled: true + certInitializer: + << : *certInitConfig + nameOverride: oof-cmso-service-cert-initializer + config: + db: + userCredentialsExternalSecret: *serviceDbCreds + host: oof-cmso-dbhost + container: cmso-db + mysqlDatabase: cmso + +oof-cmso-optimizer: + enabled: true + certInitializer: + << : *certInitConfig + nameOverride: oof-cmso-optimizer-cert-initializer + config: + enabled: true + db: + userCredentialsExternalSecret: *optimizerDbCreds + host: oof-cmso-dbhost + container: cmso-db + mysqlDatabase: optimizer + +oof-cmso-topology: + enabled: true + certInitializer: + << : *certInitConfig + nameOverride: oof-cmso-topology-cert-initializer + +oof-cmso-ticketmgt: + enabled: true + certInitializer: + << : *certInitConfig + nameOverride: oof-cmso-ticketmgt-cert-initializer diff --git a/kubernetes/oof/components/oof-has/.helmignore b/kubernetes/oof/components/oof-has/.helmignore new file mode 100644 index 0000000000..68ffb32406 --- /dev/null +++ b/kubernetes/oof/components/oof-has/.helmignore @@ -0,0 +1 @@ +components/ diff --git a/kubernetes/oof/charts/oof-has/Chart.yaml b/kubernetes/oof/components/oof-has/Chart.yaml index 3d507e913d..3d507e913d 100755 --- a/kubernetes/oof/charts/oof-has/Chart.yaml +++ b/kubernetes/oof/components/oof-has/Chart.yaml diff --git a/kubernetes/oof/components/oof-has/Makefile b/kubernetes/oof/components/oof-has/Makefile new file mode 100644 index 0000000000..33d61041cd --- /dev/null +++ b/kubernetes/oof/components/oof-has/Makefile @@ -0,0 +1,56 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi +else + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi +endif + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/oof/components/oof-has/components/Makefile b/kubernetes/oof/components/oof-has/components/Makefile new file mode 100755 index 0000000000..36ea7b6c2b --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/Makefile @@ -0,0 +1,56 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi +else + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi +endif + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/Chart.yaml index 231021ddcd..231021ddcd 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-api/Chart.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/Chart.yaml diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml new file mode 100644 index 0000000000..f9673d5b32 --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml @@ -0,0 +1,27 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' + - name: oof-templates + version: ~6.x-0 + repository: 'file://../../../oof-templates' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/NOTES.txt b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/NOTES.txt index 1ec56d38b3..1ec56d38b3 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/NOTES.txt +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/NOTES.txt diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml index 7e0a88f94d..491250c72a 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Copyright (C) 2020 Wipro Limited. # Modifications Copyright © 2018 AT&T,VMware @@ -13,8 +14,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} @@ -25,6 +27,9 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: + selector: + matchLabels: + app: {{ include "common.name" . }} replicas: {{ .Values.replicaCount }} template: metadata: @@ -35,7 +40,7 @@ spec: initContainers: - name: {{ include "common.name" . }}-readiness command: - - /root/ready.py + - /app/ready.py args: - --container-name - oof-has-controller @@ -47,12 +52,12 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-onboard-readiness command: - - /root/job_complete.py + - /app/ready.py args: - -j - "{{ include "common.release" . }}-oof-has-onboard" @@ -62,7 +67,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-has-sms-readiness @@ -81,15 +86,16 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.global.curlImage }}" + image: {{ include "repositoryGenerator.image.curl" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/bin/bash","-c"] - args: ["/usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port={{ .Values.uwsgi.internalPort }} --die-on-term --exit-on-reload --logto /var/log/conductor/conductor-uwsgi.log --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --logfile-chown --logfile-chmod 664 --protocol=uwsgi --socket 0.0.0.0:{{ .Values.uwsgi.internalPort }}"] + args: ["/usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port={{ .Values.uwsgi.internalPort }} --die-on-term --exit-on-reload --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --protocol=uwsgi --socket 0.0.0.0:{{ .Values.uwsgi.internalPort }}"] ports: - containerPort: {{ .Values.uwsgi.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -118,13 +124,21 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: log.conf - mountPath: /usr/local/bin/AAF_RootCA.cer - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: AAF_RootCA.cer + name: {{ include "common.fullname" . }}-onap-certs + subPath: aaf_root_ca.cer resources: {{ include "common.resources" . | indent 12 }} - name: {{ include "common.name" . }}-nginx - image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.nginx.image }}" + image: {{ include "repositoryGenerator.image.nginx" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + args: + - "-c" + - | + grep -v '^$' /opt/bitnami/nginx/ssl/local/org.onap.oof.crt > /tmp/oof.crt + cat /tmp/oof.crt /tmp/intermediate_root_ca.pem /tmp/AAF_RootCA.cer >> /opt/bitnami/nginx/org.onap.oof.crt + /opt/bitnami/scripts/nginx/entrypoint.sh /opt/bitnami/scripts/nginx/run.sh ports: - containerPort: {{ .Values.service.internalPort }} {{- if .Values.liveness.enabled }} @@ -140,18 +154,19 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/bitnami/nginx/conf/nginx.conf name: {{ .Values.global.commonConfigPrefix }}-config subPath: nginx.conf - - mountPath: /opt/bitnami/nginx/ssl/org.onap.oof.crt - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: org.onap.oof.crt - - mountPath: /opt/bitnami/nginx/ssl/org.onap.oof.key - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: org.onap.oof.key + - mountPath: /tmp/AAF_RootCA.cer + name: {{ include "common.fullname" . }}-onap-certs + subPath: aaf_root_ca.cer + - mountPath: /tmp/intermediate_root_ca.pem + name: {{ include "common.fullname" . }}-onap-certs + subPath: intermediate_root_ca.pem resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -163,6 +178,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: + {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime @@ -176,11 +192,6 @@ spec: path: conductor.conf - key: log.conf path: log.conf - - key: AAF_RootCA.cer - path: AAF_RootCA.cer - - key: org.onap.oof.key - path: org.onap.oof.key - - key: org.onap.oof.crt - path: org.onap.oof.crt +{{ include "oof.certificate.volume" . | indent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/ingress.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml index 0cd8cfbd36..2afc5dad2a 100644 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/ingress.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml @@ -1,4 +1,4 @@ -# Copyright © 2020 Samsung, Orange +{{/*# Copyright © 2020 Samsung, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,5 +11,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.ingress" . }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/secret.yaml new file mode 100644 index 0000000000..c5fe2be5da --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/service.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml index 1e6486a96d..751545ebef 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/service.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T,VMware # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml index b9efec0b45..46d7172b84 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-api/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml @@ -15,6 +15,17 @@ global: # global defaults nodePortPrefix: 302 + image: + optf_has: onap/optf-has:2.1.2 + +################################################################# +# secrets metaconfig +################################################################# +secrets: + - uid: oof-onap-certs + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' service: type: NodePort @@ -24,9 +35,6 @@ service: nodePort: 75 portName: oof-has-api -#sidecar container image -nginx: - image: bitnami/nginx:1.18-debian-10 #backend container info uwsgi: internalPort: 8080 @@ -65,6 +73,23 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 +#sub-charts configuration +certInitializer: + nameOverride: oof-has-cert-initializer + fqdn: "oof.onap" + app_ns: "org.osaaf.aaf" + fqi: "oof@oof.onap.org" + fqi_namespace: org.onap.oof + public_fqdn: "oof.onap.org" + aafDeployFqi: "deployer@people.osaaf.org" + aafDeployPass: demo123456! + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + appMountPath: /opt/bitnami/nginx/ssl + aaf_add_config: > + chmod 444 {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key; + ingress: enabled: false diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/Chart.yaml index 91310cb879..91310cb879 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/Chart.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/Chart.yaml diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml new file mode 100644 index 0000000000..8fde52a4c6 --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml @@ -0,0 +1,24 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: oof-templates + version: ~6.x-0 + repository: 'file://../../../oof-templates' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml index 73c8e81cdb..8e0ff1aeb5 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T,VMware # @@ -12,8 +13,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} @@ -24,6 +26,9 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: + selector: + matchLabels: + app: {{ include "common.name" . }} replicas: {{ .Values.replicaCount }} template: metadata: @@ -34,7 +39,7 @@ spec: initContainers: - name: {{ include "common.name" . }}-readiness command: - - /root/ready.py + - /app/ready.py args: - --container-name - music-springboot @@ -46,12 +51,12 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-onboard-readiness command: - - /root/job_complete.py + - /app/ready.py args: - -j - "{{ include "common.release" . }}-oof-has-onboard" @@ -61,7 +66,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-cont-sms-readiness @@ -80,11 +85,11 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.global.curlImage }}" + image: {{ include "repositoryGenerator.image.curl" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - python @@ -124,8 +129,8 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: healthy.sh - mountPath: /usr/local/bin/AAF_RootCA.cer - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: AAF_RootCA.cer + name: {{ include "common.fullname" . }}-onap-certs + subPath: aaf_root_ca.cer resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -150,7 +155,6 @@ spec: path: log.conf - key: healthy.sh path: healthy.sh - - key: AAF_RootCA.cer - path: AAF_RootCA.cer +{{ include "oof.certificate.volume" . | indent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/secret.yaml new file mode 100644 index 0000000000..c5fe2be5da --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml index 0090742852..99dd66cf0f 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml @@ -12,6 +12,19 @@ # See the License for the specific language governing permissions and # limitations under the License. +global: + image: + optf_has: onap/optf-has:2.1.2 + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: oof-onap-certs + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + ingress: enabled: false replicaCount: 1 diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-data/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/Chart.yaml index 23cc3ca73c..23cc3ca73c 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-data/Chart.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/Chart.yaml diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml new file mode 100644 index 0000000000..8fde52a4c6 --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml @@ -0,0 +1,24 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: oof-templates + version: ~6.x-0 + repository: 'file://../../../oof-templates' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml index 054d181c96..f4ccd57773 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T,VMware # @@ -12,8 +13,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} @@ -24,6 +26,9 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: + selector: + matchLabels: + app: {{ include "common.name" . }} replicas: {{ .Values.replicaCount }} template: metadata: @@ -34,7 +39,7 @@ spec: initContainers: - name: {{ include "common.name" . }}-readiness command: - - /root/ready.py + - /app/ready.py args: - --container-name - music-springboot @@ -44,12 +49,12 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-onboard-readiness command: - - /root/job_complete.py + - /app/ready.py args: - -j - "{{ include "common.release" . }}-oof-has-onboard" @@ -59,12 +64,12 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-health-readiness command: - - /root/job_complete.py + - /app/ready.py args: - -j - "{{ include "common.release" . }}-oof-has-healthcheck" @@ -74,7 +79,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-data-sms-readiness @@ -93,12 +98,12 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.global.curlImage }}" + image: {{ include "repositoryGenerator.image.curl" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - python @@ -144,8 +149,8 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: aai_key.key - mountPath: /usr/local/bin/AAF_RootCA.cer - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: AAF_RootCA.cer + name: {{ include "common.fullname" . }}-onap-certs + subPath: aaf_root_ca.cer resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -174,7 +179,6 @@ spec: path: aai_cert.cer - key: aai_key.key path: aai_key.key - - key: AAF_RootCA.cer - path: AAF_RootCA.cer +{{ include "oof.certificate.volume" . | indent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/secret.yaml new file mode 100644 index 0000000000..c5fe2be5da --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml index 0090742852..e7a63c5679 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml @@ -12,6 +12,19 @@ # See the License for the specific language governing permissions and # limitations under the License. +global: + image: + optf_has: onap/optf-has:2.1.2 + +################################################################# +# secrets metaconfig +################################################################# +secrets: + - uid: oof-onap-certs + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + ingress: enabled: false replicaCount: 1 diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/Chart.yaml index bc6db44850..bc6db44850 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/Chart.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/Chart.yaml diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml new file mode 100644 index 0000000000..8fde52a4c6 --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml @@ -0,0 +1,24 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: oof-templates + version: ~6.x-0 + repository: 'file://../../../oof-templates' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml index 335ac4c5a7..4d04b6fe76 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T,VMware # @@ -12,8 +13,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} @@ -24,6 +26,9 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: + selector: + matchLabels: + app: {{ include "common.name" . }} replicas: {{ .Values.replicaCount }} template: metadata: @@ -34,7 +39,7 @@ spec: initContainers: - name: {{ include "common.name" . }}-readiness command: - - /root/ready.py + - /app/ready.py args: - --container-name - music-springboot @@ -44,12 +49,12 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-onboard-readiness command: - - /root/job_complete.py + - /app/ready.py args: - -j - "{{ include "common.release" . }}-oof-has-onboard" @@ -59,12 +64,12 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-health-readiness command: - - /root/job_complete.py + - /app/ready.py args: - -j - "{{ include "common.release" . }}-oof-has-healthcheck" @@ -74,7 +79,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-resrv-sms-readiness @@ -93,12 +98,12 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.global.curlImage }}" + image: {{ include "repositoryGenerator.image.curl" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - python @@ -138,8 +143,8 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: healthy.sh - mountPath: /usr/local/bin/AAF_RootCA.cer - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: AAF_RootCA.cer + name: {{ include "common.fullname" . }}-onap-certs + subPath: aaf_root_ca.cer resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -164,8 +169,6 @@ spec: path: log.conf - key: healthy.sh path: healthy.sh - - key: AAF_RootCA.cer - path: AAF_RootCA.cer - +{{ include "oof.certificate.volume" . | indent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/secret.yaml new file mode 100644 index 0000000000..c5fe2be5da --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml index 0090742852..e7a63c5679 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml @@ -12,6 +12,19 @@ # See the License for the specific language governing permissions and # limitations under the License. +global: + image: + optf_has: onap/optf-has:2.1.2 + +################################################################# +# secrets metaconfig +################################################################# +secrets: + - uid: oof-onap-certs + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + ingress: enabled: false replicaCount: 1 diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/Chart.yaml index 8cedfd5b01..8cedfd5b01 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/Chart.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/Chart.yaml diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml new file mode 100644 index 0000000000..8fde52a4c6 --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml @@ -0,0 +1,24 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: oof-templates + version: ~6.x-0 + repository: 'file://../../../oof-templates' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml index 4c2a345054..6079dcfd6e 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T,VMware # @@ -12,8 +13,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} @@ -24,6 +26,9 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: + selector: + matchLabels: + app: {{ include "common.name" . }} replicas: {{ .Values.replicaCount }} template: metadata: @@ -34,7 +39,7 @@ spec: initContainers: - name: {{ include "common.name" . }}-readiness command: - - /root/ready.py + - /app/ready.py args: - --container-name - music-springboot @@ -44,12 +49,12 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-onboard-readiness command: - - /root/job_complete.py + - /app/ready.py args: - -j - "{{ include "common.release" . }}-oof-has-onboard" @@ -59,12 +64,12 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-health-readiness command: - - /root/job_complete.py + - /app/ready.py args: - -j - "{{ include "common.release" . }}-oof-has-healthcheck" @@ -74,7 +79,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-solvr-sms-readiness @@ -93,12 +98,12 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.global.curlImage }}" + image: {{ include "repositoryGenerator.image.curl" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - python @@ -138,8 +143,8 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: healthy.sh - mountPath: /usr/local/bin/AAF_RootCA.cer - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: AAF_RootCA.cer + name: {{ include "common.fullname" . }}-onap-certs + subPath: aaf_root_ca.cer resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -164,7 +169,6 @@ spec: path: log.conf - key: healthy.sh path: healthy.sh - - key: AAF_RootCA.cer - path: AAF_RootCA.cer +{{ include "oof.certificate.volume" . | indent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/secret.yaml new file mode 100644 index 0000000000..c5fe2be5da --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-data/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml index 0090742852..e7a63c5679 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-data/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml @@ -12,6 +12,19 @@ # See the License for the specific language governing permissions and # limitations under the License. +global: + image: + optf_has: onap/optf-has:2.1.2 + +################################################################# +# secrets metaconfig +################################################################# +secrets: + - uid: oof-onap-certs + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + ingress: enabled: false replicaCount: 1 diff --git a/kubernetes/oof/components/oof-has/requirements.yaml b/kubernetes/oof/components/oof-has/requirements.yaml new file mode 100755 index 0000000000..d21a124449 --- /dev/null +++ b/kubernetes/oof/components/oof-has/requirements.yaml @@ -0,0 +1,45 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T,VMware +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: music + version: ~6.x-0 + repository: '@local' + - name: oof-has-api + version: ~6.x-0 + repository: 'file://components/oof-has-api' + condition: oof-has-api.enabled + - name: oof-has-controller + version: ~6.x-0 + repository: 'file://components/oof-has-controller' + condition: oof-has-controller.enabled + - name: oof-has-data + version: ~6.x-0 + repository: 'file://components/oof-has-data' + condition: oof-has-data.enabled + - name: oof-has-reservation + version: ~6.x-0 + repository: 'file://components/oof-has-reservation' + condition: oof-has-reservation.enabled + - name: oof-has-solver + version: ~6.x-0 + repository: 'file://components/oof-has-solver' + condition: oof-has-solver.enabled + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/oof/charts/oof-has/resources/config/aai_cert.cer b/kubernetes/oof/components/oof-has/resources/config/aai_cert.cer index 4c6eb916e6..4c6eb916e6 100755 --- a/kubernetes/oof/charts/oof-has/resources/config/aai_cert.cer +++ b/kubernetes/oof/components/oof-has/resources/config/aai_cert.cer diff --git a/kubernetes/oof/charts/oof-has/resources/config/aai_key.key b/kubernetes/oof/components/oof-has/resources/config/aai_key.key index 246ff6d8cb..246ff6d8cb 100755 --- a/kubernetes/oof/charts/oof-has/resources/config/aai_key.key +++ b/kubernetes/oof/components/oof-has/resources/config/aai_key.key diff --git a/kubernetes/oof/charts/oof-has/resources/config/bundle.pem b/kubernetes/oof/components/oof-has/resources/config/bundle.pem index 60121e751b..60121e751b 100755 --- a/kubernetes/oof/charts/oof-has/resources/config/bundle.pem +++ b/kubernetes/oof/components/oof-has/resources/config/bundle.pem diff --git a/kubernetes/oof/charts/oof-has/resources/config/conductor.conf b/kubernetes/oof/components/oof-has/resources/config/conductor.conf index 881ed22562..a259a6d8d0 100755 --- a/kubernetes/oof/charts/oof-has/resources/config/conductor.conf +++ b/kubernetes/oof/components/oof-has/resources/config/conductor.conf @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T,VMware, Intel Corporation. # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} [DEFAULT] @@ -327,6 +329,8 @@ concurrent = true # Minimum value: 1 #max_translation_counter = 1 +# (string value) +opt_schema_file = /opt/has/conductor/etc/conductor/opt_schema.json [data] @@ -361,7 +365,7 @@ concurrent = true # # Extensions list to use (list value) -#extensions = aai +extensions = aai,generator [messaging_server] diff --git a/kubernetes/oof/charts/oof-has/resources/config/healthcheck.json b/kubernetes/oof/components/oof-has/resources/config/healthcheck.json index 833fa0f5d9..833fa0f5d9 100755 --- a/kubernetes/oof/charts/oof-has/resources/config/healthcheck.json +++ b/kubernetes/oof/components/oof-has/resources/config/healthcheck.json diff --git a/kubernetes/oof/charts/oof-has/resources/config/healthy.sh b/kubernetes/oof/components/oof-has/resources/config/healthy.sh index d78777ad1c..9f5309b5d5 100755 --- a/kubernetes/oof/charts/oof-has/resources/config/healthy.sh +++ b/kubernetes/oof/components/oof-has/resources/config/healthy.sh @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T,VMware # @@ -13,13 +14,15 @@ # See the License for the specific language governing permissions and # limitations under the License. +*/}} #!/bin/bash - +{{/* # Controller is a process that reads from Music Q # It uses no ports (TCP or HTTP). The PROB will check # if the controller process exists or not. In case # it exists, it will send 0, else send 1 so k8s can i # restart the container +*/}} pid="$(pgrep -f '/usr/local/bin/conductor')" if [ -z "$pid" ] diff --git a/kubernetes/oof/charts/oof-has/resources/config/log.conf b/kubernetes/oof/components/oof-has/resources/config/log.conf index c476d0b6c8..c9bf3fabc9 100755 --- a/kubernetes/oof/charts/oof-has/resources/config/log.conf +++ b/kubernetes/oof/components/oof-has/resources/config/log.conf @@ -1,5 +1,7 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T,VMware +# Modifications Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,6 +14,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} [loggers] keys=root @@ -25,7 +28,7 @@ handlers=trfhand,consoleHandler,audithand,metrichand,errhand,debughand [handler_consoleHandler] class=StreamHandler -level=NOTSET +level=INFO formatter=generic args=(sys.stdout,) diff --git a/kubernetes/oof/charts/oof-has/resources/config/log/filebeat.yml b/kubernetes/oof/components/oof-has/resources/config/log/filebeat.yml index aa19dc2d22..8b1e926e10 100755 --- a/kubernetes/oof/charts/oof-has/resources/config/log/filebeat.yml +++ b/kubernetes/oof/components/oof-has/resources/config/log/filebeat.yml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T,VMware # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} filebeat.prospectors: #it is mandatory, in our case it's log diff --git a/kubernetes/oof/charts/oof-has/resources/config/nginx.conf b/kubernetes/oof/components/oof-has/resources/config/nginx.conf index 7b5c3a504c..cbb1b60a58 100644 --- a/kubernetes/oof/charts/oof-has/resources/config/nginx.conf +++ b/kubernetes/oof/components/oof-has/resources/config/nginx.conf @@ -13,9 +13,9 @@ http { listen 8091 ssl; server_name oof; - ssl_certificate /opt/bitnami/nginx/ssl/org.onap.oof.crt; - ssl_certificate_key /opt/bitnami/nginx/ssl/org.onap.oof.key; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_certificate /opt/bitnami/nginx/org.onap.oof.crt; + ssl_certificate_key /opt/bitnami/nginx/ssl/local/org.onap.oof.key; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; location / { diff --git a/kubernetes/oof/charts/oof-has/resources/config/onboard.json b/kubernetes/oof/components/oof-has/resources/config/onboard.json index 2c3d69be8d..2c3d69be8d 100755 --- a/kubernetes/oof/charts/oof-has/resources/config/onboard.json +++ b/kubernetes/oof/components/oof-has/resources/config/onboard.json diff --git a/kubernetes/oof/charts/oof-has/templates/configmap.yaml b/kubernetes/oof/components/oof-has/templates/configmap.yaml index 39b69a6817..35581366e6 100755 --- a/kubernetes/oof/charts/oof-has/templates/configmap.yaml +++ b/kubernetes/oof/components/oof-has/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T,VMware # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/oof/charts/oof-has/templates/job-healthcheck.yaml b/kubernetes/oof/components/oof-has/templates/job-healthcheck.yaml index 34f215c9ab..49406ba423 100755 --- a/kubernetes/oof/charts/oof-has/templates/job-healthcheck.yaml +++ b/kubernetes/oof/components/oof-has/templates/job-healthcheck.yaml @@ -33,11 +33,11 @@ spec: release: {{ include "common.release" . }} spec: initContainers: - - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + - image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness command: - - /root/ready.py + - /app/ready.py args: - --container-name - oof-has-api @@ -48,7 +48,7 @@ spec: apiVersion: v1 fieldPath: metadata.namespace containers: - - image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}" + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-healthcheck command: @@ -76,7 +76,7 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: healthcheck.json resources: -{{ toYaml .Values.resources | indent 10 }} +{{ include "common.resources" . | indent 10 }} nodeSelector: {{- if .Values.nodeSelector }} {{ toYaml .Values.nodeSelector | indent 8 }} diff --git a/kubernetes/oof/charts/oof-has/templates/job-onboard.yaml b/kubernetes/oof/components/oof-has/templates/job-onboard.yaml index ad42a1fe08..a60372f30a 100755 --- a/kubernetes/oof/charts/oof-has/templates/job-onboard.yaml +++ b/kubernetes/oof/components/oof-has/templates/job-onboard.yaml @@ -33,11 +33,11 @@ spec: release: {{ include "common.release" . }} spec: initContainers: - - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + - image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness command: - - /root/ready.py + - /app/ready.py args: - --container-name - "music-springboot" @@ -50,7 +50,7 @@ spec: apiVersion: v1 fieldPath: metadata.namespace - command: - - /root/job_complete.py + - /app/ready.py args: - -j - "{{ include "common.release" . }}-music-cassandra-job-config" @@ -60,11 +60,11 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-music-db-readiness containers: - - image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}" + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-onboard command: @@ -81,7 +81,7 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: onboard.json resources: -{{ toYaml .Values.resources | indent 10 }} +{{ include "common.resources" . | indent 10 }} nodeSelector: {{- if .Values.nodeSelector }} {{ toYaml .Values.nodeSelector | indent 8 }} diff --git a/kubernetes/oof/components/oof-has/templates/secret.yaml b/kubernetes/oof/components/oof-has/templates/secret.yaml new file mode 100644 index 0000000000..c5fe2be5da --- /dev/null +++ b/kubernetes/oof/components/oof-has/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/charts/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml index 309b59ca86..1389044870 100755 --- a/kubernetes/oof/charts/oof-has/values.yaml +++ b/kubernetes/oof/components/oof-has/values.yaml @@ -17,16 +17,21 @@ # Global configuration defaults. ################################################################# global: - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - repository: nexus3.onap.org:10001 commonConfigPrefix: onap-oof-has image: - readiness: oomk8s/readiness-check:2.0.0 - optf_has: onap/optf-has:2.0.4 - filebeat: docker.elastic.co/beats/filebeat:5.5.0 + optf_has: onap/optf-has:2.1.2 + persistence: + enabled: true + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: oof-onap-certs + name: &oof-certs '{{ include "common.release" . }}-oof-onap-certs' + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' pullPolicy: Always nodePortPrefix: 302 @@ -67,3 +72,20 @@ resources: cpu: 1000m unlimited: {} +#component overrides +oof-has-api: + enabled: true + certSecret: *oof-certs +oof-has-controller: + enabled: true + certSecret: *oof-certs +oof-has-data: + enabled: true + certSecret: *oof-certs +oof-has-reservation: + enabled: true + certSecret: *oof-certs +oof-has-solver: + enabled: true + certSecret: *oof-certs + diff --git a/kubernetes/oof/components/oof-templates/Chart.yaml b/kubernetes/oof/components/oof-templates/Chart.yaml new file mode 100755 index 0000000000..885491c1a9 --- /dev/null +++ b/kubernetes/oof/components/oof-templates/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T,VMware +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP OOF helm templates +name: oof-templates +version: 6.0.0 diff --git a/kubernetes/log/charts/log-elasticsearch/requirements.yaml b/kubernetes/oof/components/oof-templates/requirements.yaml index caff1e5dc4..b93260a4fa 100644..100755 --- a/kubernetes/log/charts/log-elasticsearch/requirements.yaml +++ b/kubernetes/oof/components/oof-templates/requirements.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018 AT&T,VMware # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,3 +17,4 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + diff --git a/kubernetes/oof/components/oof-templates/templates/_certificate.tpl b/kubernetes/oof/components/oof-templates/templates/_certificate.tpl new file mode 100644 index 0000000000..4da128bcbb --- /dev/null +++ b/kubernetes/oof/components/oof-templates/templates/_certificate.tpl @@ -0,0 +1,11 @@ +{{- define "oof.certificate.volume" -}} +- name: {{ include "common.fullname" . }}-onap-certs + secret: + secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "oof-onap-certs") }} + items: + - key: aaf_root_ca.cer + path: aaf_root_ca.cer + - key: intermediate_root_ca.pem + path: intermediate_root_ca.pem +{{- end -}} + diff --git a/kubernetes/policy/charts/pdp/resources/config/pe/pdp-tweaks.sh b/kubernetes/oof/components/oof-templates/values.yaml index 6060fe9b6f..a97238e9af 100644 --- a/kubernetes/policy/charts/pdp/resources/config/pe/pdp-tweaks.sh +++ b/kubernetes/oof/components/oof-templates/values.yaml @@ -1,4 +1,4 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T +# Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,5 +12,3 @@ # See the License for the specific language governing permissions and # limitations under the License. -#! /bin/bash - diff --git a/kubernetes/oof/requirements.yaml b/kubernetes/oof/requirements.yaml index ce567f9d3a..a68ce411f1 100755 --- a/kubernetes/oof/requirements.yaml +++ b/kubernetes/oof/requirements.yaml @@ -17,3 +17,20 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' + - name: oof-cmso + version: ~6.x-0 + repository: 'file://components/oof-cmso' + condition: oof-cmso.enabled + - name: oof-has + version: ~6.x-0 + repository: 'file://components/oof-has' + condition: oof-has.enabled + - name: oof-templates + version: ~6.x-0 + repository: 'file://components/oof-templates' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/oof/resources/config/aaf_root_ca.cer b/kubernetes/oof/resources/config/certs/aaf_root_ca.cer index e9a50d7ea0..e9a50d7ea0 100755 --- a/kubernetes/oof/resources/config/aaf_root_ca.cer +++ b/kubernetes/oof/resources/config/certs/aaf_root_ca.cer diff --git a/kubernetes/oof/resources/config/certs/intermediate_root_ca.pem b/kubernetes/oof/resources/config/certs/intermediate_root_ca.pem new file mode 100644 index 0000000000..b67866d160 --- /dev/null +++ b/kubernetes/oof/resources/config/certs/intermediate_root_ca.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB +RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN +MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG +A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL +neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d +o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3 +nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV +v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO +15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw +gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV +M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/ +BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B +AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q +ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl +u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+ ++pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/ +QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht +8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX +kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3 +aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky +uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w +tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep +BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k= +-----END CERTIFICATE----- + diff --git a/kubernetes/oof/resources/config/common_config.yaml b/kubernetes/oof/resources/config/conf/common_config.yaml index 9515f30fc0..1109ab8167 100644 --- a/kubernetes/oof/resources/config/common_config.yaml +++ b/kubernetes/oof/resources/config/conf/common_config.yaml @@ -5,7 +5,7 @@ osdf_system: external: 8698 # clients use this port on DockerHost osdf_ip_default: 0.0.0.0 # # Important Note: At deployment time, we need to ensure the port mapping is done - ssl_context: ['/opt/app/ssl_cert/org.onap.oof.crt', '/opt/app/ssl_cert/org.onap.oof.key'] + ssl_context: ['/opt/osdf/org.onap.oof.crt', '/opt/osdf/osaaf/local/org.onap.oof.key'] osdf_temp: # special configuration required for "workarounds" or testing local_policies: @@ -40,12 +40,11 @@ osdf_temp: # special configuration required for "workarounds" or testing - vnfPolicy_vPGN_TD.json - affinity_vFW_TD.json - QueryPolicy_vFW_TD.json - - slice_selection_policy_dir_urllc_1: "./test/policy-local-files/" - slice_selection_policy_files_urllc_1: - - vnfPolicy_URLLC_Core_1.json - - thresholdPolicy_URLLC_Core_1.json - - subscriber_policy_URLLC_1.json + slice_selection_policy_dir_embb-nst: "./test/policy-local-files/slice-selection-files/" + slice_selection_policy_files_embb-nst: + - query_policy_nsi.json + - threshold_policy_nsi.json + - vnf_policy_nsi_shared_case.json service_info: vCPE: @@ -65,6 +64,15 @@ references: subscriber_role: source: onap.policies.optimization.SubscriberPolicy value: properties.properties.subscriberRole + resource_sharing_level: + source: request + value: serviceProfile.resourceSharingLevel + slice_scope: + source: request + value: slice_scope + reuse_preference: + source: request + value: preferReuse policy_info: prioritization_attributes: @@ -81,9 +89,21 @@ policy_info: policy_scope: - scope: - - OSDF_FRANKFURT + - get_param: slice_scope services: - get_param: service_name + resources: + - get_param: service_name + + subnet_selection: + policy_fetch: by_scope + policy_scope: + - scope: + - OSDF_GUILIN + services: + - get_param: service_name + resources: + - get_param: service_name placement: policy_fetch: by_scope @@ -103,3 +123,13 @@ policy_info: default: # if no explicit service related information is needed policy_fetch: by_name policy_scope: none + +PCI: + ML: + average_ho_threshold: 10000 + latest_ho_threshold: 500 + DES: + service_id: ho_metric + filter: + interval: 10 + ml_enabled: false diff --git a/kubernetes/oof/resources/config/conf/log.yml b/kubernetes/oof/resources/config/conf/log.yml new file mode 100644 index 0000000000..3966ea28c0 --- /dev/null +++ b/kubernetes/oof/resources/config/conf/log.yml @@ -0,0 +1,101 @@ +version: 1 +disable_existing_loggers: True + +loggers: + error: + handlers: [error_handler, console_handler] + level: "WARN" + propagate: True + debug: + handlers: [debug_handler, console_handler] + level: "DEBUG" + propagate: True + metrics: + handlers: [metrics_handler, console_handler] + level: "INFO" + propagate: True + audit: + handlers: [audit_handler, console_handler] + level: "INFO" + propagate: True +handlers: + debug_handler: + level: "DEBUG" + class: "logging.handlers.TimedRotatingFileHandler" + filename: "logs/debug.log" + formatter: "debugFormat" + when: midnight + interval: 1 + utc: True + delay: False + backupCount: 10 + error_handler: + level: "WARN" + class: "logging.handlers.TimedRotatingFileHandler" + filename: "logs/error.log" + formatter: "errorFormat" + when: midnight + interval: 1 + utc: True + delay: False + backupCount: 10 + metrics_handler: + level: "INFO" + class: "logging.handlers.TimedRotatingFileHandler" + filename: "logs/metrics.log" + formatter: "metricsFormat" + when: midnight + interval: 1 + utc: True + delay: False + backupCount: 10 + audit_handler: + level: "INFO" + class: "logging.handlers.TimedRotatingFileHandler" + filename: "logs/audit.log" + formatter: "auditFormat" + when: midnight + interval: 1 + utc: True + delay: False + backupCount: 10 + console_handler: + level: "DEBUG" + class: "logging.StreamHandler" + formatter: "metricsFormat" + +formatters: + standard: + format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s" + debugFormat: + format: "%(mdc)s" + datefmt: "%Y-%m-%dT%H:%M:%S" + mdcfmt: "%(asctime)s.%(msecs)03d+00:00|{requestID}|%(threadName)s|{server}|%(levelname)s|%(message)s" + (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter + errorFormat: + format: "%(mdc)s" + datefmt: "%Y-%m-%dT%H:%M:%S" + mdcfmt: "%(asctime)s.%(msecs)03d+00:00|{requestID}|%(threadName)s|{serviceName}|{partnerName}\ + |{targetEntity}|{targetServiceName}|%(levelname)s|{errorCode}|{errorDescription}|%(message)s" + (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter + auditFormat: + format: "%(mdc)s" + datefmt: "%Y-%m-%dT%H:%M:%S" + mdcfmt: "{entryTimestamp}+00:00|%(asctime)s.%(msecs)03d+00:00|{requestID}|{serviceInstanceID}\ + |%(threadName)s|{server}|{serviceName}|{partnerName}|{statusCode}|{responseCode}|{responseDescription}\ + |{instanceUUID}|%(levelname)s|{severity}|{serverIPAddress}|{timer}|{server}|{IPAddress}||{unused}\ + |{processKey}|{customField1}|{customField2}|{customField3}|{customField4}|%(message)s" + (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter + metricsFormat: + format: "%(mdc)s" + datefmt: "%Y-%m-%dT%H:%M:%S" + mdcfmt: "{entryTimestamp}+00:00|%(asctime)s.%(msecs)03d+00:00|{requestID}|{serviceInstanceID}\ + |%(threadName)s|{server}|{serviceName}|{partnerName}|{targetEntity}|{targetServiceName}|{statusCode}|{responseCode}|{responseDescription}\ + |{instanceUUID}|%(levelname)s|{severity}|{serverIPAddress}|{timer}|{server}|{IPAddress}||{unused}\ + |{processKey}|{TargetVirtualEntity}|{customField1}|{customField2}|{customField3}|{customField4}|%(message)s" + (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter + mdcFormat: + format: "%(asctime)s.%(msecs)03d+00:00|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s" + mdcfmt: "{requestID} {invocationID} {serviceName} {serverIPAddress}" + (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter + diff --git a/kubernetes/oof/resources/config/osdf_config.yaml b/kubernetes/oof/resources/config/conf/osdf_config.yaml index b544c42e7a..97d037a8f8 100755 --- a/kubernetes/oof/resources/config/osdf_config.yaml +++ b/kubernetes/oof/resources/config/conf/osdf_config.yaml @@ -48,5 +48,22 @@ configDbUrl: {{ .Values.config.configDbUrl }} configDbGetCellListUrl: {{ .Values.config.configDbGetCellListUrl }} configDbGetNbrListUrl: {{ .Values.config.configDbGetNbrListUrl }} +# AAI api +aaiUrl: {{ .Values.config.aaiUrl }} +aaiGetLinksUrl: {{ .Values.config.aaiGetLinksUrl }} +aaiServiceInstanceUrl : {{ .Values.config.aaiServiceInstanceUrl }} +aaiGetControllersUrl: {{ .Values.config.aaiGetControllersUrl }} +controllerQueryUrl: {{ .Values.config.controllerQueryUrl }} +aaiGetInterDomainLinksUrl: {{ .Values.config.aaiGetInterDomainLinksUrl }} + +#DES api +desUrl: {{ .Values.config.desUrl }} +desApiPath: {{ .Values.config.desApiPath }} +desHeaders: + Accept: application/json + Content-Type: application/json +desUsername: {{ .Values.config.desUsername }} +desPassword: {{ .Values.config.desPassword }} + #key appkey: '' diff --git a/kubernetes/oof/resources/config/org.onap.oof.crt b/kubernetes/oof/resources/config/org.onap.oof.crt deleted file mode 100644 index 68f474b44f..0000000000 --- a/kubernetes/oof/resources/config/org.onap.oof.crt +++ /dev/null @@ -1,89 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFEDCCA/igAwIBAgIILW/fiLbps5cwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE -BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp -bnRlcm1lZGlhdGVDQV85MB4XDTIwMDQwNDE4NDMxNloXDTIxMDQwNDE4NDMxNlow -XjERMA8GA1UEAwwIb29mLm9uYXAxHTAbBgNVBAsMFG9vZkBvb2Yub25hcC5vcmc6 -REVWMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv9ebvHIAgYYtJZDvxwDLR -UlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+CLYpRbLQ -IlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8MS2XrnxB -HpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCKGUfEjKb+ -LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaHKfVxm1ZH -hvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2guGQUGsib -AgMBAAGjggHnMIIB4zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB -Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze -81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ -MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUkjCndmbyBIsg2xtiFYgeONQa8Ysw -ggEtBgNVHREEggEkMIIBIIEfbWFyay5kLm1hbmFnZXJAcGVvcGxlLm9zYWFmLmNv -bYIIb29mLm9uYXCCCWNtc28tb25hcIIcY21zby5hcGkuc2ltcGxlZGVtby5vbmFw -Lm9yZ4IJY21zby5vbmFwgghvb2YtY21zb4ISb29mLWNtc28tb3B0aW1pemVyghJv -b2YtY21zby10aWNrZXRtZ3SCEW9vZi1jbXNvLXRvcG9sb2d5ggtvb2YtaGFzLWFw -aYIQb29mLWhhcy1hcGkub25hcIIIb29mLW9uYXCCCm9vZi1vcHRlbmeCD29vZi1v -cHRlbmcub25hcIIIb29mLW9zZGaCDW9vZi1vc2RmLm9uYXCCG29vZi5hcGkuc2lt -cGxlZGVtby5vbmFwLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAHoAD6tRvFPAtUfkU -FsTO2p7lftMld0CzeAWfEln9vBXwr0ZGdNTP2TWJAcenIE1cwJavyQuDc3sZ4Z20 -/pOz1/oic9gnlVFe46/KRcwVUVXBU1EJlXB2UPU/v4MNrkWUcgqzEcxfKmBWl/My -7OlQFc7zAeqZw6XtnaLzMipaXg98M7sWnfS4t116wfwmHIkP2RY7dAp1XAbzOW+X -koFvfuj6MljxEzy8oc90SxhQHWNhWH73FxW0MuP+qf6x5PRciXIq6NJOrkG91Z0L -mksGtWU58Y7uP9DzcxaOB4cv3UpK4rx//IUnAN4/aDxLq566A5qj21ftMhHlCFg5 -GsHFjQ== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB -RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN -MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG -A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL -neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d -o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3 -nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV -v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO -15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw -gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV -M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/ -BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B -AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q -ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl -u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+ -+pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/ -QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht -8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX -kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3 -aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky -uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w -tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep -BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV -BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx -NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK -DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC -ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 -XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn -H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM -pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 -NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg -2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY -wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd -ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM -P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 -aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY -PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G -A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ -UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN -BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz -L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 -7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx -c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf -jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 -RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h -PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF -CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ -Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A -cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR -ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX -dYY= ------END CERTIFICATE----- - - diff --git a/kubernetes/oof/resources/config/org.onap.oof.key b/kubernetes/oof/resources/config/org.onap.oof.key deleted file mode 100644 index a83edd1f86..0000000000 --- a/kubernetes/oof/resources/config/org.onap.oof.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCv9ebvHIAgYYtJ -ZDvxwDLRUlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+ -CLYpRbLQIlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8 -MS2XrnxBHpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCK -GUfEjKb+LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaH -KfVxm1ZHhvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2g -uGQUGsibAgMBAAECggEAZFnZWoTmjZET3sdLaJQ0ZyyKwuFnURqyO5m6YuWTaj4Q -MFLBRJplneAQmOEGcdo5PsKcHDYM5185D6foO6GEWS86Dgqqm3TjAX0kUeRZY63V -SpyBCWWsaH+vOKeL/T5UAF5PZky6kDFGlo11cwwP0ROdcuxflkck0DopoG7vMQE0 -XvOWDn9z7WLu6hph7RnweW5Wou3VG2WSlE8i7gngAExxRFs2RxUr3UHooUX0pLOY -Qk/ofsWB6AhMD02BAIgKEWZK33+uTHUchbm3zA1sAx8vXoA5G9uSh/E+YnXbt3D0 -0wrHIJy+BW3f4WfGc7tE3HpsnLsnUwBV48DvG/zAAQKBgQD4HshYjEkT4WAVnzbe -FaivRh67sFqHvkpSA4gmNdot1Q4MeZ1I5u2lKBntbxyk72m/zA/7qw2h1PT2r430 -XA2/cV+YHCiTbPqfm0Lj+w0ht+RmF3VQB1uHWjsVvybPIeuwVLZ3hgu2Tl2oDCKd -8bKLpvj4fwZRxbp3G5VjuQztiwKBgQC1jHYVaUHkekshHG0HFPBKAEU8urSeKzoD -Y7SyrDLQwx3rqhY3v0VZntjnT47JEThECunl5Aun0YJyMs12Ex0zI7ciC9WIgbHx -Qhs/46uhKPuiEHzBsET6CX7wDBJMBIN6HrNMsSdCTmWZu6LGJSlHasEXnmKsTngF -nYdBeQATMQKBgGMvOvtaqOPPli9OhApnMhVOvH5e0vGsed0rGEPeByeHIaSPAPbh -iWIaE7M8VYEBS46mLkV2bW6hyILMTry+B6jd007lArtcNxuSXzzvYKJ39k9xVS32 -ovoKcdARp5vpfWPxmTdSWGA6F2pT34qv0aXNy3zamlYZ6p4uYpuIn8hdAoGAKL5h -MeTxeMlJWyD6BwDX/IObBkoQhv7EgkY6I28p6FghuuXtHo26jqZrn13neZB3xC1+ -2K0ZQIxwbhigq8MWZoe5bdaiEYSp3q8rVmdN+VktP+3bUcyxbjv7VPwgjxbkOt/w -9WE8olDd1Gab3UQxw2ld9GMDWhAyN3BnDnaNYcECgYBFyc/maooUp2x1SEh3UisY -vkpzYvUyHGiq2/gwm1htz8HQO75RuNY/YtxN1m9jrMArPBy6OgQ/Wk3Zi6S8HqYY -ENTUUsIVr33nJT3rOWWJ2qdAmo6kAWt/J3LPNV01MWZ2cU4DcEDF1ZVkGFVgI0ZC -h+G1ZXD4PyjI6KWhRC3JuA== ------END PRIVATE KEY-----
\ No newline at end of file diff --git a/kubernetes/oof/templates/configmap.yaml b/kubernetes/oof/templates/configmap.yaml index 75f7e42277..59920a63bd 100644 --- a/kubernetes/oof/templates/configmap.yaml +++ b/kubernetes/oof/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T,VMware # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap @@ -24,4 +26,4 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/conf/*").AsConfig . | indent 2 }} diff --git a/kubernetes/oof/templates/deployment.yaml b/kubernetes/oof/templates/deployment.yaml index 55c5b0c171..2b1eeba747 100644 --- a/kubernetes/oof/templates/deployment.yaml +++ b/kubernetes/oof/templates/deployment.yaml @@ -1,5 +1,7 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T,VMware +# Modifications Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,8 +14,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} @@ -24,6 +27,9 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: + selector: + matchLabels: + app: {{ include "common.name" . }} replicas: {{ .Values.replicaCount }} template: metadata: @@ -33,7 +39,7 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - policy-xacml-pdp @@ -43,7 +49,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - command: @@ -61,14 +67,22 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.global.curlImage }}" + image: {{ include "repositoryGenerator.image.curl" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-osdf-sms-readiness - +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + args: + - "-c" + - | + grep -v '^$' /opt/osdf/osaaf/local/org.onap.oof.crt > /tmp/oof.crt + cat /tmp/oof.crt /opt/app/ssl_cert/intermediate_root_ca.pem /opt/app/ssl_cert/aaf_root_ca.cer >> /opt/osdf/org.onap.oof.crt + ./osdfapp.sh -x osdfapp.py ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -87,6 +101,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -94,17 +109,17 @@ spec: name: {{ include "common.fullname" . }}-config subPath: osdf_config.yaml - mountPath: /opt/app/ssl_cert/aaf_root_ca.cer - name: {{ include "common.fullname" . }}-config + name: {{ include "common.fullname" . }}-onap-certs subPath: aaf_root_ca.cer - - mountPath: /opt/app/ssl_cert/org.onap.oof.crt - name: {{ include "common.fullname" . }}-config - subPath: org.onap.oof.crt - - mountPath: /opt/app/ssl_cert/org.onap.oof.key - name: {{ include "common.fullname" . }}-config - subPath: org.onap.oof.key + - mountPath: /opt/app/ssl_cert/intermediate_root_ca.pem + name: {{ include "common.fullname" . }}-onap-certs + subPath: intermediate_root_ca.pem - mountPath: /opt/osdf/config/common_config.yaml name: {{ include "common.fullname" . }}-config subPath: common_config.yaml + - mountPath: /opt/osdf/config/log.yml + name: {{ include "common.fullname" . }}-config + subPath: log.yml resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -117,6 +132,7 @@ spec: {{- end }} volumes: + {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime @@ -126,13 +142,10 @@ spec: items: - key: osdf_config.yaml path: osdf_config.yaml - - key: aaf_root_ca.cer - path: aaf_root_ca.cer - key: common_config.yaml path: common_config.yaml - - key: org.onap.oof.crt - path: org.onap.oof.crt - - key: org.onap.oof.key - path: org.onap.oof.key + - key: log.yml + path: log.yml +{{ include "oof.certificate.volume" . | indent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/templates/secret.yaml b/kubernetes/oof/templates/secret.yaml new file mode 100644 index 0000000000..c5fe2be5da --- /dev/null +++ b/kubernetes/oof/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/templates/service.yaml b/kubernetes/oof/templates/service.yaml index 9964d8d5c5..0706a8d6d4 100644 --- a/kubernetes/oof/templates/service.yaml +++ b/kubernetes/oof/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T,VMware # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml index 13e0045858..db7c9d2231 100644 --- a/kubernetes/oof/values.yaml +++ b/kubernetes/oof/values.yaml @@ -17,17 +17,25 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 persistence: {} + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: oof-onap-certs + name: &oof-certs '{{ include "common.release" . }}-oof-onap-certs' + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: + - resources/config/certs/intermediate_root_ca.pem + - resources/config/certs/aaf_root_ca.cer + ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/optf-osdf:2.0.4 +image: onap/optf-osdf:3.0.2 pullPolicy: Always # flag to enable debugging - application support required @@ -79,12 +87,42 @@ config: configDbUrl: http://config.db.url:8080 configDbGetCellListUrl: 'SDNCConfigDBAPI/getCellList' configDbGetNbrListUrl: 'SDNCConfigDBAPI/getNbrList' + #aai api + aaiUrl: https://aai:8443 + aaiGetLinksUrl: /aai/v16/network/logical-links + aaiServiceInstanceUrl : /aai/v20/nodes/service-instances/service-instance/ + aaiGetControllersUrl: /aai/v19/external-system/esr-thirdparty-sdnc-list + controllerQueryUrl: /aai/v19/query?format=resource + aaiGetInterDomainLinksUrl: /aai/v19/network/logical-links?link-type=inter-domain&operational-status=up + #des api + desUrl: https://des.url:9000 + desApiPath: /datalake/v1/exposure/ + desUsername: '' + desPassword: '' # default number of instances replicaCount: 1 nodeSelector: {} affinity: {} # Resource Limit flavor -By Default using small flavor: small + +#sub-charts configuration +certInitializer: + nameOverride: oof-osdf-cert-initializer + fqdn: "oof.onap" + app_ns: "org.osaaf.aaf" + fqi: "oof@oof.onap.org" + fqi_namespace: org.onap.oof + public_fqdn: "oof.onap.org" + aafDeployFqi: "deployer@people.osaaf.org" + aafDeployPass: demo123456! + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + appMountPath: /opt/osdf/osaaf + aaf_add_config: > + chmod 444 {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key; + # Segregation for Different environment (Small and Large) resources: small: @@ -126,3 +164,11 @@ ingress: port: 8698 config: ssl: "redirect" + +#component overrides + +oof-cmso: + enabled: true +oof-has: + enabled: true + certSecret: *oof-certs diff --git a/kubernetes/pomba/charts/pomba-data-router/resources/config/data-router.properties b/kubernetes/platform/.gitignore index e69de29bb2..e69de29bb2 100644 --- a/kubernetes/pomba/charts/pomba-data-router/resources/config/data-router.properties +++ b/kubernetes/platform/.gitignore diff --git a/kubernetes/vfc/charts/vfc-vnfres/.helmignore b/kubernetes/platform/.helmignore index f0c1319444..7ddbad7ef4 100644 --- a/kubernetes/vfc/charts/vfc-vnfres/.helmignore +++ b/kubernetes/platform/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +components/ diff --git a/kubernetes/dcaegen2/components/dcae-redis/Chart.yaml b/kubernetes/platform/Chart.yaml index d4c264f713..000f3b3fda 100644 --- a/kubernetes/dcaegen2/components/dcae-redis/Chart.yaml +++ b/kubernetes/platform/Chart.yaml @@ -1,5 +1,6 @@ -# Copyright © 2017 Amdocs, AT&T, Bell Canada -# Modifications Copyright © 2018 AT&T +# Copyright © 2018 ZTE +# Modifications Copyright © 2018 AT&T, Amdocs, Bell Canada +# Modifications Copyright © 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,6 +15,6 @@ # limitations under the License. apiVersion: v1 -description: ONAP DCAE Redis -name: dcae-redis +description: ONAP platform components +name: platform version: 6.0.0 diff --git a/kubernetes/platform/Makefile b/kubernetes/platform/Makefile new file mode 100644 index 0000000000..c5dd3f2df5 --- /dev/null +++ b/kubernetes/platform/Makefile @@ -0,0 +1,56 @@ +# Copyright © 2020 Samsung Electronics, Orange, Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi +else + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi +endif + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/platform/components/Makefile b/kubernetes/platform/components/Makefile new file mode 100644 index 0000000000..2fd1980ed0 --- /dev/null +++ b/kubernetes/platform/components/Makefile @@ -0,0 +1,57 @@ +# Copyright © 2020 Samsung Electronics +# Modifications Copyright © 2020 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi +else + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi +endif + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/.helmignore b/kubernetes/platform/components/oom-cert-service/.helmignore index f0c1319444..50af031725 100644 --- a/kubernetes/vfc/charts/vfc-vnfmgr/.helmignore +++ b/kubernetes/platform/components/oom-cert-service/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +.vscode/ diff --git a/kubernetes/aaf/components/aaf-cert-service/Chart.yaml b/kubernetes/platform/components/oom-cert-service/Chart.yaml index 525b2ac4b6..dd99988868 100644 --- a/kubernetes/aaf/components/aaf-cert-service/Chart.yaml +++ b/kubernetes/platform/components/oom-cert-service/Chart.yaml @@ -13,6 +13,6 @@ # limitations under the License. apiVersion: v1 -description: ONAP AAF Cert Service -name: aaf-cert-service -version: 6.0.0 +description: ONAP Cert Service +name: oom-cert-service +version: 6.0.0
\ No newline at end of file diff --git a/kubernetes/platform/components/oom-cert-service/Makefile b/kubernetes/platform/components/oom-cert-service/Makefile new file mode 100644 index 0000000000..736a19fbd4 --- /dev/null +++ b/kubernetes/platform/components/oom-cert-service/Makefile @@ -0,0 +1,153 @@ +CERTS_DIR = resources +CURRENT_DIR := ${CURDIR} +DOCKER_CONTAINER = generate-certs +DOCKER_EXEC = docker exec ${DOCKER_CONTAINER} + +all: start_docker \ + clear_all \ + root_generate_keys \ + root_create_certificate \ + root_self_sign_certificate \ + client_generate_keys \ + client_generate_csr \ + client_sign_certificate_by_root \ + client_import_root_certificate \ + client_convert_certificate_to_jks \ + server_generate_keys \ + server_generate_csr \ + server_sign_certificate_by_root \ + server_import_root_certificate \ + server_convert_certificate_to_jks \ + server_convert_certificate_to_p12 \ + clear_unused_files \ + stop_docker + +.PHONY: all + +# Starts docker container for generating certificates - deletes first, if already running +start_docker: + @make stop_docker + $(eval REPOSITORY := $(shell cat ./values.yaml | grep -i "^[ \t]*repository" -m1 | xargs | cut -d ' ' -f2)) + $(eval JAVA_IMAGE := $(shell cat ./values.yaml | grep -i "^[ \t]*certificateGenerationImage" -m1 | xargs | cut -d ' ' -f2)) + $(eval FULL_JAVA_IMAGE := $(REPOSITORY)/$(JAVA_IMAGE)) + $(eval USERNAME :=$(shell id -u)) + $(eval GROUP :=$(shell id -g)) + docker run --rm --name ${DOCKER_CONTAINER} --user "$(USERNAME):$(GROUP)" --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/app -w /app --entrypoint "sh" -td $(FULL_JAVA_IMAGE) + +# Stops docker container for generating certificates. 'true' is used to return 0 status code, if container is already deleted +stop_docker: + docker rm ${DOCKER_CONTAINER} -f 1>/dev/null || true + +#Clear all files related to certificates +clear_all: + @make clear_existing_certificates + @make clear_unused_files + +#Clear certificates +clear_existing_certificates: + @echo "Clear certificates" + ${DOCKER_EXEC} rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12 + @echo "#####done#####" + +#Generate root private and public keys +root_generate_keys: + @echo "Generate root private and public keys" + ${DOCKER_EXEC} keytool -genkeypair -v -alias root -keyalg RSA -keysize 4096 -validity 3650 -keystore root-keystore.jks \ + -dname "CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL" -keypass secret \ + -storepass secret -ext BasicConstraints:critical="ca:true" + @echo "#####done#####" + +#Export public key as certificate +root_create_certificate: + @echo "(Export public key as certificate)" + ${DOCKER_EXEC} keytool -exportcert -alias root -keystore root-keystore.jks -storepass secret -file root.crt -rfc + @echo "#####done#####" + +#Self-signed root (import root certificate into truststore) +root_self_sign_certificate: + @echo "(Self-signed root (import root certificate into truststore))" + ${DOCKER_EXEC} keytool -importcert -alias root -keystore truststore.jks -file root.crt -storepass secret -noprompt + @echo "#####done#####" + +#Generate certService's client private and public keys +client_generate_keys: + @echo "Generate certService's client private and public keys" + ${DOCKER_EXEC} keytool -genkeypair -v -alias certServiceClient -keyalg RSA -keysize 2048 -validity 365 \ + -keystore certServiceClient-keystore.jks -storetype JKS \ + -dname "CN=certServiceClient.com,OU=certServiceClient company,O=certServiceClient org,L=Wroclaw,ST=Dolny Slask,C=PL" \ + -keypass secret -storepass secret + @echo "####done####" + +#Generate certificate signing request for certService's client +client_generate_csr: + @echo "Generate certificate signing request for certService's client" + ${DOCKER_EXEC} keytool -certreq -keystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -file certServiceClient.csr + @echo "####done####" + +#Sign certService's client certificate by root CA +client_sign_certificate_by_root: + @echo "Sign certService's client certificate by root CA" + ${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceClient.csr \ + -outfile certServiceClientByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" + @echo "####done####" + +#Import root certificate into client +client_import_root_certificate: + @echo "Import root certificate into intermediate" + ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceClientByRoot.crt" + @echo "####done####" + +#Import signed certificate into certService's client +client_convert_certificate_to_jks: + @echo "Import signed certificate into certService's client" + ${DOCKER_EXEC} keytool -importcert -file certServiceClientByRoot.crt -destkeystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -noprompt + @echo "####done####" + +#Generate certService private and public keys +server_generate_keys: + @echo "Generate certService private and public keys" + ${DOCKER_EXEC} keytool -genkeypair -v -alias oom-cert-service -keyalg RSA -keysize 2048 -validity 365 \ + -keystore certServiceServer-keystore.jks -storetype JKS \ + -dname "CN=oom-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \ + -keypass secret -storepass secret -ext BasicConstraints:critical="ca:false" + @echo "####done####" + +#Generate certificate signing request for certService +server_generate_csr: + @echo "Generate certificate signing request for certService" + ${DOCKER_EXEC} keytool -certreq -keystore certServiceServer-keystore.jks -alias oom-cert-service -storepass secret -file certServiceServer.csr + @echo "####done####" + +#Sign certService certificate by root CA +server_sign_certificate_by_root: + @echo "Sign certService certificate by root CA" + ${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \ + -outfile certServiceServerByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" \ + -ext SubjectAlternativeName:="DNS:oom-cert-service,DNS:localhost" + @echo "####done####" + +#Import root certificate into server +server_import_root_certificate: + @echo "Import root certificate into intermediate(server)" + ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceServerByRoot.crt" + @echo "####done####" + +#Import signed certificate into certService +server_convert_certificate_to_jks: + @echo "Import signed certificate into certService" + ${DOCKER_EXEC} keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias oom-cert-service \ + -storepass secret -noprompt + @echo "####done####" + +#Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12) +server_convert_certificate_to_p12: + @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)" + ${DOCKER_EXEC} keytool -importkeystore -srckeystore certServiceServer-keystore.jks -srcstorepass secret \ + -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret + @echo "#####done#####" + +#Clear unused certificates +clear_unused_files: + @echo "Clear unused certificates" + ${DOCKER_EXEC} rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr + @echo "#####done#####" diff --git a/kubernetes/platform/components/oom-cert-service/requirements.yaml b/kubernetes/platform/components/oom-cert-service/requirements.yaml new file mode 100644 index 0000000000..26bc7a64d8 --- /dev/null +++ b/kubernetes/platform/components/oom-cert-service/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/default/cmpServers.json b/kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json index 358f2a82c7..358f2a82c7 100644 --- a/kubernetes/aaf/components/aaf-cert-service/resources/default/cmpServers.json +++ b/kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/test/cmpServers.json b/kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json index 06e1087f60..06e1087f60 100644 --- a/kubernetes/aaf/components/aaf-cert-service/resources/test/cmpServers.json +++ b/kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json diff --git a/kubernetes/aaf/components/aaf-cert-service/templates/deployment.yaml b/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml index a44066461b..c4d7440b20 100644 --- a/kubernetes/aaf/components/aaf-cert-service/templates/deployment.yaml +++ b/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml @@ -1,4 +1,4 @@ -# Copyright © 2020, Nokia +{{/*# Copyright © 2020, Nokia # Modifications Copyright © 2020, Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,7 +11,7 @@ # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and -# limitations under the License. +# limitations under the License.*/}} {{- if .Values.global.cmpv2Enabled }} apiVersion: apps/v1 @@ -43,7 +43,7 @@ spec: initContainers: - name: wait-for-ejbca command: - - /root/ready.py + - /app/ready.py args: - --container-name - ejbca-ejbca @@ -53,10 +53,10 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: subsitute-envs - image: "{{ .Values.global.envsubstImage }}" + image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ['sh', '-c', "cd /config-input && envsubst < cmpServers.json > {{ .Values.cmpServers.volume.mountPath }}/cmpServers.json"] volumeMounts: @@ -78,7 +78,7 @@ spec: {{- end }} containers: - name: {{ include "common.name" . }} - image: {{ include "common.repository" . }}/{{ .Values.image }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: {{ include "common.containerPorts" . | nindent 10 }} env: diff --git a/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml b/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml new file mode 100644 index 0000000000..ba12874eb6 --- /dev/null +++ b/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml @@ -0,0 +1,31 @@ +{{/* + # Copyright © 2020, Nokia + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. +*/}} + +{{- if .Values.global.offlineDeploymentBuild }} +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + containers: + - name: {{ include "common.name" . }} + image: {{ include "common.repository" . }}/{{ .Values.certificateGenerationImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{ end -}} diff --git a/kubernetes/aaf/components/aaf-cert-service/templates/secret.yaml b/kubernetes/platform/components/oom-cert-service/templates/secret.yaml index ac92f56487..280922a014 100644 --- a/kubernetes/aaf/components/aaf-cert-service/templates/secret.yaml +++ b/kubernetes/platform/components/oom-cert-service/templates/secret.yaml @@ -1,4 +1,4 @@ -# Copyright © 2020, Nokia +{{/*# Copyright © 2020, Nokia # Modifications Copyright © 2020, Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,7 +11,7 @@ # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and -# limitations under the License. +# limitations under the License.*/}} {{- if .Values.global.cmpv2Enabled }} {{ include "common.secretFast" . }} @@ -31,7 +31,7 @@ data: apiVersion: v1 kind: Secret metadata: - name: {{ .Values.global.aaf.certServiceClient.secret.name | default .Values.tls.client.secret.defaultName }} + name: {{ .Values.global.certService.certServiceClient.secret.name | default .Values.tls.client.secret.defaultName }} type: Opaque data: certServiceClient-keystore.jks: diff --git a/kubernetes/aaf/components/aaf-cert-service/templates/service.yaml b/kubernetes/platform/components/oom-cert-service/templates/service.yaml index 60e2afa41d..5ae6b36dad 100644 --- a/kubernetes/aaf/components/aaf-cert-service/templates/service.yaml +++ b/kubernetes/platform/components/oom-cert-service/templates/service.yaml @@ -1,4 +1,4 @@ -# Copyright © 2020, Nokia +{{/*# Copyright © 2020, Nokia # Modifications Copyright © 2020, Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,7 +11,7 @@ # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and -# limitations under the License. +# limitations under the License.*/}} {{- if .Values.global.cmpv2Enabled }} {{ include "common.service" . }} {{ end -}}
\ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml index ee3beffd7f..ee51ec7a7d 100644 --- a/kubernetes/aaf/components/aaf-cert-service/values.yaml +++ b/kubernetes/platform/components/oom-cert-service/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2020, Nokia # Modifications Copyright © 2020, Nordix Foundation, Orange +# Modifications Copyright © 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,25 +16,13 @@ # Global global: - envsubstImage: dibi/envsubst nodePortPrefix: 302 - # Readiness image - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - # Ubuntu Init image - ubuntuInitRepository: registry.hub.docker.com - ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 - # Logging image - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - # BusyBox image - busyboxRepository: registry.hub.docker.com - busyboxImage: library/busybox:1.31 persistence: enabled: true # Standard OOM pullPolicy: "Always" repository: "nexus3.onap.org:10001" + offlineDeploymentBuild: false # Service configuration @@ -44,10 +33,12 @@ service: port: 8443 port_protocol: http +# Certificates generation configuration +certificateGenerationImage: onap/integration-java11:7.1.0 # Deployment configuration -repository: nexus3.onap.org:10001 -image: onap/org.onap.aaf.certservice.aaf-certservice-api:1.2.0 +repository: "nexus3.onap.org:10001" +image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0 pullPolicy: Always replicaCount: 1 @@ -82,21 +73,21 @@ resources: # Application configuration cmpServers: secret: - name: aaf-cert-service-secret + name: oom-cert-service-secret volume: - name: aaf-cert-service-volume - mountPath: /etc/onap/aaf/certservice + name: oom-cert-service-volume + mountPath: /etc/onap/oom/certservice tls: server: secret: - name: aaf-cert-service-server-tls-secret + name: oom-cert-service-server-tls-secret volume: - name: aaf-cert-service-server-tls-volume - mountPath: /etc/onap/aaf/certservice/certs/ + name: oom-cert-service-server-tls-volume + mountPath: /etc/onap/oom/certservice/certs/ client: secret: - defaultName: aaf-cert-service-client-tls-secret + defaultName: oom-cert-service-client-tls-secret envs: keystore: @@ -117,9 +108,10 @@ credentials: #truststorePasswordExternalSecret: # Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled cmp: - #clientIakExternalSecret: + # Used only if cmpv2 testing is enabled + clientIakExternalSecret: '{{ include "common.release" . }}-ejbca-client-iak' #clientRvExternalSecret: - #raIakExternalSecret: + raIakExternalSecret: '{{ include "common.release" . }}-ejbca-ra-iak' #raRvExternalSecret: client: {} # iak: mypassword diff --git a/kubernetes/platform/requirements.yaml b/kubernetes/platform/requirements.yaml new file mode 100644 index 0000000000..648197898d --- /dev/null +++ b/kubernetes/platform/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2020 Orange +# Modifications Copyright © 2020 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: oom-cert-service + version: ~6.x-0 + repository: 'file://components/oom-cert-service'
\ No newline at end of file diff --git a/kubernetes/platform/values.yaml b/kubernetes/platform/values.yaml new file mode 100644 index 0000000000..d21fb791e2 --- /dev/null +++ b/kubernetes/platform/values.yaml @@ -0,0 +1,62 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 AT&T +# Modifications Copyright © 2020 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# + +global: + nodePortPrefix: 302 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + + cmpv2Enabled: true + addTestingComponents: false + + certService: + certServiceClient: + secret: + name: oom-cert-service-client-tls-secret + +################################################################# +# Application configuration defaults. +################################################################# + +flavor: small +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 350 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 150 + periodSeconds: 10 + +persistence: {} + +resources: {} diff --git a/kubernetes/pnda/charts/dcae-pnda-bootstrap/Chart.yaml b/kubernetes/pnda/charts/dcae-pnda-bootstrap/Chart.yaml deleted file mode 100644 index 77f4f7ff88..0000000000 --- a/kubernetes/pnda/charts/dcae-pnda-bootstrap/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# ================================================================================ -# Copyright (c) 2018 Cisco Systems. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -apiVersion: v1 -description: ONAP DCAE PNDA Bootstrap -name: dcae-pnda-bootstrap -version: 6.0.0 diff --git a/kubernetes/pnda/charts/dcae-pnda-bootstrap/requirements.yaml b/kubernetes/pnda/charts/dcae-pnda-bootstrap/requirements.yaml deleted file mode 100644 index 9f6d817592..0000000000 --- a/kubernetes/pnda/charts/dcae-pnda-bootstrap/requirements.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# ================================================================================ -# Copyright (c) 2018 Cisco Systems. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -dependencies: - - name: common - version: ~6.x-0 - repository: '@local' diff --git a/kubernetes/pnda/charts/dcae-pnda-bootstrap/resources/inputs/pnda_env.yaml b/kubernetes/pnda/charts/dcae-pnda-bootstrap/resources/inputs/pnda_env.yaml deleted file mode 100644 index 555b9e4de4..0000000000 --- a/kubernetes/pnda/charts/dcae-pnda-bootstrap/resources/inputs/pnda_env.yaml +++ /dev/null @@ -1,230 +0,0 @@ -# ================================================================================ -# Copyright (c) 2018 Cisco Systems. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -infrastructure : - # infrastructure used for pnda deployment - # Valid Values are: - # - aws - # - openstack - # - existing-machines - # - terraform - INFRASTRUCTURE_TYPE: openstack - - # The user name to use when logging into the instances - # For aws target user-name allowed : - # Target AWS Openstack - # - # Distro Redhat: ec2-user cloud-user - # CentOS: centos cloud-user - OS_USER: {{ .Values.pnda.osUser }} - - # CIDR specifying the address range for the network containing all PNDA instances - networkCidr: {{ .Values.pnda.networkCidr }} - -openstack_parameters: - # KEYSTONE_USER: Username for the openstack clients to use - KEYSTONE_USER: {{ .Values.openstack.keystoneUser }} - - # KEYSTONE_PASSWORD: Password for the openstack clients to use - KEYSTONE_PASSWORD: {{ .Values.openstack.keystonePassword }} - - # KEYSTONE_TENANT: Name of the tenant / project in the openstack environment. The - # PNDA stack will be created in this project. - KEYSTONE_TENANT: {{ .Values.openstack.keystoneTenant }} - - # KEYSTONE_AUTH_URL: Keystone authentication URL. The Openstack console provides this - # under the Access & Security section. - KEYSTONE_AUTH_URL: {{ .Values.openstack.keystoneAuthUrl }} - - # KEYSTONE_AUTH_VERSION: Keystone authentication version. The Openstack console provides this - # under the Access & Security section. - KEYSTONE_AUTH_VERSION: '2' - - # KEYSTONE_REGION_NAME: Keystone region. The Openstack console provides this - # under the Access & Security section. - KEYSTONE_REGION_NAME: {{ .Values.openstack.keystoneRegion }} - - # imageId: Base image to use for the created instances. It should be created by - # following the guide in https://github.com/pndaproject/pnda-dib-elements - # - imageId: {{ .Values.openstack.imageId }} - - # CIDR specifying the address range that may access the created PNDA instances - whitelistSshAccess: {{ .Values.openstack.whitelistSshAccess }} - - # UUID of the public network in openstack to use - externalPublicNetworkId: {{ .Values.openstack.publicNetworkId }} - - useExistingNetwork: {{ .Values.openstack.useExistingNetwork }} - - existingNetworkId: {{ .Values.openstack.existingNetworkId }} - - existingSubnetId: {{ .Values.openstack.existingSubnetId }} - - # CIDR specifying the address range for the public subnet (bastion access) - publicSubnetCidr: {{ .Values.openstack.publicSubnetCidr }} - -platform_salt: - # Use either PLATFORM_GIT_REPO_URI + PLATFORM_GIT_BRANCH or PLATFORM_SALT_LOCAL - PLATFORM_SALT_LOCAL: /platform-salt - -pnda_application_repo: - # Type of storage to use for PNDA application packages - # s3 - AWS S3. Also set PNDA_APPS_CONTAINER, PNDA_APPS_FOLDER, PNDA_APPS_REGION, PNDA_APPS_ACCESS_KEY_ID, PNDA_APPS_SECRET_ACCESS_KEY - # sshfs - standard file system. Also set PR_FS_LOCATION_PATH, PR_SSHFS_USER, PR_SSHFS_HOST, PR_SSHFS_PATH and PR_SSHFS_KEY - # local - local filesystem on the package repository service server. Also set PR_FS_LOCATION_PATH. - # swift - Openstack swift. Also set PNDA_APPS_CONTAINER and PNDA_APPS_FOLDER - PR_FS_TYPE: {{ .Values.pnda.apps.fsType }} - - # S3 container to use for PNDA application packages - PNDA_APPS_CONTAINER: {{ .Values.pnda.apps.s3container }} - - # Name of folder within PNDA_APPS_CONTAINER that contains the PNDA application packages - PNDA_APPS_FOLDER: {{ .Values.pnda.apps.s3folder }} - - # AWS region that contains the PNDA_APPS_CONTAINER bucket - PNDA_APPS_REGION: {{ .Values.pnda.apps.s3region }} - - # API key for s3 access to PNDA_APPS_CONTAINER. These keys are stored on the cloud instances so should be restricted - # only allow access to the PNDA_APPS_CONTAINER bucket - PNDA_APPS_ACCESS_KEY_ID: {{ .Values.pnda.apps.s3keyid }} - PNDA_APPS_SECRET_ACCESS_KEY: {{ .Values.pnda.apps.s3secret }} - - # Path on file system if PR_FS_TYPE is 'local' or 'sshfs' - PR_FS_LOCATION_PATH: {{ .Values.pnda.apps.fsLocation | print "/opt/pnda/packages" }} - - # SSH accessed file system to use for PNDA application packages - PR_SSHFS_USER: centos - PR_SSHFS_HOST: 127.0.0.1 - PR_SSHFS_PATH: /mnt/packages - PR_SSHFS_KEY: key.pem - -pnda_data_archive: - # S3 container to use for archiving PNDA datasets - PNDA_ARCHIVE_CONTAINER: pnda-archive - - # AWS region that contains the PNDA_ARCHIVE_CONTAINER bucket - PNDA_ARCHIVE_REGION: eu-west-1 - - # API key for s3 access to PNDA_ARCHIVE_CONTAINER. These keys are stored on the cloud instances so should be restricted - # only allow access to the PNDA_ARCHIVE_CONTAINER bucket - PNDA_ARCHIVE_ACCESS_KEY_ID: xxxx - PNDA_ARCHIVE_SECRET_ACCESS_KEY: xxxx - -ntp: - # Optional ntp servers. Use this if the standard NTP servers on the Internet cannot be reached - # and a local NTP server has been configured. PNDA will not work without NTP. - # example format: 'xxx.ntp.org' - #For REJECT_OUTBOUND="YES" then NTP server/s must. - NTP_SERVERS: - - {{ .Values.pnda.ntp }} - -dns: - # External DNS servers list - nameServers: - - {{ .Values.pnda.nameserver }} - -mirrors: - # Mirror of resources required for provisioning PNDA, see PNDA guide for instructions on how to set this up - PNDA_MIRROR: - -hadoop: - # Hadoop distribution to install - # Valid values are: - # - HDP - # - CDH - HADOOP_DISTRO: HDP - # Spark version to enable for oozie (HDP only) - # Valid values are: - # - 1 - # - 2 - OOZIE_SPARK_VERSION: 1 - -connectivity: - # The IP address of the client that created PNDA - CLIENT_IP: {{ .Values.pnda.outboundCidr }} - # Add online repositories for yum, apt-get, pip, etc alongside PNDA mirror - ADD_ONLINE_REPOS: "YES" - # RPM Extras repository to enable when ADD_ONLINE_REPOS=YES - RPM_EXTRAS_REPO_NAME: rhui-REGION-rhel-server-optional - # RPM Optional repository to enable when ADD_ONLINE_REPOS=YES - RPM_OPTIONAL_REPO_NAME: rhui-REGION-rhel-server-extras - -network_interfaces: - PNDA_INTERNAL_NETWORK: eth0 - PNDA_INGEST_NETWORK: eth0 - -cli: - # Maximum number of outbound connections that the CLI will attempt to open at once - # Consider increasing this when creating clusters with more than 100 nodes to speed - # up PNDA creation time. - MAX_SIMULTANEOUS_OUTBOUND_CONNECTIONS: 100 - -security: - # The path were to find the security material (certificate/key). - # The directory should be structured as defined in this' repo's directory structure with the same name. - # The security material should conform to the guidelines defined in the README.md file in - # the containing sub directory. - SECURITY_MATERIAL_PATH: ./platform-certificates/ - - # Address of LDAP server - # All instances will have PAM configured to authenticate with this LDAP server if set - # Leave blank to disable LDAP-PAM integration - LDAP_SERVER: '' - - # Base DN for LDAP server to use when enabling client PAM integration with LDAP - LDAP_BASE_DN: dc=nodomain - -features: - # Include experimental features. - # Set to "NO", omit setting or omit features section entirely to turn off experimental features - EXPERIMENTAL_FEATURES: "NO" - -domain: - # Top-level domain - TOP_LEVEL_DOMAIN: pnda.local - - # Second-level domain - SECOND_LEVEL_DOMAIN: dc1 - -dataset_compaction: - # Enable/Disable compaction on datasets. - # "YES" to enable. - # "NO" to disable. - COMPACTION: "NO" - # If compaction is enabled, PATTERN sets the frequency of compaction. - # H - hourly compaction. - # d - daily compaction. - # M - monthly compaction. - # Y - yearly compaction. - PATTERN: d - -datanode: - # DATANODE_VOLUME_COUNT sets the number of data volumes on each hadoop datanode - DATA_VOLUME_COUNT: 1 - # DEVICE_ROOT sets the disk device root name - DEVICE_ROOT: xvdb - -kafka: - # DATA_DIRS sets the data dirs on kafka node - KAFKA_DATA_DIRS: - - /var/kafka-logs - # DEVICE_ROOT sets the disk device root name - KAFKA_DEVICE_ROOT: xvdb - -generic: - #GENERIC_DEVICE_ROOT sets the disk device root name for generic instances. - GENERIC_DEVICE_ROOT: xvdb diff --git a/kubernetes/pnda/charts/dcae-pnda-bootstrap/resources/scripts/bootstrap.sh b/kubernetes/pnda/charts/dcae-pnda-bootstrap/resources/scripts/bootstrap.sh deleted file mode 100755 index ab7eaa3f76..0000000000 --- a/kubernetes/pnda/charts/dcae-pnda-bootstrap/resources/scripts/bootstrap.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/bin/sh -# ================================================================================ -# Copyright (c) 2018 Cisco Systems. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -# Install PNDA in Openstack with Heat templates -# Expects: -# Input files for components to be installed in /inputs - -if [ "z{{ .Values.enabled }}" != "ztrue" ] -then - echo - echo "PNDA bootstrap is disabled - skipping pnda-cli launch" - echo - exit 0 -fi - -set -ex - -CLUSTER_PREFIX="{{ include "common.release" . }}-{{ include "common.namespace" . }}-pnda" -DATANODES="{{ .Values.pnda.dataNodes }}" -KAFKANODES="{{ .Values.pnda.kafkaNodes }}" -VERSION="{{ .Values.pnda.version }}" -KEYPAIR_NAME="{{ .Values.pnda_keypair_name }}" -KEYFILE="$KEYPAIR_NAME.pem" - -cd /pnda-cli - -cp /inputs/pnda_env.yaml . -cp /secrets/pnda.pem $KEYFILE -chmod 600 $KEYFILE - -(cd tools && ./gen-certs.py) - -KUBE_API="https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT_HTTPS/api/v1" -KUBE_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) - -for i in 1 2 3 4 5 6 7 8 9 -do - MIRROR_IP=$(curl -s $KUBE_API/namespaces/{{ include "common.namespace" . }}/pods \ - --header "Authorization: Bearer $KUBE_TOKEN" \ - --insecure | jq -r '.items[].status | select(.containerStatuses != null) | select(.containerStatuses[].ready and .containerStatuses[].name=="dcae-pnda-mirror") | .hostIP') - MIRROR_PORT=$(curl -s $KUBE_API/namespaces/{{ include "common.namespace" . }}/services/dcae-pnda-mirror \ - --header "Authorization: Bearer $KUBE_TOKEN" \ - --insecure | jq -r '.spec.ports[] | select(.name=="dcae-pnda-mirror") | .nodePort') - - if [ "x${MIRROR_IP}" != "xnull" -a "x${MIRROR_PORT}" != "xnull" ]; then - PNDA_MIRROR="http://$MIRROR_IP:$MIRROR_PORT" - break - fi - sleep 5 -done - -[ -z "${PNDA_MIRROR}" ] && { echo "Unable to get PNDA mirror IP:PORT"; exit 1; } - -sed -i -e 's?CLIENT_IP/32?CLIENT_IP?' bootstrap-scripts/package-install.sh - -./cli/pnda-cli.py create -e $CLUSTER_PREFIX -f pico -n $DATANODES -k $KAFKANODES \ - -b $VERSION -s $KEYPAIR_NAME --set "mirrors.PNDA_MIRROR=$PNDA_MIRROR" diff --git a/kubernetes/pnda/charts/dcae-pnda-bootstrap/templates/configmap.yaml b/kubernetes/pnda/charts/dcae-pnda-bootstrap/templates/configmap.yaml deleted file mode 100644 index d1f00027c3..0000000000 --- a/kubernetes/pnda/charts/dcae-pnda-bootstrap/templates/configmap.yaml +++ /dev/null @@ -1,43 +0,0 @@ -# ================================================================================ -# Copyright (c) 2018 Cisco Systems. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-inputs - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/inputs/*").AsConfig . | indent 2 }} - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-scripts - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/scripts/*").AsConfig . | indent 2 }} - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-secrets - namespace: {{ include "common.namespace" . }} -data: - pnda.pem: | -{{ .Values.pnda_secret | indent 4 }} - diff --git a/kubernetes/pnda/charts/dcae-pnda-bootstrap/templates/job.yaml b/kubernetes/pnda/charts/dcae-pnda-bootstrap/templates/job.yaml deleted file mode 100644 index 8dd83846b9..0000000000 --- a/kubernetes/pnda/charts/dcae-pnda-bootstrap/templates/job.yaml +++ /dev/null @@ -1,87 +0,0 @@ -#============LICENSE_START======================================================== -# ================================================================================ -# Copyright (c) 2018 Cisco Systems. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - completions: 1 - backoffLimit: 0 - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - restartPolicy: Never - initContainers: - - name: {{ include "common.name" . }}-readiness - image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /root/ready.py - args: - - --container-name - - dcae-pnda-mirror - - "-t" - - "75" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - containers: - - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /inputs - name: {{ include "common.fullname" . }}-inputs - - mountPath: /scripts - name: {{ include "common.fullname" . }}-scripts - - mountPath: /secrets - name: {{ include "common.fullname" . }}-secrets - - mountPath: /pnda-cli/cli/logs - name: {{ include "common.fullname" . }}-logs - command: - - "/scripts/bootstrap.sh" - volumes: - - name: {{ include "common.fullname" . }}-inputs - configMap: - name: {{ include "common.fullname" . }}-inputs - - name: {{ include "common.fullname" . }}-scripts - configMap: - name: {{ include "common.fullname" . }}-scripts - defaultMode: 0755 - - name: {{ include "common.fullname" . }}-secrets - configMap: - name: {{ include "common.fullname" . }}-secrets - - name: {{ include "common.fullname" . }}-logs - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }} - {{- else }} - emptyDir: {} - {{- end }} diff --git a/kubernetes/pnda/charts/dcae-pnda-bootstrap/templates/pv.yaml b/kubernetes/pnda/charts/dcae-pnda-bootstrap/templates/pv.yaml deleted file mode 100644 index 75ee218bd7..0000000000 --- a/kubernetes/pnda/charts/dcae-pnda-bootstrap/templates/pv.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{/* -# ================================================================================ -# Copyright (c) 2018 Cisco Systems. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -*/}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - storageClassName: manual - capacity: - storage: {{ .Values.persistence.size }} - accessModes: - - {{ .Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" . }}-data" - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} -{{- end -}} diff --git a/kubernetes/pnda/charts/dcae-pnda-bootstrap/values.yaml b/kubernetes/pnda/charts/dcae-pnda-bootstrap/values.yaml deleted file mode 100644 index da5f7a14e4..0000000000 --- a/kubernetes/pnda/charts/dcae-pnda-bootstrap/values.yaml +++ /dev/null @@ -1,96 +0,0 @@ -# ================================================================================ -# Copyright (c) 2018 Cisco Systems. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefixExt: 304 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - persistence: {} - -################################################################# -# PNDA configuration defaults. -################################################################# - -enabled: false - -pnda: - version: release/5.0 - dataNodes: 2 - kafkaNodes: 1 - osUser: centos - nameserver: 8.8.8.8 - ntp: pool.ntp.org - apps: - fsType: local - networkCidr: 10.0.0.0/16 - outboundCidr: 0.0.0.0/0 - -pnda_keypair_name: pnda -pnda_secret: replace-me - -################################################################# -# Openstack connection params. -################################################################# - -openstack: - keystoneUser: onap - keystonePassword: onap - keystoneTenant: onap - keystoneAuthUrl: 'http://10.60.18.18:5000/v2.0/' - keystoneRegion: regionOne - imageId: id_of_image - publicNetworkId: id_of_public_network - useExistingNetwork: true - existingNetworkId: id_of_onap_network - existingSubnetId: id_of_onap_subnet - whitelistSshAccess: 0.0.0.0/0 - publicSubnetCidr: 10.0.0.0/24 - -################################################################# -# Application configuration defaults. -################################################################# -# application image - - -repository: pndareg.ctao6.net -image: onap/org.onap.dcaegen2.deployments.pnda-bootstrap-container:6.0.0 -pullPolicy: Always - -## Persist data to a persitent volume -persistence: - enabled: true - - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - volumeReclaimPolicy: Retain - - ## database data Persistent Volume Storage Class - ## If defined, storageClassName: <storageClass> - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - accessMode: ReadWriteOnce - size: 10Mi - mountPath: /dockerdata-nfs - mountSubPath: dcae-pnda-bootstrap/logs diff --git a/kubernetes/pnda/charts/dcae-pnda-mirror/Chart.yaml b/kubernetes/pnda/charts/dcae-pnda-mirror/Chart.yaml deleted file mode 100644 index 16ee1a6fe2..0000000000 --- a/kubernetes/pnda/charts/dcae-pnda-mirror/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# ================================================================================ -# Copyright (c) 2018 Cisco Systems. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -apiVersion: v1 -description: ONAP DCAE PNDA Mirror -name: dcae-pnda-mirror -version: 6.0.0 diff --git a/kubernetes/pnda/charts/dcae-pnda-mirror/requirements.yaml b/kubernetes/pnda/charts/dcae-pnda-mirror/requirements.yaml deleted file mode 100644 index 9f6d817592..0000000000 --- a/kubernetes/pnda/charts/dcae-pnda-mirror/requirements.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# ================================================================================ -# Copyright (c) 2018 Cisco Systems. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -dependencies: - - name: common - version: ~6.x-0 - repository: '@local' diff --git a/kubernetes/pnda/charts/dcae-pnda-mirror/templates/deployment.yaml b/kubernetes/pnda/charts/dcae-pnda-mirror/templates/deployment.yaml deleted file mode 100644 index c328644122..0000000000 --- a/kubernetes/pnda/charts/dcae-pnda-mirror/templates/deployment.yaml +++ /dev/null @@ -1,54 +0,0 @@ -# ================================================================================ -# Copyright (c) 2018 Cisco Systems. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: 1 - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - containers: - - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} diff --git a/kubernetes/pnda/charts/dcae-pnda-mirror/templates/service.yaml b/kubernetes/pnda/charts/dcae-pnda-mirror/templates/service.yaml deleted file mode 100644 index e3308184fa..0000000000 --- a/kubernetes/pnda/charts/dcae-pnda-mirror/templates/service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# ================================================================================ -# Copyright (c) 2018 Cisco Systems. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/pnda/charts/dcae-pnda-mirror/values.yaml b/kubernetes/pnda/charts/dcae-pnda-mirror/values.yaml deleted file mode 100644 index b9d6cb9234..0000000000 --- a/kubernetes/pnda/charts/dcae-pnda-mirror/values.yaml +++ /dev/null @@ -1,75 +0,0 @@ -# ================================================================================ -# Copyright (c) 2018 Cisco Systems. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefixExt: 304 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - persistence: {} - -################################################################# -# Application configuration defaults. -################################################################# -# application image - -repository: pndareg.ctao6.net -image: onap/org.onap.dcaegen2.deployments.pnda-mirror-container:6.0.0 -pullPolicy: Always - -# application configuration -# Example: -config: {} - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 15 - periodSeconds: 10 - -service: - type: NodePort - portName: dcae-pnda-mirror - nodePort: "00" - externalPort: 80 - internalPort: 80 - -## Persist data to a persitent volume -persistence: - enabled: false - -ingress: - enabled: false - -resources: {} diff --git a/kubernetes/pnda/requirements.yaml b/kubernetes/pnda/requirements.yaml deleted file mode 100644 index 9f6d817592..0000000000 --- a/kubernetes/pnda/requirements.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# ================================================================================ -# Copyright (c) 2018 Cisco Systems. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -dependencies: - - name: common - version: ~6.x-0 - repository: '@local' diff --git a/kubernetes/policy/.helmignore b/kubernetes/policy/.helmignore index f0c1319444..7ddbad7ef4 100644..100755 --- a/kubernetes/policy/.helmignore +++ b/kubernetes/policy/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +components/ diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml index f98bcd6fdd..57dd77ec37 100644..100755 --- a/kubernetes/policy/Chart.yaml +++ b/kubernetes/policy/Chart.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018, 2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,6 +14,6 @@ # limitations under the License. apiVersion: v1 -description: ONAP Policy Administration Point +description: ONAP Policy name: policy version: 6.0.0 diff --git a/kubernetes/policy/Makefile b/kubernetes/policy/Makefile new file mode 100755 index 0000000000..4c79718d02 --- /dev/null +++ b/kubernetes/policy/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw-tweaks.sh b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw-tweaks.sh deleted file mode 100644 index d7b27a071c..0000000000 --- a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw-tweaks.sh +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#! /bin/bash - -PROPS_BUILD="${POLICY_HOME}/etc/build.info" - -PROPS_RUNTIME="${POLICY_HOME}/servers/brmsgw/config.properties" -PROPS_INSTALL="${POLICY_HOME}/install/servers/brmsgw/config.properties" - - -if [ ! -f "${PROPS_BUILD}" ]; then - echo "error: version information does not exist: ${PROPS_BUILD}" - exit 1 -fi - -source "${POLICY_HOME}/etc/build.info" - -if [ -z "${version}" ]; then - echo "error: no version information present" - exit 1 -fi - -for CONFIG in ${PROPS_RUNTIME} ${PROPS_INSTALL}; do - if [ ! -f "${CONFIG}" ]; then - echo "warning: configuration does not exist: ${CONFIG}" - else - sed -i -e "s/brms.dependency.version=.*/brms.dependency.version=${version}/g" "${CONFIG}" - fi -done diff --git a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf deleted file mode 100644 index a0e5d1ec87..0000000000 --- a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf +++ /dev/null @@ -1,67 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# BRMSpep component installation configuration parameters -BRMSGW_JMX_PORT=9989 - -COMPONENT_X_MX_MB=1024 -COMPONENT_X_MS_MB=1024 - -REST_PAP_URL=https://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/ -REST_PDP_ID=https://{{ .Values.global.pdp.nameOverride }}:{{.Values.config.pdpPort}}/pdp/ - -PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID} -PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD} -PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID} -PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD} - -M2_HOME=/usr/share/java/maven-3 -snapshotRepositoryID=policy-nexus-snapshots -snapshotRepositoryName=Snapshots -snapshotRepositoryURL=http://{{ .Values.global.nexus.nameOverride }}:{{.Values.config.nexusPort}}/nexus/content/repositories/snapshots -releaseRepositoryID=policy-nexus-releases -releaseRepositoryName=Releases -releaseRepositoryURL=http://{{ .Values.global.nexus.nameOverride }}:{{.Values.config.nexusPort}}/nexus/content/repositories/releases -repositoryUsername=${REPOSITORY_USERNAME} -repositoryPassword=${REPOSITORY_PASSWORD} -UEB_URL=message-router -UEB_TOPIC=PDPD-CONFIGURATION -UEB_API_KEY= -UEB_API_SECRET= - -groupID=org.onap.policy-engine -artifactID=drlPDPGroup -AMSTERDAM_GROUP_ID=org.onap.policy-engine.drools.amsterdam -AMSTERDAM_ARTIFACT_ID=policy-amsterdam-rules - -# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase -resource_name=brmsgw_1 -node_type=brms_gateway - -#Environment should be Set either DEV, TEST or PROD -ENVIRONMENT=TEST - -#Notification Properties... type can be either websocket, ueb, or dmaap -BRMS_NOTIFICATION_TYPE=websocket -BRMS_UEB_URL=message-router -BRMS_UEB_TOPIC=PDPD-CONFIGURATION -BRMS_UEB_DELAY= -BRMS_CLIENT_ID=python -BRMS_CLIENT_KEY=dGVzdA== -BRMS_UEB_API_KEY= -BRMS_UEB_API_SECRET= - -#Dependency.json file version -BRMS_DEPENDENCY_VERSION=1.6.4 -BRMS_MODELS_DEPENDENCY_VERSION=2.2.6 diff --git a/kubernetes/policy/charts/brmsgw/templates/NOTES.txt b/kubernetes/policy/charts/brmsgw/templates/NOTES.txt deleted file mode 100644 index fa0aa7d258..0000000000 --- a/kubernetes/policy/charts/brmsgw/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/policy/charts/brmsgw/templates/configmap.yaml b/kubernetes/policy/charts/brmsgw/templates/configmap.yaml deleted file mode 100644 index 9e515917a0..0000000000 --- a/kubernetes/policy/charts/brmsgw/templates/configmap.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-pe-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }} - diff --git a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml deleted file mode 100644 index 7dd96926ce..0000000000 --- a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml +++ /dev/null @@ -1,174 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - command: - - sh - args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done" - env: - - name: JDBC_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - - name: JDBC_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - - name: PDP_HTTP_USER_ID - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }} - - name: PDP_HTTP_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }} - - name: PDP_PAP_PDP_HTTP_USER_ID - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }} - - name: PDP_PAP_PDP_HTTP_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }} - - name: REPOSITORY_USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }} - - name: REPOSITORY_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }} - volumeMounts: - - mountPath: /config-input/pe - name: pe-input - - mountPath: /config-input/pe-brmsgw - name: pe-brmsgw-input - - mountPath: /config/pe - name: pe - - mountPath: /config/pe-brmsgw - name: pe-brmsgw - image: "{{ .Values.global.envsubstImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config - - command: - - /root/ready.py - args: - - --container-name - - {{ .Values.global.pap.nameOverride }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - containers: - - command: - - /bin/bash - - ./do-start.sh - - brmsgw - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: JDBC_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - - name: JDBC_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - - name: PDP_HTTP_USER_ID - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }} - - name: PDP_HTTP_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }} - - name: PDP_PAP_PDP_HTTP_USER_ID - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }} - - name: PDP_PAP_PDP_HTTP_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }} - - name: REPOSITORY_USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }} - - name: REPOSITORY_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }} - ports: - - containerPort: {{ .Values.service.externalPort }} - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.externalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{- end }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.externalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /tmp/policy-install/config/brmsgw-tweaks.sh - name: pe-brmsgw - subPath: brmsgw-tweaks.sh - - mountPath: /tmp/policy-install/config/brmsgw.conf - name: pe-brmsgw - subPath: brmsgw.conf - - mountPath: /tmp/policy-install/config/base.conf - name: pe - subPath: base.conf - - mountPath: /tmp/policy-install/do-start.sh - name: pe-scripts - subPath: do-start.sh - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: pe-input - configMap: - name: {{ include "common.release" . }}-pe-configmap - defaultMode: 0755 - - name: pe-scripts - configMap: - name: {{ include "common.release" . }}-pe-scripts-configmap - defaultMode: 0777 - - name: pe-brmsgw-input - configMap: - name: {{ include "common.fullname" . }}-pe-configmap - defaultMode: 0755 - - name: pe - emptyDir: - medium: Memory - - name: pe-brmsgw - emptyDir: - medium: Memory - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/brmsgw/values.yaml b/kubernetes/policy/charts/brmsgw/values.yaml deleted file mode 100644 index 70a2e3e855..0000000000 --- a/kubernetes/policy/charts/brmsgw/values.yaml +++ /dev/null @@ -1,133 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2020 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - envsubstImage: dibi/envsubst - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: db-secret - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' - login: '{{ .Values.db.user }}' - password: '{{ .Values.db.password }}' - passwordPolicy: required - - uid: pdp-http-creds - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}' - login: '{{ .Values.pdp.pdphttpuserid }}' - password: '{{ .Values.pdp.pdphttppassword }}' - passwordPolicy: required - - uid: pap-http-creds - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}' - login: '{{ .Values.pap.pdppappdphttpuserid }}' - password: '{{ .Values.pap.pdppappdphttppassword }}' - passwordPolicy: required - - uid: nexus-creds - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.nexus.nexusCredsExternalSecret) . }}' - login: '{{ .Values.nexus.repositoryUsername }}' - password: '{{ .Values.nexus.repositoryPassword }}' - passwordPolicy: required - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.6.4 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -config: - papPort: 9091 - pdpPort: 8081 - nexusPort: 8081 - -db: - user: policy_user - password: policy_user -pdp: - pdphttpuserid: testpdp - pdphttppassword: alpha123 -pap: - pdppappdphttpuserid: testpap - pdppappdphttppassword: alpha123 -nexus: - repositoryUsername: admin - repositoryPassword: admin123 - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: false - -readiness: - initialDelaySeconds: 30 - periodSeconds: 10 - -service: - type: ClusterIP - name: brmsgw - portName: brmsgw - externalPort: 9989 - internalPort: 9989 - nodePort: 16 - - -ingress: - enabled: false - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 1 - memory: 2Gi - requests: - cpu: 10m - memory: 0.5Gi - large: - limits: - cpu: 2 - memory: 4Gi - requests: - cpu: 20m - memory: 1Gi - unlimited: {} diff --git a/kubernetes/policy/charts/drools/charts/nexus/templates/NOTES.txt b/kubernetes/policy/charts/drools/charts/nexus/templates/NOTES.txt deleted file mode 100644 index 5d0107eb99..0000000000 --- a/kubernetes/policy/charts/drools/charts/nexus/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/policy/charts/drools/resources/configmaps/feature-healthcheck.properties b/kubernetes/policy/charts/drools/resources/configmaps/feature-healthcheck.properties deleted file mode 100644 index 189248ffb3..0000000000 --- a/kubernetes/policy/charts/drools/resources/configmaps/feature-healthcheck.properties +++ /dev/null @@ -1,47 +0,0 @@ -### -# ============LICENSE_START======================================================= -# feature-healthcheck -# ================================================================================ -# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -### - -http.server.services=HEALTHCHECK -http.server.services.HEALTHCHECK.host=0.0.0.0 -http.server.services.HEALTHCHECK.port=6969 -http.server.services.HEALTHCHECK.restClasses=org.onap.policy.drools.healthcheck.RestHealthCheck -http.server.services.HEALTHCHECK.managed=false -http.server.services.HEALTHCHECK.swagger=true -http.server.services.HEALTHCHECK.userName=${envd:HEALTHCHECK_USER} -http.server.services.HEALTHCHECK.password=${envd:HEALTHCHECK_PASSWORD} -http.server.services.HEALTHCHECK.https=true -http.server.services.HEALTHCHECK.aaf=${envd:AAF:false} -http.server.services.HEALTHCHECK.serialization.provider=org.onap.policy.common.gson.JacksonHandler,org.onap.policy.common.endpoints.http.server.YamlJacksonHandler - -http.client.services=PAP - -http.client.services.PAP.host={{ .Values.global.pap.nameOverride }} -http.client.services.PAP.port=9091 -http.client.services.PAP.contextUriPath=pap/test -http.client.services.PAP.https=true -http.client.services.PAP.userName=${envd:PAP_LEGACY_USERNAME} -http.client.services.PAP.password=${envd:PAP_LEGACY_PASSWORD} - -http.client.services.PDP.host={{ .Values.global.pdp.nameOverride }} -http.client.services.PDP.port=8081 -http.client.services.PDP.contextUriPath=pdp/test -http.client.services.PDP.https=true -http.client.services.PDP.userName=${envd:PDP_LEGACY_USERNAME} -http.client.services.PDP.password=${envd:PDP_LEGACY_PASSWORD} diff --git a/kubernetes/policy/charts/pap/templates/NOTES.txt b/kubernetes/policy/charts/pap/templates/NOTES.txt deleted file mode 100644 index 170b03e6db..0000000000 --- a/kubernetes/policy/charts/pap/templates/NOTES.txt +++ /dev/null @@ -1,37 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2019 Nordix Foundation. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/policy/charts/pdp/resources/config/log/xacml-pdp-rest/logback.xml b/kubernetes/policy/charts/pdp/resources/config/log/xacml-pdp-rest/logback.xml deleted file mode 100644 index daa4112e51..0000000000 --- a/kubernetes/policy/charts/pdp/resources/config/log/xacml-pdp-rest/logback.xml +++ /dev/null @@ -1,150 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. ---> - -<configuration scan="true" scanPeriod="3 seconds" debug="true"> - <!--<jmxConfigurator /> --> - <!-- specify the base path of the log directory --> - <property name="logDir" value="/var/log/onap" /> - <!-- specify the component name --> - <property name="componentName" value="policy" /> - <!-- specify the sub component name --> - <property name="subComponentName" value="xacml-pdp-rest" /> - <!-- The directories where logs are written --> - <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> - <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" /> - <!-- log file names --> - <property name="errorLogName" value="error" /> - <property name="metricsLogName" value="metrics" /> - <property name="auditLogName" value="audit" /> - <property name="debugLogName" value="debug" /> - <property name="queueSize" value="256" /> - <property name="maxFileSize" value="50MB" /> - <property name="maxHistory" value="30" /> - <property name="totalSizeCap" value="10GB" /> - <!-- Example evaluator filter applied against console appender --> - <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <!-- ============================================================================ --> - <!-- EELF Appenders --> - <!-- ============================================================================ --> - <!-- The EELFAppender is used to record events to the general application - log --> - <!-- EELF Audit Appender. This appender is used to record audit engine - related logging events. The audit logger and appender are specializations - of the EELF application root logger and appender. This can be used to segregate - Policy engine events from other components, or it can be eliminated to record - these events as part of the application root log. --> - <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${auditLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFAudit" /> - </appender> - <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${metricsLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - - %msg%n"</pattern> --> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFMetrics" /> - </appender> - <appender name="EELFError" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${errorLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - <level>INFO</level> - </filter> - </appender> - <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFError" /> - </appender> - <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${debugLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFDebug" /> - <includeCallerData>true</includeCallerData> - </appender> - <!-- ============================================================================ --> - <!-- EELF loggers --> - <!-- ============================================================================ --> - <logger name="com.att.eelf.audit" level="info" additivity="false"> - <appender-ref ref="asyncEELFAudit" /> - </logger> - <logger name="com.att.eelf.metrics" level="info" additivity="false"> - <appender-ref ref="asyncEELFMetrics" /> - </logger> - <logger name="com.att.eelf.error" level="info" additivity="false"> - <appender-ref ref="asyncEELFError" /> - </logger> - <logger name="com.att.eelf.debug" level="debug" additivity="false"> - <appender-ref ref="asyncEELFDebug" /> - </logger> - <root level="INFO"> - <appender-ref ref="asyncEELFDebug" /> - </root> -</configuration> diff --git a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf b/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf deleted file mode 100644 index bb12880ca7..0000000000 --- a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf +++ /dev/null @@ -1,70 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# pdp component installation configuration parameters - -# tomcat specific parameters - -TOMCAT_JMX_PORT=9991 -TOMCAT_SHUTDOWN_PORT=8087 -SSL_HTTP_CONNECTOR_PORT=8081 -SSL_AJP_CONNECTOR_PORT=8381 -SSL_AJP_CONNECTOR_REDIRECT_PORT=8443 - -TOMCAT_X_MS_MB=1024 -TOMCAT_X_MX_MB=1024 - -# pdp properties - -UEB_CLUSTER=message-router - -REST_PAP_URL=https://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/ -REST_PDP_ID=https://${{"{{"}}FQDN{{"}}"}}:{{.Values.service.externalPort}}/pdp/ -REST_PDP_CONFIG=/opt/app/policy/servers/pdp/bin/config -REST_PDP_WEBAPPS=/opt/app/policy/servers/pdp/webapps -REST_PDP_REGISTER=true -REST_PDP_REGISTER_SLEEP=15 -REST_PDP_REGISTER_RETRIES=-1 -REST_PDP_MAXCONTENT=999999999 - -# PDP related properties -PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID} -PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD} -PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID} -PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD} - -node_type=pdp_xacml -resource_name=pdp_1 -dependency_groups=brmsgw_1 -test_via_jmx=true - -# -# Notification Properties -# Notification type: websocket, ueb or dmaap... if left blank websocket is the default -PDP_NOTIFICATION_TYPE=websocket -PDP_UEB_CLUSTER= -PDP_UEB_TOPIC= -PDP_UEB_DELAY= -PDP_UEB_API_KEY= -PDP_UEB_API_SECRET= -PDP_DMAAP_AAF_LOGIN= -PDP_DMAAP_AAF_PASSWORD= - -#AAF Policy Name space -#Required only, when we use AAF -POLICY_AAF_NAMESPACE= -POLICY_AAF_RESOURCE= - -# Indeterminate resolution -DECISION_INDETERMINATE_RESPONSE=PERMIT diff --git a/kubernetes/policy/charts/pdp/resources/config/pe/pdplp.conf b/kubernetes/policy/charts/pdp/resources/config/pe/pdplp.conf deleted file mode 100644 index e7171c280e..0000000000 --- a/kubernetes/policy/charts/pdp/resources/config/pe/pdplp.conf +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# JVM specific parameters -LOGPARSER_JMX_PORT=9997 -LOGPARSER_X_MS_MB=1024 -LOGPARSER_X_MX_MB=1024 - -SERVER=https://{{ include "common.servicename" . }}:{{.Values.service.externalPort}}/pdp/ -LOGPATH=/var/log/onap/policy/pdpx/pdp-rest.log -PARSERLOGPATH=/opt/app/policy/servers/pdplp/bin/IntegrityMonitor.log - -node_type=logparser -# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase -resource_name=pdplp_1 diff --git a/kubernetes/policy/charts/pdp/templates/NOTES.txt b/kubernetes/policy/charts/pdp/templates/NOTES.txt deleted file mode 100644 index 868bb33d2b..0000000000 --- a/kubernetes/policy/charts/pdp/templates/NOTES.txt +++ /dev/null @@ -1,34 +0,0 @@ - -# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/policy/charts/pdp/templates/service.yaml b/kubernetes/policy/charts/pdp/templates/service.yaml deleted file mode 100644 index 864676ad6f..0000000000 --- a/kubernetes/policy/charts/pdp/templates/service.yaml +++ /dev/null @@ -1,53 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "{{ include "common.servicename" . }}", - "version": "v1", - "url": "/pdp", - "protocol": "REST", - "port": "{{ .Values.service.externalPort }}", - "visualRange":"1" - }, - ]' -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - sessionAffinity: None - clusterIP: None diff --git a/kubernetes/policy/charts/pdp/templates/statefulset.yaml b/kubernetes/policy/charts/pdp/templates/statefulset.yaml deleted file mode 100644 index 7e99b1bac0..0000000000 --- a/kubernetes/policy/charts/pdp/templates/statefulset.yaml +++ /dev/null @@ -1,184 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - serviceName: {{ include "common.servicename" . }} - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - command: - - sh - args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done" - env: - - name: JDBC_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - - name: JDBC_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - - name: PDP_HTTP_USER_ID - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }} - - name: PDP_HTTP_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }} - - name: PDP_PAP_PDP_HTTP_USER_ID - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }} - - name: PDP_PAP_PDP_HTTP_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }} - volumeMounts: - - mountPath: /config-input/pe - name: pe-input - - mountPath: /config-input/pe-pdp - name: pe-pdp-input - - mountPath: /config/pe - name: pe - - mountPath: /config/pe-pdp - name: pe-pdp - image: "{{ .Values.global.envsubstImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config - - command: - - /root/ready.py - args: - - --container-name - - {{ .Values.global.pap.nameOverride }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - containers: - - command: - - /bin/bash - - ./do-start.sh - - pdp - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: JDBC_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - - name: JDBC_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - resources: -{{ include "common.resources" . | indent 12 }} - ports: - - containerPort: {{ .Values.service.externalPort }} - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.externalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{- end }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.externalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /tmp/policy-install/config/base.conf - name: pe - subPath: base.conf - - mountPath: /tmp/policy-install/config/pdp-tweaks.sh - name: pe-pdp-input - subPath: pdp-tweaks.sh - - mountPath: /tmp/policy-install/config/pdplp.conf - name: pe-pdp - subPath: pdplp.conf - - mountPath: /tmp/policy-install/config/pdp.conf - name: pe-pdp - subPath: pdp.conf - - mountPath: /tmp/policy-install/do-start.sh - name: pe-scripts - subPath: do-start.sh - - mountPath: /var/log/onap - name: policy-logs - - mountPath: /tmp/logback.xml - name: policy-logback - subPath: logback.xml - lifecycle: - postStart: - exec: - command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/opt/app/policy/servers/pdp/webapps/pdp/WEB-INF/classes/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] - - image: {{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: filebeat-onap - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - name: filebeat-conf - subPath: filebeat.yml - - mountPath: /var/log/onap - name: policy-logs - - mountPath: /usr/share/filebeat/data - name: policy-data-filebeat - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: filebeat-conf - configMap: - name: {{ include "common.release" . }}-filebeat-configmap - - name: policy-logs - emptyDir: {} - - name: policy-data-filebeat - emptyDir: {} - - name: policy-logback - configMap: - name: {{ include "common.fullname" . }}-log-configmap - - name: pe-input - configMap: - name: {{ include "common.release" . }}-pe-configmap - defaultMode: 0755 - - name: pe-scripts - configMap: - name: {{ include "common.release" . }}-pe-scripts-configmap - defaultMode: 0777 - - name: pe-pdp-input - configMap: - name: {{ include "common.fullname" . }}-pe-configmap - defaultMode: 0755 - - name: pe - emptyDir: - medium: Memory - - name: pe-pdp - emptyDir: - medium: Memory - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/pdp/values.yaml b/kubernetes/policy/charts/pdp/values.yaml deleted file mode 100644 index 8921eabf81..0000000000 --- a/kubernetes/policy/charts/pdp/values.yaml +++ /dev/null @@ -1,122 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018,2019 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: db-secret - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' - login: '{{ .Values.db.user }}' - password: '{{ .Values.db.password }}' - passwordPolicy: required - - uid: pdp-http-creds - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}' - login: '{{ .Values.pdp.pdphttpuserid }}' - password: '{{ .Values.pdp.pdphttppassword }}' - passwordPolicy: required - - uid: pap-http-creds - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}' - login: '{{ .Values.pap.pdppappdphttpuserid }}' - password: '{{ .Values.pap.pdppappdphttppassword }}' - passwordPolicy: required - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.6.4 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration - -db: - user: policy_user - password: policy_user -pdp: - pdphttpuserid: testpdp - pdphttppassword: alpha123 -pap: - pdppappdphttpuserid: testpap - pdppappdphttppassword: alpha123 - -config: - papPort: 9091 - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: ClusterIP - name: pdp - portName: pdp - internalPort: 8081 - externalPort: 8081 - -ingress: - enabled: false - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 1 - memory: 4Gi - requests: - cpu: 10m - memory: 1Gi - large: - limits: - cpu: 2 - memory: 8Gi - requests: - cpu: 20m - memory: 2Gi - unlimited: {} diff --git a/kubernetes/policy/charts/policy-apex-pdp/templates/secrets.yaml b/kubernetes/policy/charts/policy-apex-pdp/templates/secrets.yaml deleted file mode 100644 index bd7eb8ea40..0000000000 --- a/kubernetes/policy/charts/policy-apex-pdp/templates/secrets.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/charts/policy-api/templates/secrets.yaml b/kubernetes/policy/charts/policy-api/templates/secrets.yaml deleted file mode 100644 index bd7eb8ea40..0000000000 --- a/kubernetes/policy/charts/policy-api/templates/secrets.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/charts/policy-common/Chart.yaml b/kubernetes/policy/charts/policy-common/Chart.yaml deleted file mode 100644 index 0af8e01b51..0000000000 --- a/kubernetes/policy/charts/policy-common/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Policy Common -name: policy-common -version: 6.0.0 diff --git a/kubernetes/policy/charts/policy-common/requirements.yaml b/kubernetes/policy/charts/policy-common/requirements.yaml deleted file mode 100644 index d3c442d32e..0000000000 --- a/kubernetes/policy/charts/policy-common/requirements.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local' diff --git a/kubernetes/policy/charts/policy-common/resources/config/log/filebeat/filebeat.yml b/kubernetes/policy/charts/policy-common/resources/config/log/filebeat/filebeat.yml deleted file mode 100644 index 258b654f6f..0000000000 --- a/kubernetes/policy/charts/policy-common/resources/config/log/filebeat/filebeat.yml +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -filebeat.prospectors: -#it is mandatory, in our case it's log -- input_type: log - #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. - paths: - - /var/log/onap/*/*/*/*.log - - /var/log/onap/*/*/*.log - - /var/log/onap/*/*.log - #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive - ignore_older: 48h - # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit - clean_inactive: 96h - - -# Name of the registry file. If a relative path is used, it is considered relative to the -# data path. Else full qualified file name. -#filebeat.registry_file: ${path.data}/registry - - -output.logstash: - #List of logstash server ip addresses with port number. - #But, in our case, this will be the loadbalancer IP address. - #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. - hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"] - #If enable will do load balancing among availabe Logstash, automatically. - loadbalance: true - - #The list of root certificates for server verifications. - #If certificate_authorities is empty or not set, the trusted - #certificate authorities of the host system are used. - #ssl.certificate_authorities: $ssl.certificate_authorities - - #The path to the certificate for SSL client authentication. If the certificate is not specified, - #client authentication is not available. - #ssl.certificate: $ssl.certificate - - #The client certificate key used for client authentication. - #ssl.key: $ssl.key - - #The passphrase used to decrypt an encrypted key stored in the configured key file - #ssl.key_passphrase: $ssl.key_passphrase diff --git a/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf b/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf deleted file mode 100644 index 810b090069..0000000000 --- a/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf +++ /dev/null @@ -1,44 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -JAVA_HOME=/usr/local/openjdk-11 -POLICY_HOME=/opt/app/policy -POLICY_LOGS=/var/log/onap -KEYSTORE_PASSWD=Pol1cy_0nap -TRUSTSTORE_PASSWD=Pol1cy_0nap - -JDBC_DRIVER=org.mariadb.jdbc.Driver -JDBC_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/onap_sdk?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30 -JDBC_LOG_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/log?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30 - -JDBC_USER=${JDBC_USER} -JDBC_PASSWORD=${JDBC_PASSWORD} - -site_name=site_1 -fp_monitor_interval=30 -failed_counter_threshold=3 -test_trans_interval=20 -write_fpc_interval=5 -max_fpc_update_interval=60 -test_via_jmx=false -jmx_fqdn= - -AAF_NAMESPACE=org.onap.policy -AAF_HOST=aaf-locate.{{.Release.Namespace}} - -ENVIRONMENT=TEST - -#Micro Service Model Properties -policy_msOnapName= -policy_msPolicyName= diff --git a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh b/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh deleted file mode 100644 index ee427af678..0000000000 --- a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh +++ /dev/null @@ -1,100 +0,0 @@ -#!/bin/bash - -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# Modifications Copyright © 2020 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -# Script to configure and start the Policy components that are to run in the designated container, -# It is intended to be used as the entrypoint in the Dockerfile, so the last statement of the -# script just goes into a long sleep so that the script does not exit (which would cause the -# container to be torn down). - -container=$1 - -case $container in -pap) - comps="base pap paplp console mysql elk" - ;; -pdp) - comps="base pdp pdplp" - ;; -brmsgw) - comps="base brmsgw" - ;; -*) - echo "Usage: do-start.sh pap|pdp|brmsgw" >&2 - exit 1 -esac - - -# skip installation if build.info file is present (restarting an existing container) -if [[ -f /opt/app/policy/etc/build.info ]]; then - echo "Found existing installation, will not reinstall" - . /opt/app/policy/etc/profile.d/env.sh - -else - if [[ -d config ]]; then - cp config/*.conf . - fi - - for comp in $comps; do - echo "Installing component: $comp" - ./docker-install.sh --install $comp - done - for comp in $comps; do - echo "Configuring component: $comp" - ./docker-install.sh --configure $comp - done - - . /opt/app/policy/etc/profile.d/env.sh - - # install keystore - # override the policy keystore and truststore if present - if [[ -f config/policy-keystore ]]; then - cp config/policy-keystore $POLICY_HOME/etc/ssl - fi - - if [[ -f config/policy-truststore ]]; then - cp -f config/policy-truststore $POLICY_HOME/etc/ssl - fi - - if [[ -f config/$container-tweaks.sh ]] ; then - # file may not be executable; running it as an - # argument to bash avoids needing execute perms. - bash config/$container-tweaks.sh - fi - - if [[ $container == pap ]]; then - # wait for DB up - # now that DB is up, invoke database upgrade - # (which does nothing if the db is already up-to-date) - if [[ -v JDBC_USER ]]; then - dbuser=${JDBC_USER}; - else - dbuser=$(echo $(grep '^JDBC_USER=' base.conf | cut -f2 -d=)) - fi - - if [[ -v JDBC_PASSWORD ]]; then - dbpw=${JDBC_PASSWORD} - else - dbpw=$(echo $(grep '^JDBC_PASSWORD=' base.conf | cut -f2 -d=)) - fi - db_upgrade_remote.sh $dbuser $dbpw {{.Values.global.mariadb.service.name}} - fi - -fi - -policy.sh start -sleep 1000d diff --git a/kubernetes/policy/charts/policy-common/templates/NOTES.txt b/kubernetes/policy/charts/policy-common/templates/NOTES.txt deleted file mode 100644 index fa0aa7d258..0000000000 --- a/kubernetes/policy/charts/policy-common/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/policy/charts/policy-common/templates/configmap.yaml b/kubernetes/policy/charts/policy-common/templates/configmap.yaml deleted file mode 100644 index 4aed50976c..0000000000 --- a/kubernetes/policy/charts/policy-common/templates/configmap.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.release" . }}-pe-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.release" . }}-pe-scripts-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/scripts/do-start.sh").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.release" . }}-filebeat-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/charts/policy-common/values.yaml b/kubernetes/policy/charts/policy-common/values.yaml deleted file mode 100644 index 57eacc56f0..0000000000 --- a/kubernetes/policy/charts/policy-common/values.yaml +++ /dev/null @@ -1,81 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -config: - logstashServiceName: log-ls - logstashPort: 5044 - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: NodePort - name: <onap-app> - externalPort: <8080> - #Example internal target port if required - #internalPort: <80> - nodePort: <replace with unused node port suffix eg. 23> - -ingress: - enabled: false - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi diff --git a/kubernetes/policy/charts/policy-distribution/templates/NOTES.txt b/kubernetes/policy/charts/policy-distribution/templates/NOTES.txt deleted file mode 100644 index c882c3385e..0000000000 --- a/kubernetes/policy/charts/policy-distribution/templates/NOTES.txt +++ /dev/null @@ -1,37 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2018 Ericsson. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/policy/charts/policy-distribution/templates/secrets.yaml b/kubernetes/policy/charts/policy-distribution/templates/secrets.yaml deleted file mode 100644 index bd7eb8ea40..0000000000 --- a/kubernetes/policy/charts/policy-distribution/templates/secrets.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/charts/policy-xacml-pdp/requirements.yaml b/kubernetes/policy/charts/policy-xacml-pdp/requirements.yaml deleted file mode 100644 index f70a3630c3..0000000000 --- a/kubernetes/policy/charts/policy-xacml-pdp/requirements.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -dependencies: - - name: common - version: ~6.x-0 - repository: '@local' diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/secrets.yaml b/kubernetes/policy/charts/policy-xacml-pdp/templates/secrets.yaml deleted file mode 100644 index bd7eb8ea40..0000000000 --- a/kubernetes/policy/charts/policy-xacml-pdp/templates/secrets.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/components/Makefile b/kubernetes/policy/components/Makefile new file mode 100755 index 0000000000..bf267b7720 --- /dev/null +++ b/kubernetes/policy/components/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/policy/charts/policy-apex-pdp/Chart.yaml b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml index d63683ed62..d63683ed62 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/Chart.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml diff --git a/kubernetes/policy/charts/policy-apex-pdp/requirements.yaml b/kubernetes/policy/components/policy-apex-pdp/requirements.yaml index 95b3b6deac..86751eae3c 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/requirements.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/requirements.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,3 +21,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/policy/charts/policy-apex-pdp/resources/config/OnapPfConfig.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json index 767d1452cc..66a42f0171 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/resources/config/OnapPfConfig.json +++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json @@ -14,10 +14,6 @@ "description":"Pdp Heartbeat", "supportedPolicyTypes": [ { - "name": "onap.policies.controlloop.operational.Apex", - "version": "1.0.0" - }, - { "name": "onap.policies.native.Apex", "version": "1.0.0" }, @@ -32,6 +28,7 @@ "topic" : "POLICY-PDP-PAP", "servers" : [ "message-router" ], "useHttps" : true, + "fetchTimeout": 15000, "topicCommInfrastructure" : "dmaap" }], "topicSinks" : [{ diff --git a/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/config.json index 5df0a26596..d6bd17f65b 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json +++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/config.json @@ -1,3 +1,4 @@ +{{/* # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. # ================================================================================ @@ -15,6 +16,7 @@ # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +*/}} { "javaProperties" : [ ["javax.net.ssl.trustStore", "/opt/app/policy/apex-pdp/etc/ssl/policy-truststore"], diff --git a/kubernetes/policy/charts/policy-apex-pdp/resources/config/logback.xml b/kubernetes/policy/components/policy-apex-pdp/resources/config/logback.xml index 634176ea2c..83261220c9 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/resources/config/logback.xml +++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/logback.xml @@ -1,103 +1,103 @@ -<!--
- ============LICENSE_START=======================================================
- Copyright (C) 2020 Bell Canada. All rights reserved.
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- SPDX-License-Identifier: Apache-2.0
- ============LICENSE_END=========================================================
--->
-
-<configuration scan="true" scanPeriod="30 seconds" debug="false">
-
- <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/apex-pdp/error.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/apex-pdp/error.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>WARN</level>
- </filter>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="ErrorOut" />
- </appender>
-
- <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/apex-pdp/debug.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/apex-pdp/debug.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="DebugOut" />
- </appender>
-
- <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/apex-pdp/network.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/apex-pdp/network.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="NetworkOut" />
- </appender>
-
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="STDOUT" />
- </appender>
-
- <logger name="network" level="INFO" additivity="false">
- <appender-ref ref="AsyncNetworkOut" />
- <appender-ref ref="AsyncStdOut" />
- </logger>
-
- <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
- <appender-ref ref="AsyncNetworkOut" />
- <appender-ref ref="AsyncStdOut" />
- </logger>
-
- <root level="INFO">
- <appender-ref ref="AsyncDebugOut" />
- <appender-ref ref="AsyncErrorOut" />
- <appender-ref ref="AsyncStdOut" />
- </root>
-
+<!-- + ============LICENSE_START======================================================= + Copyright (C) 2020 Bell Canada. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/apex-pdp/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/apex-pdp/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/apex-pdp/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/apex-pdp/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/apex-pdp/network.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/apex-pdp/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncStdOut" /> + </root> + </configuration>
\ No newline at end of file diff --git a/kubernetes/policy/charts/policy-apex-pdp/templates/NOTES.txt b/kubernetes/policy/components/policy-apex-pdp/templates/NOTES.txt index c882c3385e..c882c3385e 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/templates/NOTES.txt +++ b/kubernetes/policy/components/policy-apex-pdp/templates/NOTES.txt diff --git a/kubernetes/policy/charts/policy-apex-pdp/templates/configmap.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/configmap.yaml index 23fd1b56d0..5e2caa989f 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/templates/configmap.yaml @@ -1,6 +1,8 @@ +{{/* # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. # Modifications Copyright (C) 2020 Nordix Foundation. +# Modifications Copyright (C) 2020 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,12 +18,18 @@ # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +*/}} apiVersion: v1 kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} {{- with .Files.Glob "resources/config/*store" }} binaryData: {{- range $path, $bytes := . }} diff --git a/kubernetes/policy/charts/pap/templates/secrets.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/secrets.yaml index bd7eb8ea40..34932b713d 100644..100755 --- a/kubernetes/policy/charts/pap/templates/secrets.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/policy/charts/policy-apex-pdp/templates/service.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml index adbd5ed986..e28331baca 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/templates/service.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. # ================================================================================ @@ -15,6 +16,7 @@ # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml index 71a7f3d39c..e9895c209b 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml @@ -1,5 +1,7 @@ +{{/* # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright (C) 2020 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,6 +17,7 @@ # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +*/}} apiVersion: apps/v1 kind: StatefulSet @@ -43,10 +46,12 @@ spec: - sh args: - -c - - "export TRUSTSTORE_PASSWORD_BASE64=`echo -n ${TRUSTSTORE_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - name: TRUSTSTORE_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 10 }} + - name: KEYSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 10 }} - name: RESTSERVER_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }} - name: RESTSERVER_PASSWORD @@ -59,14 +64,15 @@ spec: image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" - command: - - /opt/app/policy/apex-pdp/bin/apexOnapPf.sh - - -c - - /home/apexuser/config/OnapPfConfig.json imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["bash","-c"] + args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \ + source {{ .Values.certInitializer.credsPath }}/.ci; fi;\ + /opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"] ports: - containerPort: {{ .Values.service.externalPort }} {{- if eq .Values.liveness.enabled true }} @@ -84,7 +90,14 @@ spec: env: - name: REPLICAS value: "{{ .Values.replicaCount }}" +{{- if not .Values.global.aafEnabled }} + - name: KEYSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 12 }} +{{- end }} volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -93,7 +106,7 @@ spec: - mountPath: /home/apexuser/config name: apexconfig resources: -{{ include "common.resources" . | indent 12 }} +{{ include "common.resources" . }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} @@ -103,6 +116,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/policy/charts/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml index 35b2711b04..23788e2532 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml @@ -22,6 +22,9 @@ ################################################################# global: nodePortPrefix: 302 + readinessImage: onap/oom/readiness:3.0.1 + envsubstImage: dibi/envsubst + aafEnabled: true persistence: {} ################################################################# @@ -35,16 +38,21 @@ secrets: password: '{{ .Values.restServer.password }}' - uid: truststore-pass type: password - externalSecret: '{{ tpl (default "" .Values.truststore.passwordExternalSecret) . }}' - password: '{{ .Values.truststore.password }}' - policy: required + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required + - uid: keystore-pass + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-apex-pdp:2.4.0 +image: onap/policy-apex-pdp:2.4.4 pullPolicy: Always # flag to enable debugging - application support required @@ -57,6 +65,30 @@ restServer: password: zb!XztG34 truststore: password: Pol1cy_0nap +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap + +certInitializer: + nameOverride: policy-apex-pdp-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 101 + gid: 102 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh; + export $(/opt/app/aaf_config/bin/agent.sh local showpass + {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12"); + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWORD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); # default number of instances replicaCount: 1 @@ -89,8 +121,8 @@ ingress: enabled: false # Resource Limit flavor -By Default using small -flavor: small # Segregation for Different environment (Small and Large) +flavor: small resources: small: limits: diff --git a/kubernetes/policy/charts/policy-api/Chart.yaml b/kubernetes/policy/components/policy-api/Chart.yaml index 021263a1fc..676a647e9a 100644..100755 --- a/kubernetes/policy/charts/policy-api/Chart.yaml +++ b/kubernetes/policy/components/policy-api/Chart.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/policy/charts/policy-api/requirements.yaml b/kubernetes/policy/components/policy-api/requirements.yaml index f70a3630c3..c9502372be 100644..100755 --- a/kubernetes/policy/charts/policy-api/requirements.yaml +++ b/kubernetes/policy/components/policy-api/requirements.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,3 +20,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/policy/charts/policy-api/resources/config/config.json b/kubernetes/policy/components/policy-api/resources/config/config.json index fba7e6ce12..729eea87ff 100644..100755 --- a/kubernetes/policy/charts/policy-api/resources/config/config.json +++ b/kubernetes/policy/components/policy-api/resources/config/config.json @@ -1,3 +1,4 @@ +{{/* # ============LICENSE_START======================================================= # Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ @@ -15,6 +16,7 @@ # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +*/}} { "name":"ApiGroup", "restServerParameters":{ @@ -29,13 +31,13 @@ "name": "PolicyProviderParameterGroup", "implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl", "databaseDriver": "org.mariadb.jdbc.Driver", - "databaseUrl": "jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/policyadmin", + "databaseUrl": "jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin", "databaseUser": "${SQL_USER}", - "databasePassword": "${SQL_PASSWORD_BASE64}", + "databasePassword": "${SQL_PASSWORD}", "persistenceUnit": "PolicyMariaDb" }, "preloadPolicyTypes": [ - "policytypes/onap.policies.monitoring.cdap.tca.hi.lo.app.yaml", + "policytypes/onap.policies.monitoring.tcagen2.yaml", "policytypes/onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml", "policytypes/onap.policies.Optimization.yaml", "policytypes/onap.policies.optimization.Resource.yaml", @@ -53,9 +55,10 @@ "policytypes/onap.policies.controlloop.guard.common.Blacklist.yaml", "policytypes/onap.policies.controlloop.guard.common.FrequencyLimiter.yaml", "policytypes/onap.policies.controlloop.guard.common.MinMax.yaml", + "policytypes/onap.policies.controlloop.guard.common.Filter.yaml", "policytypes/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.yaml", - "policytypes/onap.policies.controlloop.Operational.yaml", "policytypes/onap.policies.Naming.yaml", + "policytypes/onap.policies.Match.yaml", "policytypes/onap.policies.native.Drools.yaml", "policytypes/onap.policies.native.Xacml.yaml", "policytypes/onap.policies.native.Apex.yaml", diff --git a/kubernetes/policy/charts/policy-api/resources/config/logback.xml b/kubernetes/policy/components/policy-api/resources/config/logback.xml index 4b73633f26..7298e4cc14 100644..100755 --- a/kubernetes/policy/charts/policy-api/resources/config/logback.xml +++ b/kubernetes/policy/components/policy-api/resources/config/logback.xml @@ -1,159 +1,159 @@ -<!--
- ============LICENSE_START=======================================================
- Copyright (C) 2020 Bell Canada. All rights reserved.
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- SPDX-License-Identifier: Apache-2.0
- ============LICENSE_END=========================================================
--->
-
-<configuration scan="true" scanPeriod="30 seconds" debug="false">
-
- <appender name="ErrorOut"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/api/error.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/api/error.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>WARN</level>
- </filter>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncErrorOut"
- class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="ErrorOut" />
- </appender>
-
- <appender name="DebugOut"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/api/debug.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/api/debug.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncDebugOut"
- class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="DebugOut" />
- </appender>
-
- <appender name="NetworkOut"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/api/network.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/api/network.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncNetworkOut"
- class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="NetworkOut" />
- </appender>
-
- <appender name="MetricOut"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/api/metric.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/api/metric.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncMetricOut"
- class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="MetricOut" />
- </appender>
-
- <appender name="TransactionOut"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/api/audit.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/api/audit.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncTransactionOut"
- class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="TransactionOut" />
- </appender>
-
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="STDOUT" />
- </appender>
-
- <logger name="network" level="INFO" additivity="false">
- <appender-ref ref="AsyncNetworkOut" />
- <appender-ref ref="AsyncStdOut" />
- </logger>
-
- <logger name="org.eclipse.jetty.server.RequestLog" level="info"
- additivity="false">
- <appender-ref ref="AsyncNetworkOut" />
- <appender-ref ref="AsyncStdOut" />
- </logger>
-
- <logger name="org.eclipse.jetty" level="ERROR" />
-
- <root level="INFO">
- <appender-ref ref="AsyncDebugOut" />
- <appender-ref ref="AsyncErrorOut" />
- <appender-ref ref="AsyncMetricOut" />
- <appender-ref ref="AsyncTransactionOut" />
- <appender-ref ref="AsyncStdOut" />
- </root>
-
-</configuration>
+<!-- + ============LICENSE_START======================================================= + Copyright (C) 2020 Bell Canada. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/api/error.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/api/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/api/debug.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/api/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/api/network.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/api/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="MetricOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/api/metric.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/api/metric.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncMetricOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="MetricOut" /> + </appender> + + <appender name="TransactionOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/api/audit.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/api/audit.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncTransactionOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="TransactionOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" + additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty" level="ERROR" /> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncMetricOut" /> + <appender-ref ref="AsyncTransactionOut" /> + <appender-ref ref="AsyncStdOut" /> + </root> + +</configuration> diff --git a/kubernetes/policy/charts/policy-api/templates/configmap.yaml b/kubernetes/policy/components/policy-api/templates/configmap.yaml index e2a3de7756..0c4e870481 100644..100755 --- a/kubernetes/policy/charts/policy-api/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-api/templates/configmap.yaml @@ -1,6 +1,8 @@ +{{/* # ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2018 Ericsson. All rights reserved. # Modifications Copyright (C) 2020 Nordix Foundation. +# Modified Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,12 +18,18 @@ # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +*/}} apiVersion: v1 kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} {{- with .Files.Glob "resources/config/*store" }} binaryData: {{- range $path, $bytes := . }} diff --git a/kubernetes/policy/charts/policy-api/templates/deployment.yaml b/kubernetes/policy/components/policy-api/templates/deployment.yaml index f8da461fb4..021b49dc6d 100644..100755 --- a/kubernetes/policy/charts/policy-api/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-api/templates/deployment.yaml @@ -21,25 +21,24 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py args: - - --container-name - - {{ include "common.release" . }}-galera-config + - --job-name + - {{ include "common.release" . }}-policy-galera-config env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - - command: - sh args: - -c - - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - name: SQL_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }} @@ -57,13 +56,24 @@ spec: image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config - +{{ include "common.certInitializer.initContainer" . | indent 8 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{- if .Values.global.aafEnabled }} + command: ["bash","-c"] + args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ + /opt/app/policy/api/bin/policy-api.sh /opt/app/policy/api/etc/mounted/config.json"] +{{- else }} command: ["/opt/app/policy/api/bin/policy-api.sh"] args: ["/opt/app/policy/api/etc/mounted/config.json"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} +{{- end }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -81,13 +91,14 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/app/policy/api/etc/mounted name: apiconfig-processed resources: -{{ include "common.resources" . | indent 12 }} +{{ include "common.resources" . }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} @@ -97,6 +108,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/policy/charts/pdp/templates/secrets.yaml b/kubernetes/policy/components/policy-api/templates/secrets.yaml index bd7eb8ea40..34932b713d 100644..100755 --- a/kubernetes/policy/charts/pdp/templates/secrets.yaml +++ b/kubernetes/policy/components/policy-api/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/policy/charts/policy-api/templates/service.yaml b/kubernetes/policy/components/policy-api/templates/service.yaml index fba02c84b9..a1b5585db6 100644..100755 --- a/kubernetes/policy/charts/policy-api/templates/service.yaml +++ b/kubernetes/policy/components/policy-api/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # ============LICENSE_START======================================================= # Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. # ================================================================================ @@ -15,6 +16,7 @@ # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/policy/charts/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml index 35700d9f9c..6f0a590f47 100644..100755 --- a/kubernetes/policy/charts/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@ -23,6 +23,8 @@ global: nodePortPrefix: 304 persistence: {} envsubstImage: dibi/envsubst + aafEnabled: true + readinessImage: onap/oom/readiness:3.0.1 ################################################################# # Secrets metaconfig @@ -40,13 +42,49 @@ secrets: login: '{{ .Values.restServer.user }}' password: '{{ .Values.restServer.password }}' passwordPolicy: required + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required + +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap + +certInitializer: + nameOverride: policy-api-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 100 + gid: 101 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh; + export $(/opt/app/aaf_config/bin/agent.sh local showpass + {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12"); + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); + ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-api:2.3.0 +image: onap/policy-api:2.3.3 pullPolicy: Always # flag to enable debugging - application support required @@ -56,6 +94,10 @@ debugEnabled: false db: user: policy_user password: policy_user + service: + name: policy-mariadb + internalPort: 3306 + restServer: user: healthcheck password: zb!XztG34 @@ -90,4 +132,21 @@ service: ingress: enabled: false -resources: {} +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} + diff --git a/kubernetes/policy/charts/policy-distribution/Chart.yaml b/kubernetes/policy/components/policy-distribution/Chart.yaml index db04d7cc6d..db04d7cc6d 100644..100755 --- a/kubernetes/policy/charts/policy-distribution/Chart.yaml +++ b/kubernetes/policy/components/policy-distribution/Chart.yaml diff --git a/kubernetes/policy/charts/policy-distribution/requirements.yaml b/kubernetes/policy/components/policy-distribution/requirements.yaml index 95b3b6deac..12ce3e0067 100644..100755 --- a/kubernetes/policy/charts/policy-distribution/requirements.yaml +++ b/kubernetes/policy/components/policy-distribution/requirements.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright (C) 2020 AT&T. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,3 +21,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/policy/charts/policy-distribution/resources/config/config.json b/kubernetes/policy/components/policy-distribution/resources/config/config.json index 9b9a7a5a93..ae31633843 100644..100755 --- a/kubernetes/policy/charts/policy-distribution/resources/config/config.json +++ b/kubernetes/policy/components/policy-distribution/resources/config/config.json @@ -1,3 +1,4 @@ +{{/* # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. # Modifications Copyright (C) 2020 AT&T Intellectual Property. @@ -16,6 +17,7 @@ # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +*/}} { "name":"SDCDistributionGroup", "restServerParameters":{ @@ -54,7 +56,7 @@ "parameters":{ "asdcAddress": "sdc-be:8443", "messageBusAddress": [ - "message-router" + "message-router.{{ include "common.namespace" . }}" ], "user": "${SDCBE_USER}", "password": "${SDCBE_PASSWORD}", diff --git a/kubernetes/policy/charts/policy-distribution/resources/config/logback.xml b/kubernetes/policy/components/policy-distribution/resources/config/logback.xml index 21dd0fca64..8d63217766 100644..100755 --- a/kubernetes/policy/charts/policy-distribution/resources/config/logback.xml +++ b/kubernetes/policy/components/policy-distribution/resources/config/logback.xml @@ -1,113 +1,113 @@ -<!--
- ============LICENSE_START=======================================================
- Copyright (C) 2020 Bell Canada. All rights reserved.
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- SPDX-License-Identifier: Apache-2.0
- ============LICENSE_END=========================================================
--->
-
-<configuration scan="true" scanPeriod="30 seconds" debug="false">
-
- <appender name="ErrorOut"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/distribution/error.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/distribution/error.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>WARN</level>
- </filter>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncErrorOut"
- class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="ErrorOut" />
- </appender>
-
- <appender name="DebugOut"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/distribution/debug.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/distribution/debug.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncDebugOut"
- class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="DebugOut" />
- </appender>
-
- <appender name="NetworkOut"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/distribution/network.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/distribution/network.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncNetworkOut"
- class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="NetworkOut" />
- </appender>
-
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="STDOUT" />
- </appender>
-
- <logger name="network" level="INFO" additivity="false">
- <appender-ref ref="AsyncNetworkOut" />
- <appender-ref ref="AsyncStdOut" />
- </logger>
-
- <logger name="org.eclipse.jetty.server.RequestLog" level="info"
- additivity="false">
- <appender-ref ref="AsyncNetworkOut" />
- <appender-ref ref="AsyncStdOut" />
- </logger>
-
- <root level="INFO">
- <appender-ref ref="AsyncDebugOut" />
- <appender-ref ref="AsyncErrorOut" />
- <appender-ref ref="AsyncStdOut" />
- </root>
-
+<!-- + ============LICENSE_START======================================================= + Copyright (C) 2020 Bell Canada. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/distribution/error.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/distribution/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/distribution/debug.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/distribution/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/distribution/network.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/distribution/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" + additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncStdOut" /> + </root> + </configuration>
\ No newline at end of file diff --git a/kubernetes/policy/charts/policy-distribution/templates/configmap.yaml b/kubernetes/policy/components/policy-distribution/templates/configmap.yaml index 23fd1b56d0..5e2caa989f 100644..100755 --- a/kubernetes/policy/charts/policy-distribution/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-distribution/templates/configmap.yaml @@ -1,6 +1,8 @@ +{{/* # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. # Modifications Copyright (C) 2020 Nordix Foundation. +# Modifications Copyright (C) 2020 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,12 +18,18 @@ # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +*/}} apiVersion: v1 kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} {{- with .Files.Glob "resources/config/*store" }} binaryData: {{- range $path, $bytes := . }} diff --git a/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml index 8301df1c78..8dd06e8924 100644..100755 --- a/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml @@ -1,3 +1,23 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2020 AT&T Intellectual Property. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + apiVersion: apps/v1 kind: Deployment metadata: @@ -50,12 +70,24 @@ spec: image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{- if .Values.global.aafEnabled }} + command: ["bash","-c"] + args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ + /opt/app/policy/distribution/bin/policy-dist.sh /opt/app/policy/distribution/etc/mounted/config.json"] +{{- else }} command: ["/opt/app/policy/distribution/bin/policy-dist.sh"] args: ["/opt/app/policy/distribution/etc/mounted/config.json"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} +{{- end }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -73,13 +105,14 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/app/policy/distribution/etc/mounted name: distributionconfig resources: -{{ include "common.resources" . | indent 12 }} +{{ include "common.resources" . }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} @@ -89,6 +122,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/secrets.yaml b/kubernetes/policy/components/policy-distribution/templates/secrets.yaml index bd7eb8ea40..34932b713d 100644..100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/templates/secrets.yaml +++ b/kubernetes/policy/components/policy-distribution/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/policy/charts/policy-distribution/templates/service.yaml b/kubernetes/policy/components/policy-distribution/templates/service.yaml index 9619d0c834..4b91692749 100644..100755 --- a/kubernetes/policy/charts/policy-distribution/templates/service.yaml +++ b/kubernetes/policy/components/policy-distribution/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. # Modifications Copyright (C) 2019 AT&T Intellectual Property. @@ -16,6 +17,7 @@ # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/policy/charts/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml index 5165b16962..4de0643354 100644..100755 --- a/kubernetes/policy/charts/policy-distribution/values.yaml +++ b/kubernetes/policy/components/policy-distribution/values.yaml @@ -45,6 +45,16 @@ secrets: login: '{{ .Values.sdcBe.user }}' password: '{{ .Values.sdcBe.password }}' passwordPolicy: required + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required ################################################################# # Global configuration defaults. @@ -52,13 +62,15 @@ secrets: global: persistence: {} envsubstImage: dibi/envsubst + aafEnabled: true + readinessImage: onap/oom/readiness:3.0.1 ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-distribution:2.4.0 +image: onap/policy-distribution:2.4.3 pullPolicy: Always # flag to enable debugging - application support required @@ -78,6 +90,30 @@ papParameters: sdcBe: user: policy password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap + +certInitializer: + nameOverride: policy-distribution-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 100 + gid: 101 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh; + export $(/opt/app/aaf_config/bin/agent.sh local showpass + {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12"); + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); # default number of instances replicaCount: 1 @@ -108,4 +144,20 @@ service: ingress: enabled: false -resources: {} +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} diff --git a/kubernetes/policy/components/policy-drools-pdp/Chart.yaml b/kubernetes/policy/components/policy-drools-pdp/Chart.yaml new file mode 100755 index 0000000000..22567af862 --- /dev/null +++ b/kubernetes/policy/components/policy-drools-pdp/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018, 2020 AT&T Intellectual Property +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Drools Policy Engine (PDP-D) +name: policy-drools-pdp +version: 6.0.0 diff --git a/kubernetes/policy/components/policy-drools-pdp/requirements.yaml b/kubernetes/policy/components/policy-drools-pdp/requirements.yaml new file mode 100755 index 0000000000..ca24480fc8 --- /dev/null +++ b/kubernetes/policy/components/policy-drools-pdp/requirements.yaml @@ -0,0 +1,22 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018, 2020 AT&T Intellectual Property +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/policy/charts/drools/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf index c996d13e27..ec8d119fa6 100644..100755 --- a/kubernetes/policy/charts/drools/resources/configmaps/base.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017-2018 Amdocs, Bell Canada. # Modifications Copyright (C) 2018-2020 AT&T Intellectual Property. # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} # JVM options @@ -30,14 +32,14 @@ TELEMETRY_HOST=0.0.0.0 # nexus repository SNAPSHOT_REPOSITORY_ID=policy-nexus-snapshots -SNAPSHOT_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/snapshots/ +SNAPSHOT_REPOSITORY_URL=http://{{.Values.nexus.name}}:{{.Values.nexus.port}}/nexus/content/repositories/snapshots/ RELEASE_REPOSITORY_ID=policy-nexus-releases -RELEASE_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/releases/ +RELEASE_REPOSITORY_URL=http://{{.Values.nexus.name}}:{{.Values.nexus.port}}/nexus/content/repositories/releases/ REPOSITORY_OFFLINE={{.Values.nexus.offline}} # Relational (SQL) DB access -SQL_HOST={{ .Values.global.mariadb.service.name }} +SQL_HOST={{ .Values.db.name }} # AAF @@ -57,6 +59,7 @@ PDPD_CONFIGURATION_PARTITION_KEY= POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP POLICY_PDP_PAP_GROUP=defaultGroup +POLICY_PDP_PAP_POLICYTYPES=onap.policies.controlloop.operational.common.Drools # Symmetric Key for encoded sensitive data diff --git a/kubernetes/policy/charts/drools/resources/configmaps/feature-pooling-dmaap.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf index 44d0bf18ce..761e8afef8 100644..100755 --- a/kubernetes/policy/charts/drools/resources/configmaps/feature-pooling-dmaap.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf @@ -1,3 +1,4 @@ +{{/* # Copyright 2018-2019 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada. # @@ -12,5 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} POOLING_TOPIC=POOLING diff --git a/kubernetes/policy/charts/drools/resources/configmaps/logback.xml b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml index 49a476cbf6..9cd92da7fa 100644..100755 --- a/kubernetes/policy/charts/drools/resources/configmaps/logback.xml +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml @@ -1,162 +1,162 @@ -<!--
- ============LICENSE_START=======================================================
- Copyright (C) 2020 Bell Canada. All rights reserved.
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- SPDX-License-Identifier: Apache-2.0
- ============LICENSE_END=========================================================
--->
-
-<configuration scan="true" scanPeriod="30 seconds" debug="false">
-
- <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/pdpd/error.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/pdpd/error.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>WARN</level>
- </filter>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="ErrorOut" />
- </appender>
-
- <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/pdpd/debug.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/pdpd/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="DebugOut" />
- </appender>
-
- <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/pdpd/network.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/pdpd/network.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="NetworkOut" />
- </appender>
-
- <appender name="MetricOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/pdpd/metric.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/pdpd/metric.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />
- <encoder>
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncMetricOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="MetricOut" />
- </appender>
-
- <appender name="TransactionOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/pdpd/audit.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/pdpd/audit.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />
- <encoder>
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncTransactionOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="TransactionOut" />
- </appender>
-
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="STDOUT" />
- </appender>
-
- <appender name="MetricStdOut" class="ch.qos.logback.core.ConsoleAppender">
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />
- <encoder>
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncMetricStdOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="MetricStdOut" />
- </appender>
-
- <appender name="TransactionStdOut" class="ch.qos.logback.core.ConsoleAppender">
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />
- <encoder>
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncTransactionStdOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="TransactionStdOut" />
- </appender>
-
- <logger name="network" level="INFO" additivity="false">
- <appender-ref ref="AsyncNetworkOut" />
- <appender-ref ref="AsyncStdOut" />
- </logger>
-
- <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
- <appender-ref ref="AsyncNetworkOut" />
- <appender-ref ref="AsyncStdOut" />
- </logger>
-
- <root level="INFO">
- <appender-ref ref="AsyncDebugOut" />
- <appender-ref ref="AsyncErrorOut" />
- <appender-ref ref="AsyncMetricOut" />
- <appender-ref ref="AsyncTransactionOut" />
- <appender-ref ref="AsyncStdOut" />
- <appender-ref ref="AsyncMetricStdOut" />
- <appender-ref ref="AsyncTransactionStdOut" />
- </root>
-
+<!-- + ============LICENSE_START======================================================= + Copyright (C) 2020 Bell Canada. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpd/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpd/error.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpd/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpd/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpd/network.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpd/network.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="MetricOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpd/metric.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpd/metric.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" /> + <encoder> + <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncMetricOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="MetricOut" /> + </appender> + + <appender name="TransactionOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpd/audit.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpd/audit.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" /> + <encoder> + <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncTransactionOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="TransactionOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <appender name="MetricStdOut" class="ch.qos.logback.core.ConsoleAppender"> + <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" /> + <encoder> + <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncMetricStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="MetricStdOut" /> + </appender> + + <appender name="TransactionStdOut" class="ch.qos.logback.core.ConsoleAppender"> + <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" /> + <encoder> + <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncTransactionStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="TransactionStdOut" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncMetricOut" /> + <appender-ref ref="AsyncTransactionOut" /> + <appender-ref ref="AsyncStdOut" /> + <appender-ref ref="AsyncMetricStdOut" /> + <appender-ref ref="AsyncTransactionStdOut" /> + </root> + </configuration>
\ No newline at end of file diff --git a/kubernetes/policy/charts/drools/resources/configmaps/settings.xml b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/settings.xml index 3777d27044..3777d27044 100644..100755 --- a/kubernetes/policy/charts/drools/resources/configmaps/settings.xml +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/settings.xml diff --git a/kubernetes/policy/charts/drools/resources/secrets/credentials.conf b/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf index bb2b90c1a7..a2a34056f1 100644..100755 --- a/kubernetes/policy/charts/drools/resources/secrets/credentials.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf @@ -1,3 +1,4 @@ +{{/* # ============LICENSE_START======================================================= # Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. # ================================================================================ @@ -15,8 +16,12 @@ # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +*/}} +{{- if not .Values.global.aafEnabled }} KEYSTORE_PASSWD={{.Values.keystore.password}} +{{- end }} + TRUSTSTORE_PASSWD={{.Values.truststore.password}} TELEMETRY_USER={{.Values.telemetry.user}} diff --git a/kubernetes/policy/charts/drools/templates/configmap.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/configmap.yaml index 9a92ad9769..f5661429a1 100644..100755 --- a/kubernetes/policy/charts/drools/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/configmap.yaml @@ -1,5 +1,6 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2019 AT&T +# Modifications Copyright © 2018-2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,12 +13,18 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} {{- with .Files.Glob "resources/configmaps/*{.zip,store}" }} binaryData: {{- range $path, $bytes := . }} diff --git a/kubernetes/policy/charts/drools/templates/secrets.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/secrets.yaml index 7fb84b5ddc..f986994210 100644..100755 --- a/kubernetes/policy/charts/drools/templates/secrets.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018-2019 AT&T # @@ -12,8 +13,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} --- apiVersion: v1 kind: Secret diff --git a/kubernetes/policy/charts/drools/templates/service.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml index 9f4ad9bed4..b41bf4fdb9 100644..100755 --- a/kubernetes/policy/charts/drools/templates/service.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018-2019 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/policy/charts/drools/templates/statefulset.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml index dd813b4107..1c9e18cc83 100644..100755 --- a/kubernetes/policy/charts/drools/templates/statefulset.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml @@ -1,5 +1,6 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2019 AT&T +# Modifications Copyright © 2018-2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet @@ -37,25 +39,45 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py + args: + - --job-name + - {{ include "common.release" . }}-policy-galera-config + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-db-readiness +{{- if not .Values.nexus.offline }} + - command: + - /app/ready.py args: - --container-name - - {{ include "common.release" . }}-galera-config - - --container-name - - {{ .Values.global.nexus.nameOverride }} + - {{ .Values.nexus.name }} env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness +{{- end }} +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["bash","-c"] + args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \ + source {{ .Values.certInitializer.credsPath }}/.ci; fi;\ + cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\ + /opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"] ports: - containerPort: {{ .Values.service.externalPort }} - containerPort: {{ .Values.service.externalPort2 }} @@ -75,10 +97,11 @@ spec: - name: REPLICAS value: "{{ .Values.replicaCount }}" - name: SQL_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} - name: SQL_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -92,22 +115,9 @@ spec: name: drools-config subPath: {{ base $path }} {{- end }} - - mountPath: /var/log/onap - name: policy-logs resources: -{{ include "common.resources" . | indent 12 }} +{{ include "common.resources" . }} {{- if .Values.nodeSelector }} - - image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.loggingImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: filebeat-onap - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - name: filebeat-conf - subPath: filebeat.yml - - mountPath: /var/log/onap - name: policy-logs - - mountPath: /usr/share/filebeat/data - name: policy-data-filebeat nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} {{- end -}} @@ -116,16 +126,10 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime - - name: filebeat-conf - configMap: - name: {{ include "common.release" . }}-filebeat-configmap - - name: policy-logs - emptyDir: {} - - name: policy-data-filebeat - emptyDir: {} - name: drools-config configMap: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/policy/charts/drools/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml index 292305fa43..6c865d8369 100644..100755 --- a/kubernetes/policy/charts/drools/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2020 AT&T +# Modifications Copyright © 2018-2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,8 +18,7 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 + readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 ubuntuImage: ubuntu:16.04 @@ -40,7 +39,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pdpd-cl:1.7.0 +image: onap/policy-pdpd-cl:1.7.5 pullPolicy: Always # flag to enable debugging - application support required @@ -67,8 +66,8 @@ readiness: service: type: ClusterIP - name: drools - portName: drools + name: policy-drools-pdp + portName: policy-drools-pdp internalPort: 6969 externalPort: 6969 nodePort: 17 @@ -81,6 +80,27 @@ ingress: # Default installation values to be overridden +certInitializer: + nameOverride: policy-drools-pdp-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 1000 + gid: 1000 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh; + export $(/opt/app/aaf_config/bin/agent.sh local showpass + {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12"); + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); + server: jvmOpts: -server -XshowSettings:vm @@ -98,12 +118,14 @@ telemetry: password: demo123456! nexus: + name: policy-nexus + port: 8081 user: admin password: admin123 - port: 8081 offline: true db: + name: policy-mariadb user: policy_user password: policy_user @@ -155,8 +177,8 @@ cds: svcPort: 9111 # Resource Limit flavor -By Default using small +# Segregation for Different environment (small, large, or unlimited) flavor: small -# Segregation for Different environment (Small and Large) resources: small: limits: diff --git a/kubernetes/policy/charts/drools/charts/nexus/Chart.yaml b/kubernetes/policy/components/policy-nexus/Chart.yaml index faf8a38748..09103ed352 100644..100755 --- a/kubernetes/policy/charts/drools/charts/nexus/Chart.yaml +++ b/kubernetes/policy/components/policy-nexus/Chart.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018-2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,5 +15,5 @@ apiVersion: v1 description: ONAP Policy Nexus -name: nexus +name: policy-nexus version: 6.0.0 diff --git a/kubernetes/clamp/charts/clamp-backend/requirements.yaml b/kubernetes/policy/components/policy-nexus/requirements.yaml index d3c442d32e..d3c442d32e 100644..100755 --- a/kubernetes/clamp/charts/clamp-backend/requirements.yaml +++ b/kubernetes/policy/components/policy-nexus/requirements.yaml diff --git a/kubernetes/policy/charts/drools/charts/nexus/templates/deployment.yaml b/kubernetes/policy/components/policy-nexus/templates/deployment.yaml index 3c2aa0e953..9b76e06be8 100644..100755 --- a/kubernetes/policy/charts/drools/charts/nexus/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-nexus/templates/deployment.yaml @@ -1,5 +1,6 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018-2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -68,7 +70,11 @@ spec: - mountPath: /sonatype-work name: nexus-data resources: -{{ include "common.resources" . | indent 12 }} +{{- if eq .Values.resources.flavor "large" }} +{{ toYaml .Values.resources.large | indent 12 }} +{{- else }} +{{ toYaml .Values.resources.small | indent 12 }} +{{- end -}} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} diff --git a/kubernetes/policy/charts/drools/charts/nexus/templates/pv.yaml b/kubernetes/policy/components/policy-nexus/templates/pv.yaml index 62e66f1602..62e66f1602 100644..100755 --- a/kubernetes/policy/charts/drools/charts/nexus/templates/pv.yaml +++ b/kubernetes/policy/components/policy-nexus/templates/pv.yaml diff --git a/kubernetes/policy/charts/drools/charts/nexus/templates/pvc.yaml b/kubernetes/policy/components/policy-nexus/templates/pvc.yaml index 1cadcc51d5..1cadcc51d5 100644..100755 --- a/kubernetes/policy/charts/drools/charts/nexus/templates/pvc.yaml +++ b/kubernetes/policy/components/policy-nexus/templates/pvc.yaml diff --git a/kubernetes/policy/charts/brmsgw/templates/service.yaml b/kubernetes/policy/components/policy-nexus/templates/service.yaml index 7883651a2e..55defa9e92 100644..100755 --- a/kubernetes/policy/charts/brmsgw/templates/service.yaml +++ b/kubernetes/policy/components/policy-nexus/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/policy/charts/drools/charts/nexus/values.yaml b/kubernetes/policy/components/policy-nexus/values.yaml index 2024bca973..69be914bd4 100644..100755 --- a/kubernetes/policy/charts/drools/charts/nexus/values.yaml +++ b/kubernetes/policy/components/policy-nexus/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2019 AT&T +# Modifications Copyright © 2018-2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,8 +18,7 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 + readinessImage: onap/oom/readiness:3.0.1 ubuntuInitRepository: oomk8s ubuntuInitImage: ubuntu-init:1.0.0 persistence: {} @@ -60,8 +59,8 @@ readiness: service: type: ClusterIP - name: nexus - portName: nexus + name: policy-nexus + portName: policy-nexus externalPort: 8081 internalPort: 8081 nodePort: 36 @@ -76,12 +75,12 @@ persistence: accessMode: ReadWriteOnce size: 2Gi mountPath: /dockerdata-nfs - mountSubPath: nexus/data + mountSubPath: policy/nexus/data -# Resource Limit flavor -By Default using small -flavor: small # Segregation for Different environment (Small and Large) +# Resource Limit flavor - By Default using small resources: + flavor: small small: limits: cpu: 1 diff --git a/kubernetes/policy/charts/pap/Chart.yaml b/kubernetes/policy/components/policy-pap/Chart.yaml index 9133e8685a..6affa3432d 100644..100755 --- a/kubernetes/policy/charts/pap/Chart.yaml +++ b/kubernetes/policy/components/policy-pap/Chart.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019 Nordix Foundation. +# Modified Copyright (C) 2020 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,5 +19,5 @@ apiVersion: v1 description: ONAP Policy Administration (PAP) -name: pap +name: policy-pap version: 6.0.0 diff --git a/kubernetes/policy/charts/pap/requirements.yaml b/kubernetes/policy/components/policy-pap/requirements.yaml index a6c2f0a42a..aa47b48548 100644..100755 --- a/kubernetes/policy/charts/pap/requirements.yaml +++ b/kubernetes/policy/components/policy-pap/requirements.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019 Nordix Foundation. +# Modified Copyright (C) 2020 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,3 +21,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/policy/charts/pap/resources/config/config.json b/kubernetes/policy/components/policy-pap/resources/config/config.json index aba167708c..0b30a27535 100644..100755 --- a/kubernetes/policy/charts/pap/resources/config/config.json +++ b/kubernetes/policy/components/policy-pap/resources/config/config.json @@ -1,3 +1,4 @@ +{{/* # ============LICENSE_START======================================================= # Copyright (C) 2019 Nordix Foundation. # ================================================================================ @@ -15,6 +16,7 @@ # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +*/}} { "name":"PapGroup", "restServerParameters":{ @@ -40,9 +42,9 @@ "name": "PolicyProviderParameterGroup", "implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl", "databaseDriver": "org.mariadb.jdbc.Driver", - "databaseUrl": "jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/{{ .Values.global.mariadb.config.mysqlDatabase }}", + "databaseUrl": "jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin", "databaseUser": "${SQL_USER}", - "databasePassword": "${SQL_PASSWORD_BASE64}", + "databasePassword": "${SQL_PASSWORD}", "persistenceUnit": "PolicyMariaDb" }, "topicParameterGroup": { diff --git a/kubernetes/policy/charts/pap/resources/config/logback.xml b/kubernetes/policy/components/policy-pap/resources/config/logback.xml index 233e6a7dbe..6038e20b84 100644..100755 --- a/kubernetes/policy/charts/pap/resources/config/logback.xml +++ b/kubernetes/policy/components/policy-pap/resources/config/logback.xml @@ -1,103 +1,103 @@ -<!--
- ============LICENSE_START=======================================================
- Copyright (C) 2020 Bell Canada. All rights reserved.
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- SPDX-License-Identifier: Apache-2.0
- ============LICENSE_END=========================================================
--->
-
-<configuration scan="true" scanPeriod="30 seconds" debug="false">
-
- <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/pap/error.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/pap/error.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>WARN</level>
- </filter>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="ErrorOut" />
- </appender>
-
- <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/pap/debug.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/pap/debug.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="DebugOut" />
- </appender>
-
- <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/pap/network.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/pap/network.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="NetworkOut" />
- </appender>
-
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="STDOUT" />
- </appender>
-
- <logger name="network" level="INFO" additivity="false">
- <appender-ref ref="AsyncNetworkOut" />
- <appender-ref ref="AsyncStdOut" />
- </logger>
-
- <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
- <appender-ref ref="AsyncNetworkOut" />
- <appender-ref ref="AsyncStdOut" />
- </logger>
-
- <root level="INFO">
- <appender-ref ref="AsyncDebugOut" />
- <appender-ref ref="AsyncErrorOut" />
- <appender-ref ref="AsyncStdOut" />
- </root>
-
-</configuration>
+<!-- + ============LICENSE_START======================================================= + Copyright (C) 2020 Bell Canada. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pap/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pap/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pap/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pap/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pap/network.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pap/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncStdOut" /> + </root> + +</configuration> diff --git a/kubernetes/policy/charts/pap/templates/configmap.yaml b/kubernetes/policy/components/policy-pap/templates/configmap.yaml index 372bf4dcca..e1a5360ac2 100644..100755 --- a/kubernetes/policy/charts/pap/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-pap/templates/configmap.yaml @@ -1,5 +1,7 @@ +{{/* # ============LICENSE_START======================================================= # Copyright (C) 2019-2020 Nordix Foundation. All rights reserved. +# Modifications Copyright (C) 2020 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,12 +17,18 @@ # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +*/}} apiVersion: v1 kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} {{- with .Files.Glob "resources/config/*store" }} binaryData: {{- range $path, $bytes := . }} diff --git a/kubernetes/policy/charts/pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml index da44bd54f9..4f90d81b3b 100644..100755 --- a/kubernetes/policy/charts/pap/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml @@ -1,3 +1,23 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2020 AT&T Intellectual Property. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + apiVersion: apps/v1 kind: Deployment metadata: {{- include "common.resourceMetadata" . | nindent 2 }} @@ -9,25 +29,24 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py args: - - --container-name - - {{ .Values.global.mariadb.service.name }} + - --job-name + - {{ include "common.release" . }}-policy-galera-config env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - - command: - sh args: - -c - - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - name: SQL_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} @@ -53,12 +72,24 @@ spec: image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{- if .Values.global.aafEnabled }} + command: ["bash","-c"] + args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ + /opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/config.json"] +{{- else }} command: ["/opt/app/policy/pap/bin/policy-pap.sh"] args: ["/opt/app/policy/pap/etc/mounted/config.json"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} +{{- end }} ports: {{ include "common.containerPorts" . | nindent 12 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container @@ -75,13 +106,14 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/app/policy/pap/etc/mounted name: papconfig-processed resources: -{{ include "common.resources" . | indent 12 }} +{{ include "common.resources" . }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} @@ -91,6 +123,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/policy/charts/brmsgw/templates/secrets.yaml b/kubernetes/policy/components/policy-pap/templates/secrets.yaml index bd7eb8ea40..34932b713d 100644..100755 --- a/kubernetes/policy/charts/brmsgw/templates/secrets.yaml +++ b/kubernetes/policy/components/policy-pap/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/policy/charts/pap/templates/service.yaml b/kubernetes/policy/components/policy-pap/templates/service.yaml index 5c4061e831..5bdc74727c 100644..100755 --- a/kubernetes/policy/charts/pap/templates/service.yaml +++ b/kubernetes/policy/components/policy-pap/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # ============LICENSE_START======================================================= # Copyright (C) 2019 Nordix Foundation. # Modifications Copyright (C) 2019 AT&T Intellectual Property. @@ -17,5 +18,6 @@ # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +*/}} {{ include "common.service" . }} diff --git a/kubernetes/policy/charts/pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index 3eba5564ac..796fcd0a9f 100644..100755 --- a/kubernetes/policy/charts/pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -25,6 +25,8 @@ global: nodePortPrefixExt: 304 persistence: {} envsubstImage: dibi/envsubst + aafEnabled: true + readinessImage: onap/oom/readiness:3.0.1 ################################################################# # Secrets metaconfig @@ -54,13 +56,49 @@ secrets: login: '{{ .Values.healthCheckRestClient.distribution.user }}' password: '{{ .Values.healthCheckRestClient.distribution.password }}' passwordPolicy: required + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required + +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap + +certInitializer: + nameOverride: policy-pap-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 100 + gid: 101 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh; + export $(/opt/app/aaf_config/bin/agent.sh local showpass + {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12"); + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); + ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pap:2.3.0 +image: onap/policy-pap:2.3.3 pullPolicy: Always # flag to enable debugging - application support required @@ -71,9 +109,14 @@ debugEnabled: false db: user: policy_user password: policy_user + service: + name: policy-mariadb + internalPort: 3306 + restServer: user: healthcheck password: zb!XztG34 + healthCheckRestClient: api: user: healthcheck @@ -115,4 +158,21 @@ service: ingress: enabled: false -resources: {} +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} + diff --git a/kubernetes/policy/charts/policy-xacml-pdp/Chart.yaml b/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml index ab79a68745..fda3fde208 100644..100755 --- a/kubernetes/policy/charts/policy-xacml-pdp/Chart.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,6 +17,6 @@ # ============LICENSE_END========================================================= apiVersion: v1 -description: ONAP Policy XACML PDP +description: ONAP Policy XACML PDP (PDP-X) name: policy-xacml-pdp version: 6.0.0 diff --git a/kubernetes/policy/components/policy-xacml-pdp/requirements.yaml b/kubernetes/policy/components/policy-xacml-pdp/requirements.yaml new file mode 100755 index 0000000000..c9502372be --- /dev/null +++ b/kubernetes/policy/components/policy-xacml-pdp/requirements.yaml @@ -0,0 +1,25 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json index 1598ca4afa..8ad9fcc3c0 100644..100755 --- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json +++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json @@ -1,3 +1,4 @@ +{{/* # ============LICENSE_START======================================================= # Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ @@ -15,6 +16,7 @@ # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +*/}} { "name": "XacmlPdpParameters", "pdpGroup": "defaultGroup", diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/logback.xml b/kubernetes/policy/components/policy-xacml-pdp/resources/config/logback.xml index 61fbe4b2cf..ae0beaade8 100644..100755 --- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/logback.xml +++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/logback.xml @@ -1,103 +1,103 @@ -<!--
- ============LICENSE_START=======================================================
- Copyright (C) 2020 Bell Canada. All rights reserved.
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- SPDX-License-Identifier: Apache-2.0
- ============LICENSE_END=========================================================
--->
-
-<configuration scan="true" scanPeriod="30 seconds" debug="false">
-
- <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/pdpx/error.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/pdpx/error.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>WARN</level>
- </filter>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="ErrorOut" />
- </appender>
-
- <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/pdpx/debug.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/pdpx/debug.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="DebugOut" />
- </appender>
-
- <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/pdpx/network.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/pdpx/network.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="NetworkOut" />
- </appender>
-
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="STDOUT" />
- </appender>
-
- <logger name="network" level="INFO" additivity="false">
- <appender-ref ref="AsyncNetworkOut" />
- <appender-ref ref="AsyncStdOut" />
- </logger>
-
- <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
- <appender-ref ref="AsyncNetworkOut" />
- <appender-ref ref="AsyncStdOut" />
- </logger>
-
- <root level="INFO">
- <appender-ref ref="AsyncDebugOut" />
- <appender-ref ref="AsyncErrorOut" />
- <appender-ref ref="AsyncStdOut" />
- </root>
-
+<!-- + ============LICENSE_START======================================================= + Copyright (C) 2020 Bell Canada. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpx/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpx/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpx/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpx/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpx/network.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpx/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncStdOut" /> + </root> + </configuration>
\ No newline at end of file diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties index c7e4ad197e..0d773b50c0 100644..100755 --- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties +++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties @@ -1,8 +1,10 @@ +{{/* # # Properties that the embedded PDP engine uses to configure and load # # Standard API Factories # +*/}} xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory @@ -48,6 +50,6 @@ xacml.pip.engines=count-recent-operations,get-operation-outcome # JPA Properties # javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver -javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/operationshistory +javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/operationshistory javax.persistence.jdbc.user=${SQL_USER} -javax.persistence.jdbc.password=${SQL_PASSWORD_BASE64} +javax.persistence.jdbc.password=${SQL_PASSWORD} diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/configmap.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/configmap.yaml index 3ca4f82963..64b7c0a126 100644..100755 --- a/kubernetes/policy/charts/policy-xacml-pdp/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/configmap.yaml @@ -1,5 +1,6 @@ +{{/* # ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright (C) 2020 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,12 +17,18 @@ # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +*/}} apiVersion: v1 kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} {{- with .Files.Glob "resources/config/*store" }} binaryData: {{- range $path, $bytes := . }} diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml index 3580018eb4..e8473d2125 100644..100755 --- a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml @@ -1,3 +1,23 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2020 AT&T Intellectual Property. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + apiVersion: apps/v1 kind: Deployment metadata: @@ -21,24 +41,24 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py args: - - --container-name - - {{ include "common.release" . }}-galera-config + - --job-name + - {{ include "common.release" . }}-policy-galera-config env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - command: - sh args: - -c - - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - name: RESTSERVER_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }} @@ -60,12 +80,24 @@ spec: image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{- if .Values.global.aafEnabled }} + command: ["bash","-c"] + args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ + /opt/app/policy/pdpx/bin/policy-pdpx.sh /opt/app/policy/pdpx/etc/mounted/config.json"] +{{- else }} command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"] args: ["/opt/app/policy/pdpx/etc/mounted/config.json"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} +{{- end }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -83,15 +115,14 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/app/policy/pdpx/etc/mounted name: pdpxconfig-processed - emptyDir: - medium: Memory resources: -{{ include "common.resources" . | indent 12 }} +{{ include "common.resources" . }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} @@ -101,6 +132,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/secrets.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/secrets.yaml new file mode 100755 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/service.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml index 33b990f208..123ae66432 100644..100755 --- a/kubernetes/policy/charts/policy-xacml-pdp/templates/service.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml @@ -1,5 +1,6 @@ +{{/* # ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,6 +16,7 @@ # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index 36dd5a57cb..24be6c75c4 100644..100755 --- a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -22,6 +22,8 @@ global: persistence: {} envsubstImage: dibi/envsubst + aafEnabled: true + readinessImage: onap/oom/readiness:3.0.1 ################################################################# # Secrets metaconfig @@ -45,13 +47,49 @@ secrets: login: '{{ .Values.apiServer.user }}' password: '{{ .Values.apiServer.password }}' passwordPolicy: required + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required + +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap + +certInitializer: + nameOverride: policy-xacml-pdp-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 100 + gid: 101 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh; + export $(/opt/app/aaf_config/bin/agent.sh local showpass + {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12"); + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); + ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-xacml-pdp:2.3.0 +image: onap/policy-xacml-pdp:2.3.3 pullPolicy: Always # flag to enable debugging - application support required @@ -62,9 +100,14 @@ debugEnabled: false db: user: policy_user password: policy_user + service: + name: policy-mariadb + internalPort: 3306 + restServer: user: healthcheck password: zb!XztG34 + apiServer: user: healthcheck password: zb!XztG34 @@ -98,4 +141,21 @@ service: ingress: enabled: false -resources: {} +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} + diff --git a/kubernetes/policy/requirements.yaml b/kubernetes/policy/requirements.yaml index 01e41d9d0f..53ab55d047 100644..100755 --- a/kubernetes/policy/requirements.yaml +++ b/kubernetes/policy/requirements.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018, 2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,10 +16,35 @@ dependencies: - name: common version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) repository: '@local' - name: mariadb-galera version: ~6.x-0 repository: '@local' + - name: policy-nexus + version: ~6.x-0 + repository: 'file://components/policy-nexus' + condition: policy-nexus.enabled + - name: policy-api + version: ~6.x-0 + repository: 'file://components/policy-api' + condition: policy-api.enabled + - name: policy-pap + version: ~6.x-0 + repository: 'file://components/policy-pap' + condition: policy-pap.enabled + - name: policy-xacml-pdp + version: ~6.x-0 + repository: 'file://components/policy-xacml-pdp' + condition: policy-xacml-pdp.enabled + - name: policy-apex-pdp + version: ~6.x-0 + repository: 'file://components/policy-apex-pdp' + condition: policy-apex-pdp.enabled + - name: policy-drools-pdp + version: ~6.x-0 + repository: 'file://components/policy-drools-pdp' + condition: policy-drools-pdp.enabled + - name: policy-distribution + version: ~6.x-0 + repository: 'file://components/policy-distribution' + condition: policy-distribution.enabled diff --git a/kubernetes/policy/resources/config/db.sh b/kubernetes/policy/resources/config/db.sh index ef821a11d4..36f334a8b0 100644..100755 --- a/kubernetes/policy/resources/config/db.sh +++ b/kubernetes/policy/resources/config/db.sh @@ -1,5 +1,7 @@ +#!/bin/bash -x +{{/* # Copyright © 2017 Amdocs, Bell Canada, AT&T -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018, 2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,9 +14,10 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -#!/bin/bash -xv mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; }; + for db in support onap_sdk log migration operationshistory10 pooling policyadmin operationshistory do mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};" diff --git a/kubernetes/policy/resources/config/log/ep_sdk_app/logback.xml b/kubernetes/policy/resources/config/log/ep_sdk_app/logback.xml deleted file mode 100644 index bcc6b167fc..0000000000 --- a/kubernetes/policy/resources/config/log/ep_sdk_app/logback.xml +++ /dev/null @@ -1,186 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. ---> -<configuration debug="true" scan="true" scanPeriod="3 seconds"> - <!-- - Logback files for the ECOMP SDK Application "ecomp_app" - are created in directory ${catalina.base}/logs/ecomp_app; - e.g., apache-tomcat-8.0.35/logs/ecomp_app/application.log - --> - <!--<jmxConfigurator /> --> - <!-- specify the base path of the log directory --> - <property name="logDir" value="/var/log/onap" /> - <!-- specify the component name --> - <property name="componentName" value="policy" /> - <!-- specify the sub component name --> - <property name="subComponentName" value="ep_sdk_app" /> - <!-- The directories where logs are written --> - <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> - <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" /> - <!-- log file names --> - <property name="generalLogName" value="application" /> - <property name="errorLogName" value="error" /> - <property name="metricsLogName" value="metrics" /> - <property name="auditLogName" value="audit" /> - <property name="debugLogName" value="debug" /> - <property name="queueSize" value="256" /> - <property name="maxFileSize" value="50MB" /> - <property name="maxHistory" value="30" /> - <property name="totalSizeCap" value="10GB" /> - <!-- - These loggers are not used in code (yet). - <property name="securityLogName" value="security" /> - <property name="policyLogName" value="policy" /> - <property name="performanceLogName" value="performance" /> - <property name="serverLogName" value="server" /> - --> - <!-- Example evaluator filter applied against console appender --> - <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT"> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <!-- ============================================================================ --> - <!-- EELF Appenders --> - <!-- ============================================================================ --> - <!-- The EELFAppender is used to record events to the general application - log --> - <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELF"> - <file>${logDirectory}/${generalLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- daily rollover --> - <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - <filter class="org.openecomp.portalapp.util.CustomLoggingFilter" /> - </appender> - <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELF"> - <queueSize>${queueSize}</queueSize> - <!-- Class name is part of caller data --> - <includeCallerData>true</includeCallerData> - <appender-ref ref="EELF" /> - </appender> - <!-- EELF Audit Appender. This appender is used to record audit engine - related logging events. The audit logger and appender are specializations - of the EELF application root logger and appender. This can be used to segregate - Policy engine events from other components, or it can be eliminated to record - these events as part of the application root log. --> - <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFAudit"> - <file>${logDirectory}/${auditLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- daily rollover --> - <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFAudit"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFAudit" /> - </appender> - <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFMetrics"> - <file>${logDirectory}/${metricsLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- daily rollover --> - <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFMetrics"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFMetrics" /> - </appender> - <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFError"> - <file>${logDirectory}/${errorLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- daily rollover --> - <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - <level>INFO</level> - </filter> - </appender> - <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFError"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFError" /> - </appender> - <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFDebug"> - <file>${logDirectory}/${debugLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- daily rollover --> - <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFDebug"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFDebug" /> - <includeCallerData>true</includeCallerData> - </appender> - <!-- ============================================================================ --> - <!-- EELF loggers --> - <!-- ============================================================================ --> - <logger additivity="false" level="info" name="com.att.eelf.audit"> - <appender-ref ref="asyncEELFAudit" /> - </logger> - <logger additivity="false" level="info" name="com.att.eelf.metrics"> - <appender-ref ref="asyncEELFMetrics" /> - </logger> - <logger additivity="false" level="info" name="com.att.eelf.error"> - <appender-ref ref="asyncEELFError" /> - </logger> - <logger additivity="false" level="debug" name="com.att.eelf.debug"> - <appender-ref ref="asyncEELFDebug" /> - </logger> - <root level="INFO"> - <appender-ref ref="asyncEELFDebug" /> - </root> -</configuration> diff --git a/kubernetes/policy/resources/config/log/xacml-pap-rest/logback.xml b/kubernetes/policy/resources/config/log/xacml-pap-rest/logback.xml deleted file mode 100644 index 9401e54861..0000000000 --- a/kubernetes/policy/resources/config/log/xacml-pap-rest/logback.xml +++ /dev/null @@ -1,150 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. ---> - -<configuration debug="true" scan="true" scanPeriod="3 seconds"> - <!--<jmxConfigurator /> --> - <!-- specify the base path of the log directory --> - <property name="logDir" value="/var/log/onap" /> - <!-- specify the component name --> - <property name="componentName" value="policy" /> - <!-- specify the sub component name --> - <property name="subComponentName" value="xacml-pap-rest" /> - <!-- The directories where logs are written --> - <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> - <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" /> - <!-- log file names --> - <property name="errorLogName" value="error" /> - <property name="metricsLogName" value="metrics" /> - <property name="auditLogName" value="audit" /> - <property name="debugLogName" value="debug" /> - <property name="queueSize" value="256" /> - <property name="maxFileSize" value="50MB" /> - <property name="maxHistory" value="30" /> - <property name="totalSizeCap" value="10GB" /> - <!-- Example evaluator filter applied against console appender --> - <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT"> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <!-- ============================================================================ --> - <!-- EELF Appenders --> - <!-- ============================================================================ --> - <!-- The EELFAppender is used to record events to the general application - log --> - <!-- EELF Audit Appender. This appender is used to record audit engine - related logging events. The audit logger and appender are specializations - of the EELF application root logger and appender. This can be used to segregate - Policy engine events from other components, or it can be eliminated to record - these events as part of the application root log. --> - <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFAudit"> - <file>${logDirectory}/${auditLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFAudit"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFAudit" /> - </appender> - <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFMetrics"> - <file>${logDirectory}/${metricsLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - - %msg%n"</pattern> --> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFMetrics"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFMetrics" /> - </appender> - <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFError"> - <file>${logDirectory}/${errorLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - <level>INFO</level> - </filter> - </appender> - <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFError"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFError" /> - </appender> - <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFDebug"> - <file>${logDirectory}/${debugLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFDebug"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFDebug" /> - <includeCallerData>true</includeCallerData> - </appender> - <!-- ============================================================================ --> - <!-- EELF loggers --> - <!-- ============================================================================ --> - <logger additivity="false" level="info" name="com.att.eelf.audit"> - <appender-ref ref="asyncEELFAudit" /> - </logger> - <logger additivity="false" level="info" name="com.att.eelf.metrics"> - <appender-ref ref="asyncEELFMetrics" /> - </logger> - <logger additivity="false" level="info" name="com.att.eelf.error"> - <appender-ref ref="asyncEELFError" /> - </logger> - <logger additivity="false" level="debug" name="com.att.eelf.debug"> - <appender-ref ref="asyncEELFDebug" /> - </logger> - <root level="INFO"> - <appender-ref ref="asyncEELFDebug" /> - </root> -</configuration> diff --git a/kubernetes/policy/resources/config/pe/console.conf b/kubernetes/policy/resources/config/pe/console.conf deleted file mode 100644 index cb170f0802..0000000000 --- a/kubernetes/policy/resources/config/pe/console.conf +++ /dev/null @@ -1,146 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# configs component installation configuration parameters - -# tomcat specific parameters - -TOMCAT_JMX_PORT=9993 -TOMCAT_SHUTDOWN_PORT=8090 -SSL_HTTP_CONNECTOR_PORT=8443 -SSL_HTTP_CONNECTOR_REDIRECT_PORT=8443 -SSL_AJP_CONNECTOR_PORT=8383 -SSL_AJP_CONNECTOR_REDIRECT_PORT=8443 - -TOMCAT_X_MS_MB=2048 -TOMCAT_X_MX_MB=2048 - -# ------------------ console properties --------------------------- - -# -# Authorization Policy - -ROOT_POLICIES=admin -ADMIN_FILE=Policy-Admin.xml - - -# Set your domain here: - -REST_ADMIN_DOMAIN=com - -# -# Location where the GIT repository is located -# -REST_ADMIN_REPOSITORY=repository - -# -# Location where all the user workspaces are located. -# -REST_ADMIN_WORKSPACE=/opt/app/policy/servers/console/bin/workspace - -# -# These can be set so the Admin Console knows who is logged on. Ideally, you can run the console in a J2EE -# container and setup authentication as you please. Setting HttpSession attribute values will override these -# values set in the properties files. -# -# ((HttpServletRequest) request).getSession().setAttribute("xacml.rest.admin.user.name", "Homer"); -# -# The default policy: Policy-Admin.xml is extremely simple. -# -# You can test authorization within the Admin Console by changing the user id. -# There are 3 supported user ids: -# guest - Read only access -# editor - Read/Write access -# admin - Read/Write/Admin access -# -# An empty or null value for xacml.rest.admin.user.id results in no access to the application at all. -# -# This is for development/demonstration purposes only. A production environment should provide authentication which is -# outside the scope of this application. This application can be used to develop a XACML policy for user authorization -# within this application. -# - -REST_ADMIN_USER_NAME=Administrator -REST_ADMIN_USER_ID=super-admin - -# -# -# Property to declare the max time frame for logs. -# -LOG_TIMEFRAME=30 - -# Property to declare the number of visible rows for users in MicroService Policy -COLUMN_COUNT=3 - -# Dashboard refresh rate in miliseconds -REFRESH_RATE=40000 - -# -# URL location for the PAP servlet. -# - - -REST_PAP_URL=https://{{.Values.global.pap.nameOverride}}:{{.Values.service.externalPort2}}/pap/ - -# -# Config/Action Properties location. -# - -REST_CONFIG_HOME=/opt/app/policy/servers/pap/webapps/Config/ -REST_ACTION_HOME=/opt/app/policy/servers/pap/webapps/Action/ -REST_CONFIG_URL=https://{{.Values.global.pap.nameOverride}}:{{.Values.service.externalPort2}}/ -REST_CONFIG_WEBAPPS=/opt/app/policy/servers/pap/webapps/ - -# PAP account information -CONSOLE_PAP_HTTP_USER_ID=testpap -CONSOLE_PAP_HTTP_PASSWORD=alpha123 - - -node_type=pap_admin -resource_name=console_1 - -# The (optional) period of time in seconds between executions of the integrity audit. -# Value < 0 : Audit does not run (default value if property is not present = -1) -# Value = 0 : Audit runs continuously -# Value > 0 : The period of time in seconds between execution of the audit on a particular node -integrity_audit_period_seconds=-1 - -#Automatic Policy Distribution -automatic_push=false - -#Diff of policies for Firewall feature -FW_GETURL= -FW_AUTHOURL= -FW_PROXY= -FW_PORT= - -#SMTP Server Details for Java Mail -onap_smtp_host= -onap_smtp_port=25 -onap_smtp_userName= -onap_smtp_password= -onap_smtp_emailExtension= -onap_application_name= - -#-----------------------ONAP-PORTAL-Properties---------------------- - -ONAP_REDIRECT_URL=https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm -ONAP_REST_URL=https://portal-app:8443/ONAPPORTAL/auxapi -ONAP_UEB_URL_LIST= -ONAP_PORTAL_INBOX_NAME= -ONAP_UEB_APP_KEY=ueb_key_5 -ONAP_UEB_APP_SECRET=ueb_key_5 -ONAP_UEB_APP_MAILBOX_NAME= -APP_DISPLAY_NAME=ONAP Policy -ONAP_SHARED_CONTEXT_REST_URL=http://portal-app.{{.Release.Namespace}}:8989/ONAPPORTAL/context diff --git a/kubernetes/policy/resources/config/pe/elk.conf b/kubernetes/policy/resources/config/pe/elk.conf deleted file mode 100644 index 2750bff702..0000000000 --- a/kubernetes/policy/resources/config/pe/elk.conf +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# elasticsearch - -ELK_JMX_PORT=9995 diff --git a/kubernetes/policy/resources/config/pe/mysql.conf b/kubernetes/policy/resources/config/pe/mysql.conf deleted file mode 100644 index d4f83d414e..0000000000 --- a/kubernetes/policy/resources/config/pe/mysql.conf +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# mysql scripts component installation configuration parameters - -# Path to mysql bin -MYSQL_BIN=/usr/local/mysql/bin - diff --git a/kubernetes/policy/resources/config/pe/pap.conf b/kubernetes/policy/resources/config/pe/pap.conf deleted file mode 100644 index ee1a492bc2..0000000000 --- a/kubernetes/policy/resources/config/pe/pap.conf +++ /dev/null @@ -1,68 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# pap component installation configuration parameters - -# tomcat specific parameters - -TOMCAT_JMX_PORT=9990 -TOMCAT_SHUTDOWN_PORT=9405 -SSL_HTTP_CONNECTOR_PORT=9091 -SSL_AJP_CONNECTOR_PORT=8380 -SSL_AJP_CONNECTOR_REDIRECT_PORT=8443 - -TOMCAT_X_MS_MB=1024 -TOMCAT_X_MX_MB=1024 - -# pap properties - -PAP_PDPS=/opt/app/policy/servers/pap/bin/pdps -PAP_URL=https://{{ include "common.servicename" . }}:{{.Values.service.externalPort2}}/pap/ - -PAP_INITIATE_PDP=true -PAP_HEARTBEAT_INTERVAL=10000 -PAP_HEARTBEAT_TIMEOUT=10000 - -REST_ADMIN_DOMAIN=com -REST_ADMIN_REPOSITORY=repository -REST_ADMIN_WORKSPACE=workspace - -# PDP related properties -PAP_PDP_URL=https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-0.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/,testpdp,alpha123;https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-1.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/,testpdp,alpha123;https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-2.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/,testpdp,alpha123;https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-3.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/ -PAP_PDP_HTTP_USER_ID=testpdp -PAP_PDP_HTTP_PASSWORD=alpha123 - -PAP_HTTP_USER_ID=testpap -PAP_HTTP_PASSWORD=alpha123 - -#new values added 10-21-2015 -PROP_PAP_TRANS_WAIT=500000 -PROP_PAP_TRANS_TIMEOUT=5000 -PROP_PAP_AUDIT_TIMEOUT=300000 -PROP_PAP_RUN_AUDIT_FLAG=true -PROP_PAP_AUDIT_FLAG=true - -PROP_PAP_INCOMINGNOTIFICATION_TRIES=4 - - -node_type=pap -resource_name=pap_1 -dependency_groups=paplp_1 -test_via_jmx=true - -# The (optional) period of time in seconds between executions of the integrity audit. -# Value < 0 : Audit does not run (default value if property is not present = -1) -# Value = 0 : Audit runs continuously -# Value > 0 : The period of time in seconds between execution of the audit on a particular node -integrity_audit_period_seconds=-1 diff --git a/kubernetes/policy/resources/config/pe/paplp.conf b/kubernetes/policy/resources/config/pe/paplp.conf deleted file mode 100644 index 34186d5652..0000000000 --- a/kubernetes/policy/resources/config/pe/paplp.conf +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# JVM specific parameters -LOGPARSER_JMX_PORT=9996 -LOGPARSER_X_MS_MB=1024 -LOGPARSER_X_MX_MB=1024 - -SERVER=https://{{ include "common.servicename" . }}:{{.Values.service.externalPort2}}/pap/ -LOGPATH=/var/log/onap/policy/pap/pap-rest.log -PARSERLOGPATH=/opt/app/policy/servers/paplp/bin/IntegrityMonitor.log - -node_type=logparser -# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase -resource_name=paplp_1 diff --git a/kubernetes/policy/templates/NOTES.txt b/kubernetes/policy/templates/NOTES.txt deleted file mode 100644 index fa0aa7d258..0000000000 --- a/kubernetes/policy/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/policy/templates/configmap.yaml b/kubernetes/policy/templates/configmap.yaml index 8c804c35ed..7809c746bb 100644..100755 --- a/kubernetes/policy/templates/configmap.yaml +++ b/kubernetes/policy/templates/configmap.yaml @@ -1,5 +1,6 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018, 2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,35 +13,17 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-log-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/log/xacml-pap-rest/logback.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-sdk-log-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/log/ep_sdk_app/logback.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-pe-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: name: {{ include "common.fullname" . }}-db-configmap namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/db.sh").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/templates/deployment.yaml b/kubernetes/policy/templates/deployment.yaml deleted file mode 100644 index 73493056b7..0000000000 --- a/kubernetes/policy/templates/deployment.yaml +++ /dev/null @@ -1,182 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - command: - - sh - args: - - -c - - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done" - env: - - name: JDBC_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - - name: JDBC_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - volumeMounts: - - mountPath: /config-input - name: pe - - mountPath: /config - name: pe-processed - image: "{{ .Values.global.envsubstImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config - - command: - - /root/ready.py - args: - - --container-name - - {{ include "common.release" . }}-galera-config - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - containers: - - command: - - /bin/bash - - ./do-start.sh - - pap - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - resources: -{{ include "common.resources" . | indent 12 }} - ports: - - containerPort: {{ .Values.service.externalPort }} - - containerPort: {{ .Values.service.externalPort2 }} - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.externalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.externalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: PRELOAD_POLICIES - value: "{{ .Values.config.preloadPolicies }}" - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /tmp/policy-install/config/pap-tweaks.sh - name: pe-pap - subPath: pap-tweaks.sh - - mountPath: /tmp/policy-install/config/paplp.conf - name: pe-pap - subPath: paplp.conf - - mountPath: /tmp/policy-install/config/pap.conf - name: pe-pap - subPath: pap.conf - - mountPath: /tmp/policy-install/config/mysql.conf - name: pe-pap - subPath: mysql.conf - - mountPath: /tmp/policy-install/config/elk.conf - name: pe-pap - subPath: elk.conf - - mountPath: /tmp/policy-install/config/console.conf - name: pe-pap - subPath: console.conf - - mountPath: /tmp/policy-install/config/base.conf - name: pe-processed - subPath: base.conf - - mountPath: /tmp/policy-install/do-start.sh - name: pe-scripts - subPath: do-start.sh - - mountPath: /var/log/onap - name: policy-logs - - mountPath: /tmp/policy-install/logback.xml - name: policy-sdk-logback - subPath: logback.xml - - mountPath: /tmp/logback.xml - name: policy-logback - subPath: logback.xml - lifecycle: - postStart: - exec: - command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/opt/app/policy/servers/pap/webapps/pap/WEB-INF/classes/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; export SRC=/tmp/policy-install/logback.xml; export DST=/opt/app/policy/servers/console/webapps/onap/WEB-INF/classes/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] - - image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.global.loggingImage | default .Values.loggingImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: filebeat-onap - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - name: filebeat-conf - subPath: filebeat.yml - - mountPath: /var/log/onap - name: policy-logs - - mountPath: /usr/share/filebeat/data - name: policy-data-filebeat - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: filebeat-conf - configMap: - name: {{ include "common.release" . }}-filebeat-configmap - - name: policy-logs - emptyDir: {} - - name: policy-data-filebeat - emptyDir: {} - - name: policy-logback - configMap: - name: {{ include "common.fullname" . }}-log-configmap - - name: policy-sdk-logback - configMap: - name: {{ include "common.fullname" . }}-sdk-log-configmap - - name: pe - configMap: - name: {{ include "common.release" . }}-pe-configmap - defaultMode: 0755 - - name: pe-scripts - configMap: - name: {{ include "common.release" . }}-pe-scripts-configmap - defaultMode: 0777 - - name: pe-pap - configMap: - name: {{ include "common.fullname" . }}-pe-configmap - defaultMode: 0755 - - name: pe-processed - emptyDir: - medium: Memory - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml index f6a1ace3dc..2c51728772 100644..100755 --- a/kubernetes/policy/templates/job.yaml +++ b/kubernetes/policy/templates/job.yaml @@ -1,4 +1,6 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada +# Modifications Copyright © 2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,11 +13,12 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: batch/v1 kind: Job metadata: - name: {{ include "common.release" . }}-galera-config + name: {{ include "common.release" . }}-policy-galera-config namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }}-job @@ -30,10 +33,10 @@ spec: initContainers: #This container checks that all galera instances are up before initializing it. - name: {{ include "common.name" . }}-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py - --container-name - {{ index .Values "mariadb-galera" "service" "name" }} env: @@ -43,7 +46,7 @@ spec: apiVersion: v1 fieldPath: metadata.namespace containers: - - name: {{ include "common.release" . }}-galera-config + - name: {{ include "common.release" . }}-policy-galera-config image: {{ .Values.mariadb_image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: @@ -64,6 +67,8 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: MYSQL_PORT value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}" + resources: +{{ include "common.resources" . }} restartPolicy: Never volumes: - name: {{ include "common.fullname" . }}-config diff --git a/kubernetes/policy/templates/secrets.yaml b/kubernetes/policy/templates/secrets.yaml index c1f98ba3cc..24c3857e6a 100644..100755 --- a/kubernetes/policy/templates/secrets.yaml +++ b/kubernetes/policy/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T, Orange # @@ -12,5 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/policy/templates/service.yaml b/kubernetes/policy/templates/service.yaml deleted file mode 100644 index 9f4ad9bed4..0000000000 --- a/kubernetes/policy/templates/service.yaml +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2019 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }} - - port: {{ .Values.service.externalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 4de13eee2d..714f9d928c 100644..100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2020 AT&T +# Modifications Copyright © 2018-2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,23 +17,8 @@ # Global configuration defaults. ################################################################# global: - nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - envsubstImage: dibi/envsubst - ubuntuImage: ubuntu:16.04 - pdp: - nameOverride: pdp - pap: - nameOverride: pap - drools: - nameOverride: drools - brmwgw: - nameOverride: brmsgw - nexus: - nameOverride: nexus + readinessImage: onap/oom/readiness:3.0.1 + aafEnabled: true mariadb: # '&mariadbConfig' means we "store" the values for later use in the file # with '*mariadbConfig' pointer. @@ -62,49 +47,44 @@ secrets: password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}' passwordPolicy: generate -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.6.4 -mariadb_image: library/mariadb:10 -pullPolicy: Always - -subChartsOnly: - enabled: true - db: &dbSecretsHook credsExternalSecret: *dbSecretName -pap: - nameOverride: pap +policy-api: + enabled: true db: *dbSecretsHook -pdp: - nameOverride: pdp +policy-pap: + enabled: true db: *dbSecretsHook -drools: - nameOverride: drools +policy-xacml-pdp: + enabled: true db: *dbSecretsHook -brmsgw: - nameOverride: brmsgw +policy-apex-pdp: + enabled: true db: *dbSecretsHook -policy-api: +policy-drools-pdp: + enabled: true db: *dbSecretsHook -policy-xacml-pdp: +policy-distribution: + enabled: true db: *dbSecretsHook +policy-nexus: + enabled: false -nexus: - nameOverride: nexus +################################################################# +# DB configuration defaults. +################################################################# + +repository: nexus3.onap.org:10001 +mariadb_image: library/mariadb:10 +pullPolicy: Always + +subChartsOnly: + enabled: true # flag to enable debugging - application support required debugEnabled: false -# application configuration -config: - preloadPolicies: false - pdpPort: 8081 - # default number of instances replicaCount: 1 @@ -124,26 +104,6 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 -service: - type: NodePort - name: pap - portName: pap - internalPort: 8443 - externalPort: 8443 - nodePort: 19 - internalPort2: 9091 - externalPort2: 9091 - nodePort2: 18 - -ingress: - enabled: false - service: - - baseaddr: "policy.api" - name: "pap" - port: 8443 - config: - ssl: "redirect" - mariadb-galera: # mariadb-galera.config and global.mariadb.config must be equals config: @@ -163,21 +123,22 @@ mariadb-galera: lower_case_table_names = 1 # Resource Limit flavor -By Default using small +# Segregation for Different environment (small, large, or unlimited) flavor: small -# Segregation for Different environment (Small and Large) resources: small: limits: cpu: 1 memory: 4Gi requests: - cpu: 10m + cpu: 100m memory: 1Gi large: limits: cpu: 2 memory: 8Gi requests: - cpu: 20m + cpu: 200m memory: 2Gi unlimited: {} + diff --git a/kubernetes/pomba/Makefile b/kubernetes/pomba/Makefile new file mode 100644 index 0000000000..4c79718d02 --- /dev/null +++ b/kubernetes/pomba/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/pomba/charts/pomba-aaictxbuilder/requirements.yaml b/kubernetes/pomba/charts/pomba-aaictxbuilder/requirements.yaml deleted file mode 100644 index e4c7240290..0000000000 --- a/kubernetes/pomba/charts/pomba-aaictxbuilder/requirements.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2018 Amdocs -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~6.x-0 - repository: '@local' diff --git a/kubernetes/pomba/charts/pomba-kibana/requirements.yaml b/kubernetes/pomba/charts/pomba-kibana/requirements.yaml deleted file mode 100644 index 6a61926e9e..0000000000 --- a/kubernetes/pomba/charts/pomba-kibana/requirements.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~6.x-0 - repository: '@local'
\ No newline at end of file diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/requirements.yaml b/kubernetes/pomba/charts/pomba-networkdiscovery/requirements.yaml deleted file mode 100644 index e10a513d1a..0000000000 --- a/kubernetes/pomba/charts/pomba-networkdiscovery/requirements.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/requirements.yaml b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/requirements.yaml deleted file mode 100644 index e4c7240290..0000000000 --- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/requirements.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2018 Amdocs -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~6.x-0 - repository: '@local' diff --git a/kubernetes/pomba/charts/pomba-sdcctxbuilder/requirements.yaml b/kubernetes/pomba/charts/pomba-sdcctxbuilder/requirements.yaml deleted file mode 100644 index 6a61926e9e..0000000000 --- a/kubernetes/pomba/charts/pomba-sdcctxbuilder/requirements.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~6.x-0 - repository: '@local'
\ No newline at end of file diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/requirements.yaml b/kubernetes/pomba/charts/pomba-sdncctxbuilder/requirements.yaml deleted file mode 100644 index e4c7240290..0000000000 --- a/kubernetes/pomba/charts/pomba-sdncctxbuilder/requirements.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2018 Amdocs -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~6.x-0 - repository: '@local' diff --git a/kubernetes/pomba/charts/pomba-servicedecomposition/requirements.yaml b/kubernetes/pomba/charts/pomba-servicedecomposition/requirements.yaml deleted file mode 100644 index 0b858a9edb..0000000000 --- a/kubernetes/pomba/charts/pomba-servicedecomposition/requirements.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright � 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
diff --git a/kubernetes/pomba/charts/pomba-servicedecomposition/templates/service.yaml b/kubernetes/pomba/charts/pomba-servicedecomposition/templates/service.yaml deleted file mode 100644 index 8d8e3f3b39..0000000000 --- a/kubernetes/pomba/charts/pomba-servicedecomposition/templates/service.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright © 2018 Amdocs -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - #Example internal target port if required - #targetPort: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName | default "http" }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName | default "http" }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/pomba/components/Makefile b/kubernetes/pomba/components/Makefile new file mode 100644 index 0000000000..bf267b7720 --- /dev/null +++ b/kubernetes/pomba/components/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/pomba/charts/pomba-aaictxbuilder/Chart.yaml b/kubernetes/pomba/components/pomba-aaictxbuilder/Chart.yaml index 92f1596141..92f1596141 100644 --- a/kubernetes/pomba/charts/pomba-aaictxbuilder/Chart.yaml +++ b/kubernetes/pomba/components/pomba-aaictxbuilder/Chart.yaml diff --git a/kubernetes/oof/charts/oof-has/requirements.yaml b/kubernetes/pomba/components/pomba-aaictxbuilder/requirements.yaml index 685abbcc66..fbe51550f0 100755..100644 --- a/kubernetes/oof/charts/oof-has/requirements.yaml +++ b/kubernetes/pomba/components/pomba-aaictxbuilder/requirements.yaml @@ -1,5 +1,4 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T,VMware # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,6 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' - - name: music + - name: repositoryGenerator version: ~6.x-0 repository: '@local' diff --git a/kubernetes/pomba/charts/pomba-aaictxbuilder/resources/config/application.properties b/kubernetes/pomba/components/pomba-aaictxbuilder/resources/config/application.properties index e171d173aa..fb27d9ce80 100644 --- a/kubernetes/pomba/charts/pomba-aaictxbuilder/resources/config/application.properties +++ b/kubernetes/pomba/components/pomba-aaictxbuilder/resources/config/application.properties @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License +*/}} spring.jersey.type=filter spring.mvc.urls=swagger,docs,prometheus,auditevents,info,heapdump,autoconfig,beans,loggers,dump,env,trace,health,configprops,mappings,metrics,webjars diff --git a/kubernetes/pomba/charts/pomba-aaictxbuilder/resources/config/logback.xml b/kubernetes/pomba/components/pomba-aaictxbuilder/resources/config/logback.xml index 0a4b616453..0a4b616453 100644 --- a/kubernetes/pomba/charts/pomba-aaictxbuilder/resources/config/logback.xml +++ b/kubernetes/pomba/components/pomba-aaictxbuilder/resources/config/logback.xml diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/templates/configmap.yaml b/kubernetes/pomba/components/pomba-aaictxbuilder/templates/configmap.yaml index 7c47fea02c..d0e26326ce 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/templates/configmap.yaml +++ b/kubernetes/pomba/components/pomba-aaictxbuilder/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -12,6 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/pomba/charts/pomba-aaictxbuilder/templates/deployment.yaml b/kubernetes/pomba/components/pomba-aaictxbuilder/templates/deployment.yaml index 0728a36061..d657215315 100644 --- a/kubernetes/pomba/charts/pomba-aaictxbuilder/templates/deployment.yaml +++ b/kubernetes/pomba/components/pomba-aaictxbuilder/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: extensions/v1beta1 kind: Deployment @@ -32,7 +34,7 @@ spec: spec: containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -83,7 +85,7 @@ spec: # Filebeat sidecar container - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf diff --git a/kubernetes/pomba/charts/pomba-aaictxbuilder/templates/service.yaml b/kubernetes/pomba/components/pomba-aaictxbuilder/templates/service.yaml index 8d8e3f3b39..2ebd6758a0 100644 --- a/kubernetes/pomba/charts/pomba-aaictxbuilder/templates/service.yaml +++ b/kubernetes/pomba/components/pomba-aaictxbuilder/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/pomba/charts/pomba-aaictxbuilder/values.yaml b/kubernetes/pomba/components/pomba-aaictxbuilder/values.yaml index c679b508b4..89cfd4d8d9 100644 --- a/kubernetes/pomba/charts/pomba-aaictxbuilder/values.yaml +++ b/kubernetes/pomba/components/pomba-aaictxbuilder/values.yaml @@ -17,13 +17,34 @@ ################################################################# global: nodePortPrefix: 302 - repository: nexus3.onap.org:10001 + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + passwordPolicy: required + - uid: pdp-http-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}' + login: '{{ .Values.pdp.pdphttpuserid }}' + password: '{{ .Values.pdp.pdphttppassword }}' + passwordPolicy: required + - uid: pap-http-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}' + login: '{{ .Values.pap.pdppappdphttpuserid }}' + password: '{{ .Values.pap.pdppappdphttppassword }}' + passwordPolicy: required ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 image: onap/pomba-aai-context-builder:1.5.1 pullPolicy: Always diff --git a/kubernetes/multicloud/charts/multicloud-windriver/.helmignore b/kubernetes/pomba/components/pomba-contextaggregator/.helmignore index f0c1319444..f0c1319444 100644..100755 --- a/kubernetes/multicloud/charts/multicloud-windriver/.helmignore +++ b/kubernetes/pomba/components/pomba-contextaggregator/.helmignore diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/Chart.yaml b/kubernetes/pomba/components/pomba-contextaggregator/Chart.yaml index 10dfcd743a..10dfcd743a 100644 --- a/kubernetes/pomba/charts/pomba-contextaggregator/Chart.yaml +++ b/kubernetes/pomba/components/pomba-contextaggregator/Chart.yaml diff --git a/kubernetes/pomba/components/pomba-contextaggregator/requirements.yaml b/kubernetes/pomba/components/pomba-contextaggregator/requirements.yaml new file mode 100644 index 0000000000..fbe51550f0 --- /dev/null +++ b/kubernetes/pomba/components/pomba-contextaggregator/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/application.properties b/kubernetes/pomba/components/pomba-contextaggregator/resources/config/application.properties index 8ffeb09d21..cddeeb3128 100755 --- a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/application.properties +++ b/kubernetes/pomba/components/pomba-contextaggregator/resources/config/application.properties @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} server.port=9529 server.ssl.key-store=/auth/tomcat_keystore server.ssl.key-store-password=onapSecret diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/aai.properties b/kubernetes/pomba/components/pomba-contextaggregator/resources/config/builders/aai.properties index db72a01a5e..a7dfa1adb8 100755 --- a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/aai.properties +++ b/kubernetes/pomba/components/pomba-contextaggregator/resources/config/builders/aai.properties @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} server.host={{ .Values.config.aaiCtxBuilderHost }} basicauth.username={{ .Values.config.aaiCtxBuilderUsername }} diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/ndcb.properties b/kubernetes/pomba/components/pomba-contextaggregator/resources/config/builders/ndcb.properties index f07cb65c31..c8daafc6e8 100644 --- a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/ndcb.properties +++ b/kubernetes/pomba/components/pomba-contextaggregator/resources/config/builders/ndcb.properties @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} server.host={{ .Values.global.networkdiscoveryCtxBuilderHost }} basicauth.username={{ .Values.config.networkdiscoveryCtxBuilderUsername }} diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/sdc.properties b/kubernetes/pomba/components/pomba-contextaggregator/resources/config/builders/sdc.properties index 77789f49bd..7cf98b1ddd 100755 --- a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/sdc.properties +++ b/kubernetes/pomba/components/pomba-contextaggregator/resources/config/builders/sdc.properties @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} server.host={{ .Values.config.sdcCtxBuilderHost }} basicauth.username={{ .Values.config.sdcCtxBuilderUsername }} basicauth.password={{ .Values.config.sdcCtxBuilderPassword }} diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/sdnc.properties b/kubernetes/pomba/components/pomba-contextaggregator/resources/config/builders/sdnc.properties index b36f0c3175..85c213e966 100644 --- a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/sdnc.properties +++ b/kubernetes/pomba/components/pomba-contextaggregator/resources/config/builders/sdnc.properties @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} server.host={{ .Values.config.sdncCtxBuilderHost }} basicauth.username={{ .Values.config.sdncCtxBuilderUsername }} basicauth.password={{ .Values.config.sdncCtxBuilderPassword }} diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/logback.xml b/kubernetes/pomba/components/pomba-contextaggregator/resources/config/logback.xml index 0a4b616453..0a4b616453 100644 --- a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/logback.xml +++ b/kubernetes/pomba/components/pomba-contextaggregator/resources/config/logback.xml diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/templates/configmap.yaml b/kubernetes/pomba/components/pomba-contextaggregator/templates/configmap.yaml index 6225338c76..0af3832c49 100755 --- a/kubernetes/pomba/charts/pomba-contextaggregator/templates/configmap.yaml +++ b/kubernetes/pomba/components/pomba-contextaggregator/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/templates/deployment.yaml b/kubernetes/pomba/components/pomba-contextaggregator/templates/deployment.yaml index 226a1c4f65..a8cab88b6a 100755 --- a/kubernetes/pomba/charts/pomba-contextaggregator/templates/deployment.yaml +++ b/kubernetes/pomba/components/pomba-contextaggregator/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: extensions/v1beta1 kind: Deployment @@ -32,7 +34,7 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - message-router @@ -42,12 +44,12 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -101,7 +103,7 @@ spec: # Filebeat sidecar container - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/templates/service.yaml b/kubernetes/pomba/components/pomba-contextaggregator/templates/service.yaml index 8d8e3f3b39..2ebd6758a0 100644 --- a/kubernetes/pomba/charts/pomba-contextaggregator/templates/service.yaml +++ b/kubernetes/pomba/components/pomba-contextaggregator/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/values.yaml b/kubernetes/pomba/components/pomba-contextaggregator/values.yaml index 1756f7c5d9..6745f00b41 100755 --- a/kubernetes/pomba/charts/pomba-contextaggregator/values.yaml +++ b/kubernetes/pomba/components/pomba-contextaggregator/values.yaml @@ -17,9 +17,6 @@ ################################################################# global: nodePortPrefix: 302 - repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 ################################################################# # Application configuration defaults. diff --git a/kubernetes/pnda/charts/dcae-pnda-mirror/.helmignore b/kubernetes/pomba/components/pomba-data-router/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/pnda/charts/dcae-pnda-mirror/.helmignore +++ b/kubernetes/pomba/components/pomba-data-router/.helmignore diff --git a/kubernetes/pomba/charts/pomba-data-router/Chart.yaml b/kubernetes/pomba/components/pomba-data-router/Chart.yaml index ce2fbacfa6..ce2fbacfa6 100644 --- a/kubernetes/pomba/charts/pomba-data-router/Chart.yaml +++ b/kubernetes/pomba/components/pomba-data-router/Chart.yaml diff --git a/kubernetes/pomba/components/pomba-data-router/requirements.yaml b/kubernetes/pomba/components/pomba-data-router/requirements.yaml new file mode 100644 index 0000000000..fbe51550f0 --- /dev/null +++ b/kubernetes/pomba/components/pomba-data-router/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/pomba/charts/pomba-data-router/resources/config/auth/client-cert-onap.p12 b/kubernetes/pomba/components/pomba-data-router/resources/config/auth/client-cert-onap.p12 Binary files differindex dbf4fcacec..dbf4fcacec 100644 --- a/kubernetes/pomba/charts/pomba-data-router/resources/config/auth/client-cert-onap.p12 +++ b/kubernetes/pomba/components/pomba-data-router/resources/config/auth/client-cert-onap.p12 diff --git a/kubernetes/pomba/charts/pomba-data-router/resources/config/auth/data-router_policy.json b/kubernetes/pomba/components/pomba-data-router/resources/config/auth/data-router_policy.json index 18659a5d4d..18659a5d4d 100644 --- a/kubernetes/pomba/charts/pomba-data-router/resources/config/auth/data-router_policy.json +++ b/kubernetes/pomba/components/pomba-data-router/resources/config/auth/data-router_policy.json diff --git a/kubernetes/pomba/charts/pomba-data-router/resources/config/auth/tomcat_keystore b/kubernetes/pomba/components/pomba-data-router/resources/config/auth/tomcat_keystore Binary files differindex 9eec841aa2..9eec841aa2 100644 --- a/kubernetes/pomba/charts/pomba-data-router/resources/config/auth/tomcat_keystore +++ b/kubernetes/pomba/components/pomba-data-router/resources/config/auth/tomcat_keystore diff --git a/kubernetes/pomba/components/pomba-data-router/resources/config/data-router.properties b/kubernetes/pomba/components/pomba-data-router/resources/config/data-router.properties new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/kubernetes/pomba/components/pomba-data-router/resources/config/data-router.properties diff --git a/kubernetes/pomba/charts/pomba-data-router/resources/config/schemaIngest.properties b/kubernetes/pomba/components/pomba-data-router/resources/config/schemaIngest.properties index 946bb63a13..ca9c4e557f 100644 --- a/kubernetes/pomba/charts/pomba-data-router/resources/config/schemaIngest.properties +++ b/kubernetes/pomba/components/pomba-data-router/resources/config/schemaIngest.properties @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} # Properties for the SchemaLocationsBean diff --git a/kubernetes/pomba/charts/pomba-data-router/resources/dynamic/conf/audit-bean.xml b/kubernetes/pomba/components/pomba-data-router/resources/dynamic/conf/audit-bean.xml index 3f22a8b701..3f22a8b701 100644 --- a/kubernetes/pomba/charts/pomba-data-router/resources/dynamic/conf/audit-bean.xml +++ b/kubernetes/pomba/components/pomba-data-router/resources/dynamic/conf/audit-bean.xml diff --git a/kubernetes/pomba/charts/pomba-data-router/resources/dynamic/conf/poa-validation-bean.xml b/kubernetes/pomba/components/pomba-data-router/resources/dynamic/conf/poa-validation-bean.xml index c5c8d615e4..c5c8d615e4 100644 --- a/kubernetes/pomba/charts/pomba-data-router/resources/dynamic/conf/poa-validation-bean.xml +++ b/kubernetes/pomba/components/pomba-data-router/resources/dynamic/conf/poa-validation-bean.xml diff --git a/kubernetes/pomba/charts/pomba-data-router/resources/dynamic/routes/audit.route b/kubernetes/pomba/components/pomba-data-router/resources/dynamic/routes/audit.route index db631a84fe..db631a84fe 100644 --- a/kubernetes/pomba/charts/pomba-data-router/resources/dynamic/routes/audit.route +++ b/kubernetes/pomba/components/pomba-data-router/resources/dynamic/routes/audit.route diff --git a/kubernetes/pomba/charts/pomba-data-router/resources/dynamic/routes/poaValidation.route b/kubernetes/pomba/components/pomba-data-router/resources/dynamic/routes/poaValidation.route index 655d436c9d..655d436c9d 100644 --- a/kubernetes/pomba/charts/pomba-data-router/resources/dynamic/routes/poaValidation.route +++ b/kubernetes/pomba/components/pomba-data-router/resources/dynamic/routes/poaValidation.route diff --git a/kubernetes/pomba/charts/pomba-data-router/templates/configmap.yaml b/kubernetes/pomba/components/pomba-data-router/templates/configmap.yaml index c726e48ac7..97b9e8389a 100644 --- a/kubernetes/pomba/charts/pomba-data-router/templates/configmap.yaml +++ b/kubernetes/pomba/components/pomba-data-router/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/pomba/charts/pomba-data-router/templates/deployment.yaml b/kubernetes/pomba/components/pomba-data-router/templates/deployment.yaml index 5de98159b9..7b080ea6c7 100644 --- a/kubernetes/pomba/charts/pomba-data-router/templates/deployment.yaml +++ b/kubernetes/pomba/components/pomba-data-router/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: extensions/v1beta1 kind: Deployment @@ -36,7 +38,7 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - pomba-search-data @@ -46,7 +48,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - command: @@ -64,7 +66,7 @@ spec: fieldPath: metadata.namespace securityContext: privileged: true - image: {{ .Values.global.dockerhubRepository | default .Values.dockerhubRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: init-sysctl volumeMounts: @@ -72,7 +74,7 @@ spec: mountPath: /logroot/ containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: SERVICE_BEANS @@ -130,7 +132,7 @@ spec: # Filebeat sidecar container - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf diff --git a/kubernetes/log/charts/log-logstash/templates/ingress.yaml b/kubernetes/pomba/components/pomba-data-router/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/log/charts/log-logstash/templates/ingress.yaml +++ b/kubernetes/pomba/components/pomba-data-router/templates/ingress.yaml diff --git a/kubernetes/pomba/charts/pomba-data-router/templates/pv.yaml b/kubernetes/pomba/components/pomba-data-router/templates/pv.yaml index bab5f83d85..bab5f83d85 100644 --- a/kubernetes/pomba/charts/pomba-data-router/templates/pv.yaml +++ b/kubernetes/pomba/components/pomba-data-router/templates/pv.yaml diff --git a/kubernetes/pomba/charts/pomba-data-router/templates/pvc.yaml b/kubernetes/pomba/components/pomba-data-router/templates/pvc.yaml index 64d5d3d46a..64d5d3d46a 100644 --- a/kubernetes/pomba/charts/pomba-data-router/templates/pvc.yaml +++ b/kubernetes/pomba/components/pomba-data-router/templates/pvc.yaml diff --git a/kubernetes/pomba/charts/pomba-data-router/templates/secret.yaml b/kubernetes/pomba/components/pomba-data-router/templates/secret.yaml index aa7c9388e4..e655997a19 100644 --- a/kubernetes/pomba/charts/pomba-data-router/templates/secret.yaml +++ b/kubernetes/pomba/components/pomba-data-router/templates/secret.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Secret diff --git a/kubernetes/pomba/charts/pomba-data-router/templates/service.yaml b/kubernetes/pomba/components/pomba-data-router/templates/service.yaml index 8e93602d11..decee40960 100644 --- a/kubernetes/pomba/charts/pomba-data-router/templates/service.yaml +++ b/kubernetes/pomba/components/pomba-data-router/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/pomba/charts/pomba-data-router/values.yaml b/kubernetes/pomba/components/pomba-data-router/values.yaml index f891dce42f..aed767c9e2 100644 --- a/kubernetes/pomba/charts/pomba-data-router/values.yaml +++ b/kubernetes/pomba/components/pomba-data-router/values.yaml @@ -22,17 +22,14 @@ global: nodePortPrefix: 302 persistence: {} - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 # application image -repository: nexus3.onap.org:10001 image: onap/data-router:1.3.3 pullPolicy: Always restartPolicy: Always # BusyBox image -busyboxRepository: registry.hub.docker.com +busyboxRepository: docker.io busyboxImage: library/busybox:latest diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/Chart.yaml b/kubernetes/pomba/components/pomba-elasticsearch/Chart.yaml index 70efb7e2b4..70efb7e2b4 100644 --- a/kubernetes/pomba/charts/pomba-elasticsearch/Chart.yaml +++ b/kubernetes/pomba/components/pomba-elasticsearch/Chart.yaml diff --git a/kubernetes/pomba/components/pomba-elasticsearch/requirements.yaml b/kubernetes/pomba/components/pomba-elasticsearch/requirements.yaml new file mode 100644 index 0000000000..fbe51550f0 --- /dev/null +++ b/kubernetes/pomba/components/pomba-elasticsearch/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/resources/config/elasticsearch.yml b/kubernetes/pomba/components/pomba-elasticsearch/resources/config/elasticsearch.yml index 2ffa686ba5..2ffa686ba5 100644 --- a/kubernetes/pomba/charts/pomba-elasticsearch/resources/config/elasticsearch.yml +++ b/kubernetes/pomba/components/pomba-elasticsearch/resources/config/elasticsearch.yml diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/templates/configmap.yaml b/kubernetes/pomba/components/pomba-elasticsearch/templates/configmap.yaml index 4ccc7cc526..8ca06753fd 100644 --- a/kubernetes/pomba/charts/pomba-elasticsearch/templates/configmap.yaml +++ b/kubernetes/pomba/components/pomba-elasticsearch/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/templates/deployment.yaml b/kubernetes/pomba/components/pomba-elasticsearch/templates/deployment.yaml index 39303c4a6c..578a5cd723 100644 --- a/kubernetes/pomba/charts/pomba-elasticsearch/templates/deployment.yaml +++ b/kubernetes/pomba/components/pomba-elasticsearch/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: extensions/v1beta1 kind: Deployment @@ -48,7 +50,7 @@ spec: fieldPath: metadata.namespace securityContext: privileged: true - image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.busyboxImage }} + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: init-sysctl volumeMounts: @@ -56,7 +58,7 @@ spec: mountPath: /logroot/ containers: - name: {{ include "common.name" . }} - image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.elasticRepository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/templates/pv-data.yaml b/kubernetes/pomba/components/pomba-elasticsearch/templates/pv-data.yaml index 18994300db..18994300db 100644 --- a/kubernetes/pomba/charts/pomba-elasticsearch/templates/pv-data.yaml +++ b/kubernetes/pomba/components/pomba-elasticsearch/templates/pv-data.yaml diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/templates/pv-logs.yaml b/kubernetes/pomba/components/pomba-elasticsearch/templates/pv-logs.yaml index 705ea83984..705ea83984 100644 --- a/kubernetes/pomba/charts/pomba-elasticsearch/templates/pv-logs.yaml +++ b/kubernetes/pomba/components/pomba-elasticsearch/templates/pv-logs.yaml diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/templates/pvc-data.yaml b/kubernetes/pomba/components/pomba-elasticsearch/templates/pvc-data.yaml index 4004e00f7e..4004e00f7e 100644 --- a/kubernetes/pomba/charts/pomba-elasticsearch/templates/pvc-data.yaml +++ b/kubernetes/pomba/components/pomba-elasticsearch/templates/pvc-data.yaml diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/templates/pvc-logs.yaml b/kubernetes/pomba/components/pomba-elasticsearch/templates/pvc-logs.yaml index f5898c129f..f5898c129f 100644 --- a/kubernetes/pomba/charts/pomba-elasticsearch/templates/pvc-logs.yaml +++ b/kubernetes/pomba/components/pomba-elasticsearch/templates/pvc-logs.yaml diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/templates/service.yaml b/kubernetes/pomba/components/pomba-elasticsearch/templates/service.yaml index 17fe1b5141..0a12afb609 100644 --- a/kubernetes/pomba/charts/pomba-elasticsearch/templates/service.yaml +++ b/kubernetes/pomba/components/pomba-elasticsearch/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/values.yaml b/kubernetes/pomba/components/pomba-elasticsearch/values.yaml index 8201eff7b1..04b9434e02 100644 --- a/kubernetes/pomba/charts/pomba-elasticsearch/values.yaml +++ b/kubernetes/pomba/components/pomba-elasticsearch/values.yaml @@ -23,12 +23,7 @@ global: # Application configuration defaults. ################################################################# -# BusyBox image -busyboxRepository: registry.hub.docker.com -busyboxImage: library/busybox:latest - # application image -loggingRepository: docker.elastic.co image: elasticsearch/elasticsearch:6.6.2 pullPolicy: Always diff --git a/kubernetes/pomba/charts/pomba-kibana/Chart.yaml b/kubernetes/pomba/components/pomba-kibana/Chart.yaml index 111730ce49..111730ce49 100644 --- a/kubernetes/pomba/charts/pomba-kibana/Chart.yaml +++ b/kubernetes/pomba/components/pomba-kibana/Chart.yaml diff --git a/kubernetes/pomba/components/pomba-kibana/requirements.yaml b/kubernetes/pomba/components/pomba-kibana/requirements.yaml new file mode 100644 index 0000000000..fbe51550f0 --- /dev/null +++ b/kubernetes/pomba/components/pomba-kibana/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/pomba/charts/pomba-kibana/resources/auth/pomba.crt.pem b/kubernetes/pomba/components/pomba-kibana/resources/auth/pomba.crt.pem index 11125eaef7..11125eaef7 100644 --- a/kubernetes/pomba/charts/pomba-kibana/resources/auth/pomba.crt.pem +++ b/kubernetes/pomba/components/pomba-kibana/resources/auth/pomba.crt.pem diff --git a/kubernetes/pomba/charts/pomba-kibana/resources/auth/pomba.key.pem b/kubernetes/pomba/components/pomba-kibana/resources/auth/pomba.key.pem index db46f0d462..db46f0d462 100644 --- a/kubernetes/pomba/charts/pomba-kibana/resources/auth/pomba.key.pem +++ b/kubernetes/pomba/components/pomba-kibana/resources/auth/pomba.key.pem diff --git a/kubernetes/pomba/charts/pomba-kibana/resources/bin/kibana_start.sh b/kubernetes/pomba/components/pomba-kibana/resources/bin/kibana_start.sh index 2323fe1280..781a4b7f67 100644 --- a/kubernetes/pomba/charts/pomba-kibana/resources/bin/kibana_start.sh +++ b/kubernetes/pomba/components/pomba-kibana/resources/bin/kibana_start.sh @@ -1,6 +1,7 @@ #!/bin/bash +{{/* -# Copyright 2018 Amdocs +# Copyright � 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +14,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} mkdir -p /usr/share/kibana/auth chmod 0777 /usr/share/kibana/auth diff --git a/kubernetes/pomba/charts/pomba-kibana/resources/config/default-mapping.json b/kubernetes/pomba/components/pomba-kibana/resources/config/default-mapping.json index 77afee7a03..77afee7a03 100644 --- a/kubernetes/pomba/charts/pomba-kibana/resources/config/default-mapping.json +++ b/kubernetes/pomba/components/pomba-kibana/resources/config/default-mapping.json diff --git a/kubernetes/pomba/charts/pomba-kibana/resources/config/default.json b/kubernetes/pomba/components/pomba-kibana/resources/config/default.json index d54dbfe686..d54dbfe686 100644 --- a/kubernetes/pomba/charts/pomba-kibana/resources/config/default.json +++ b/kubernetes/pomba/components/pomba-kibana/resources/config/default.json diff --git a/kubernetes/pomba/charts/pomba-kibana/resources/config/kibana.yml b/kubernetes/pomba/components/pomba-kibana/resources/config/kibana.yml index fdcdd02cc7..fdcdd02cc7 100644 --- a/kubernetes/pomba/charts/pomba-kibana/resources/config/kibana.yml +++ b/kubernetes/pomba/components/pomba-kibana/resources/config/kibana.yml diff --git a/kubernetes/pomba/charts/pomba-kibana/templates/configmap.yaml b/kubernetes/pomba/components/pomba-kibana/templates/configmap.yaml index 4eb25fedcf..8facf30c14 100644 --- a/kubernetes/pomba/charts/pomba-kibana/templates/configmap.yaml +++ b/kubernetes/pomba/components/pomba-kibana/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/pomba/charts/pomba-kibana/templates/deployment.yaml b/kubernetes/pomba/components/pomba-kibana/templates/deployment.yaml index c955c6db07..7258784f09 100644 --- a/kubernetes/pomba/charts/pomba-kibana/templates/deployment.yaml +++ b/kubernetes/pomba/components/pomba-kibana/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: extensions/v1beta1 kind: Deployment @@ -32,7 +34,7 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - pomba-elasticsearch @@ -42,7 +44,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - args: @@ -55,7 +57,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.configRepository }}/{{ .Values.configImage }}" + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.configImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-config-map volumeMounts: @@ -72,7 +74,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.configRepository }}/{{ .Values.configImage }}" + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.configImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-config volumeMounts: @@ -81,7 +83,7 @@ spec: subPath: default.json containers: - name: {{ include "common.name" . }} - image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.elasticRepository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/bin/bash"] args: ["-c", "/opt/app/bin/kibana_start.sh"] diff --git a/kubernetes/pomba/charts/pomba-data-router/templates/ingress.yaml b/kubernetes/pomba/components/pomba-kibana/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/pomba/charts/pomba-data-router/templates/ingress.yaml +++ b/kubernetes/pomba/components/pomba-kibana/templates/ingress.yaml diff --git a/kubernetes/pomba/charts/pomba-kibana/templates/service.yaml b/kubernetes/pomba/components/pomba-kibana/templates/service.yaml index 9a12412e74..decd606f35 100644 --- a/kubernetes/pomba/charts/pomba-kibana/templates/service.yaml +++ b/kubernetes/pomba/components/pomba-kibana/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/pomba/charts/pomba-kibana/values.yaml b/kubernetes/pomba/components/pomba-kibana/values.yaml index c892f1b85e..deed02fd18 100644 --- a/kubernetes/pomba/charts/pomba-kibana/values.yaml +++ b/kubernetes/pomba/components/pomba-kibana/values.yaml @@ -17,23 +17,15 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 persistence: {} ################################################################# # Application configuration defaults. ################################################################# # Configuration image -configRepository: docker.io configImage: taskrabbit/elasticsearch-dump -# BusyBox image -busyboxRepository: registry.hub.docker.com -busyboxImage: library/busybox:latest - # application image -loggingRepository: docker.elastic.co image: kibana/kibana:6.6.2 pullPolicy: Always diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/Chart.yaml b/kubernetes/pomba/components/pomba-networkdiscovery/Chart.yaml index 9f8d3651b8..9f8d3651b8 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscovery/Chart.yaml +++ b/kubernetes/pomba/components/pomba-networkdiscovery/Chart.yaml diff --git a/kubernetes/pomba/components/pomba-networkdiscovery/requirements.yaml b/kubernetes/pomba/components/pomba-networkdiscovery/requirements.yaml new file mode 100644 index 0000000000..fbe51550f0 --- /dev/null +++ b/kubernetes/pomba/components/pomba-networkdiscovery/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties b/kubernetes/pomba/components/pomba-networkdiscovery/resources/config/application.properties index f09dc05980..19f9690f73 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties +++ b/kubernetes/pomba/components/pomba-networkdiscovery/resources/config/application.properties @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License +*/}} spring.jersey.type=filter diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/client-cert-onap.p12 b/kubernetes/pomba/components/pomba-networkdiscovery/resources/config/auth/client-cert-onap.p12 Binary files differindex dbf4fcacec..dbf4fcacec 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/client-cert-onap.p12 +++ b/kubernetes/pomba/components/pomba-networkdiscovery/resources/config/auth/client-cert-onap.p12 diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/tomcat_keystore b/kubernetes/pomba/components/pomba-networkdiscovery/resources/config/auth/tomcat_keystore Binary files differindex 9eec841aa2..9eec841aa2 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/tomcat_keystore +++ b/kubernetes/pomba/components/pomba-networkdiscovery/resources/config/auth/tomcat_keystore diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/logback.xml b/kubernetes/pomba/components/pomba-networkdiscovery/resources/config/logback.xml index 0a4b616453..0a4b616453 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/logback.xml +++ b/kubernetes/pomba/components/pomba-networkdiscovery/resources/config/logback.xml diff --git a/kubernetes/pomba/charts/pomba-aaictxbuilder/templates/configmap.yaml b/kubernetes/pomba/components/pomba-networkdiscovery/templates/configmap.yaml index 7c47fea02c..2e1a4387e2 100644 --- a/kubernetes/pomba/charts/pomba-aaictxbuilder/templates/configmap.yaml +++ b/kubernetes/pomba/components/pomba-networkdiscovery/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -12,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # - +*/}} apiVersion: v1 kind: ConfigMap metadata: diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml b/kubernetes/pomba/components/pomba-networkdiscovery/templates/deployment.yaml index 5ca2307f4e..be6c7c423a 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml +++ b/kubernetes/pomba/components/pomba-networkdiscovery/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: extensions/v1beta1 kind: Deployment @@ -32,7 +34,7 @@ spec: spec: containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -90,7 +92,7 @@ spec: # Filebeat sidecar container - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf diff --git a/kubernetes/pomba/charts/pomba-kibana/templates/ingress.yaml b/kubernetes/pomba/components/pomba-networkdiscovery/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/pomba/charts/pomba-kibana/templates/ingress.yaml +++ b/kubernetes/pomba/components/pomba-networkdiscovery/templates/ingress.yaml diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/secrets.yaml b/kubernetes/pomba/components/pomba-networkdiscovery/templates/secrets.yaml index ef48fbb5e1..6d357c496d 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/secrets.yaml +++ b/kubernetes/pomba/components/pomba-networkdiscovery/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}} apiVersion: v1
kind: Secret
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/service.yaml b/kubernetes/pomba/components/pomba-networkdiscovery/templates/service.yaml index 73b290178c..a846fe3ec0 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/service.yaml +++ b/kubernetes/pomba/components/pomba-networkdiscovery/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}} apiVersion: v1
kind: Service
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml b/kubernetes/pomba/components/pomba-networkdiscovery/values.yaml index ae613c6034..50c837d27d 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml +++ b/kubernetes/pomba/components/pomba-networkdiscovery/values.yaml @@ -17,13 +17,11 @@ ################################################################# global: nodePortPrefix: 302 - repository: nexus3.onap.org:10001 ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 image: onap/network-discovery:1.5.1 pullPolicy: Always @@ -86,7 +84,7 @@ service: #Services may use any combination of ports depending on the 'type' of #service being defined. type: NodePort - name: pomba-networkdiscovery + name: pomba-networkdiscovery externalPort: 9531 internalPort: 8443 nodePort: 99 @@ -100,7 +98,7 @@ ingress: port: 8443 config: ssl: "redirect" - + # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/Chart.yaml b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/Chart.yaml index d7cdd91aa3..d7cdd91aa3 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/Chart.yaml +++ b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/Chart.yaml diff --git a/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/requirements.yaml b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/requirements.yaml new file mode 100644 index 0000000000..fbe51550f0 --- /dev/null +++ b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/resources/config/application.properties b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/resources/config/application.properties index 5317ab353c..6b43aba20e 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/resources/config/application.properties +++ b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/resources/config/application.properties @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License +*/}} spring.jersey.type=filter spring.mvc.urls=swagger,docs,prometheus,auditevents,info,heapdump,autoconfig,beans,loggers,dump,env,trace,health,configprops,mappings,metrics,webjars diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/resources/config/logback.xml b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/resources/config/logback.xml index 0a4b616453..0a4b616453 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/resources/config/logback.xml +++ b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/resources/config/logback.xml diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/configmap.yaml b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/templates/configmap.yaml index 7c47fea02c..d0e26326ce 100644 --- a/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/configmap.yaml +++ b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -12,6 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/templates/deployment.yaml b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/templates/deployment.yaml index 8063f25275..32f35b695e 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/templates/deployment.yaml +++ b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: extensions/v1beta1 kind: Deployment @@ -32,7 +34,7 @@ spec: spec: containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -82,7 +84,7 @@ spec: # Filebeat sidecar container - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/service.yaml b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/templates/service.yaml index 8d8e3f3b39..2ebd6758a0 100644 --- a/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/service.yaml +++ b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/values.yaml index de7d661f5b..3fa4b8b25e 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml +++ b/kubernetes/pomba/components/pomba-networkdiscoveryctxbuilder/values.yaml @@ -17,13 +17,11 @@ ################################################################# global: nodePortPrefix: 302 - repository: nexus3.onap.org:10001 ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 image: onap/pomba-network-discovery-context-builder:1.5.1 pullPolicy: Always diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/.helmignore b/kubernetes/pomba/components/pomba-sdcctxbuilder/.helmignore index f0c1319444..f0c1319444 100755..100644 --- a/kubernetes/pomba/charts/pomba-contextaggregator/.helmignore +++ b/kubernetes/pomba/components/pomba-sdcctxbuilder/.helmignore diff --git a/kubernetes/pomba/charts/pomba-sdcctxbuilder/Chart.yaml b/kubernetes/pomba/components/pomba-sdcctxbuilder/Chart.yaml index c75c5a2c8f..c75c5a2c8f 100644 --- a/kubernetes/pomba/charts/pomba-sdcctxbuilder/Chart.yaml +++ b/kubernetes/pomba/components/pomba-sdcctxbuilder/Chart.yaml diff --git a/kubernetes/pomba/components/pomba-sdcctxbuilder/requirements.yaml b/kubernetes/pomba/components/pomba-sdcctxbuilder/requirements.yaml new file mode 100644 index 0000000000..fbe51550f0 --- /dev/null +++ b/kubernetes/pomba/components/pomba-sdcctxbuilder/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/pomba/charts/pomba-sdcctxbuilder/resources/config/README.txt b/kubernetes/pomba/components/pomba-sdcctxbuilder/resources/config/README.txt index 5cc01497f5..5cc01497f5 100644 --- a/kubernetes/pomba/charts/pomba-sdcctxbuilder/resources/config/README.txt +++ b/kubernetes/pomba/components/pomba-sdcctxbuilder/resources/config/README.txt diff --git a/kubernetes/pomba/charts/pomba-sdcctxbuilder/resources/config/application.properties b/kubernetes/pomba/components/pomba-sdcctxbuilder/resources/config/application.properties index 08879c5606..cfa618dad9 100644 --- a/kubernetes/pomba/charts/pomba-sdcctxbuilder/resources/config/application.properties +++ b/kubernetes/pomba/components/pomba-sdcctxbuilder/resources/config/application.properties @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} spring.jersey.type=filter spring.mvc.urls=swagger,docs,prometheus,auditevents,info,heapdump,autoconfig,beans,loggers,dump,env,trace,health,configprops,mappings,metrics,webjars diff --git a/kubernetes/pomba/charts/pomba-sdcctxbuilder/resources/config/logback.xml b/kubernetes/pomba/components/pomba-sdcctxbuilder/resources/config/logback.xml index 0a4b616453..0a4b616453 100644 --- a/kubernetes/pomba/charts/pomba-sdcctxbuilder/resources/config/logback.xml +++ b/kubernetes/pomba/components/pomba-sdcctxbuilder/resources/config/logback.xml diff --git a/kubernetes/pomba/charts/pomba-sdcctxbuilder/templates/configmap.yaml b/kubernetes/pomba/components/pomba-sdcctxbuilder/templates/configmap.yaml index bae6641e13..ab79c5c24f 100644 --- a/kubernetes/pomba/charts/pomba-sdcctxbuilder/templates/configmap.yaml +++ b/kubernetes/pomba/components/pomba-sdcctxbuilder/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/pomba/charts/pomba-sdcctxbuilder/templates/deployment.yaml b/kubernetes/pomba/components/pomba-sdcctxbuilder/templates/deployment.yaml index 02ee5f8ffa..67be143cd9 100644 --- a/kubernetes/pomba/charts/pomba-sdcctxbuilder/templates/deployment.yaml +++ b/kubernetes/pomba/components/pomba-sdcctxbuilder/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: extensions/v1beta1 kind: Deployment @@ -32,7 +34,7 @@ spec: spec: containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -81,7 +83,7 @@ spec: # Filebeat sidecar container - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf diff --git a/kubernetes/pomba/charts/pomba-validation-service/templates/service.yaml b/kubernetes/pomba/components/pomba-sdcctxbuilder/templates/service.yaml index 423df45189..8647447dc1 100644 --- a/kubernetes/pomba/charts/pomba-validation-service/templates/service.yaml +++ b/kubernetes/pomba/components/pomba-sdcctxbuilder/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/pomba/charts/pomba-sdcctxbuilder/values.yaml b/kubernetes/pomba/components/pomba-sdcctxbuilder/values.yaml index d05ec5b675..b9502d88c9 100644 --- a/kubernetes/pomba/charts/pomba-sdcctxbuilder/values.yaml +++ b/kubernetes/pomba/components/pomba-sdcctxbuilder/values.yaml @@ -17,17 +17,11 @@ ################################################################# global: nodePortPrefix: 302 - repository: nexus3.onap.org:10001 -# readinessRepository: oomk8s -# readinessImage: readiness-check:2.0.0 -# loggingRepository: docker.elastic.co -# loggingImage: beats/filebeat:5.5.0 ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 image: onap/pomba-sdc-context-builder:1.5.1 pullPolicy: Always diff --git a/kubernetes/pomba/charts/pomba-data-router/.helmignore b/kubernetes/pomba/components/pomba-sdncctxbuilder/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/pomba/charts/pomba-data-router/.helmignore +++ b/kubernetes/pomba/components/pomba-sdncctxbuilder/.helmignore diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/Chart.yaml b/kubernetes/pomba/components/pomba-sdncctxbuilder/Chart.yaml index edd2385f55..edd2385f55 100644 --- a/kubernetes/pomba/charts/pomba-sdncctxbuilder/Chart.yaml +++ b/kubernetes/pomba/components/pomba-sdncctxbuilder/Chart.yaml diff --git a/kubernetes/pomba/components/pomba-sdncctxbuilder/requirements.yaml b/kubernetes/pomba/components/pomba-sdncctxbuilder/requirements.yaml new file mode 100644 index 0000000000..fbe51550f0 --- /dev/null +++ b/kubernetes/pomba/components/pomba-sdncctxbuilder/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/application.properties b/kubernetes/pomba/components/pomba-sdncctxbuilder/resources/config/application.properties index 24b443c57f..f95fa85fc1 100644 --- a/kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/application.properties +++ b/kubernetes/pomba/components/pomba-sdncctxbuilder/resources/config/application.properties @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License +*/}} spring.jersey.type=filter spring.mvc.urls=swagger,docs,prometheus,auditevents,info,heapdump,autoconfig,beans,loggers,dump,env,trace,health,configprops,mappings,metrics,webjars diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/logback.xml b/kubernetes/pomba/components/pomba-sdncctxbuilder/resources/config/logback.xml index 0a4b616453..0a4b616453 100644 --- a/kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/logback.xml +++ b/kubernetes/pomba/components/pomba-sdncctxbuilder/resources/config/logback.xml diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/configmap.yaml b/kubernetes/pomba/components/pomba-sdncctxbuilder/templates/configmap.yaml index 3c8606a835..d0e26326ce 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/configmap.yaml +++ b/kubernetes/pomba/components/pomba-sdncctxbuilder/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -12,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +*/}} + apiVersion: v1 kind: ConfigMap metadata: diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/deployment.yaml b/kubernetes/pomba/components/pomba-sdncctxbuilder/templates/deployment.yaml index 65cf63db2f..0bb855b6ce 100644 --- a/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/deployment.yaml +++ b/kubernetes/pomba/components/pomba-sdncctxbuilder/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: extensions/v1beta1 kind: Deployment @@ -32,7 +34,7 @@ spec: spec: containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -81,7 +83,7 @@ spec: # Filebeat sidecar container - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/templates/service.yaml b/kubernetes/pomba/components/pomba-sdncctxbuilder/templates/service.yaml index 8d8e3f3b39..2ebd6758a0 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/templates/service.yaml +++ b/kubernetes/pomba/components/pomba-sdncctxbuilder/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/values.yaml b/kubernetes/pomba/components/pomba-sdncctxbuilder/values.yaml index 2b12660123..0c8814c6a3 100644 --- a/kubernetes/pomba/charts/pomba-sdncctxbuilder/values.yaml +++ b/kubernetes/pomba/components/pomba-sdncctxbuilder/values.yaml @@ -17,13 +17,11 @@ ################################################################# global: nodePortPrefix: 302 - repository: nexus3.onap.org:10001 ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 image: onap/pomba-sdnc-context-builder:1.5.1 pullPolicy: Always diff --git a/kubernetes/pomba/charts/pomba-sdcctxbuilder/.helmignore b/kubernetes/pomba/components/pomba-search-data/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/pomba/charts/pomba-sdcctxbuilder/.helmignore +++ b/kubernetes/pomba/components/pomba-search-data/.helmignore diff --git a/kubernetes/pomba/charts/pomba-search-data/Chart.yaml b/kubernetes/pomba/components/pomba-search-data/Chart.yaml index 5f3bc0ae79..5f3bc0ae79 100644 --- a/kubernetes/pomba/charts/pomba-search-data/Chart.yaml +++ b/kubernetes/pomba/components/pomba-search-data/Chart.yaml diff --git a/kubernetes/pomba/components/pomba-search-data/requirements.yaml b/kubernetes/pomba/components/pomba-search-data/requirements.yaml new file mode 100644 index 0000000000..fbe51550f0 --- /dev/null +++ b/kubernetes/pomba/components/pomba-search-data/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/pomba/charts/pomba-search-data/resources/config/analysis-config.json b/kubernetes/pomba/components/pomba-search-data/resources/config/analysis-config.json index 0927d98748..0927d98748 100644 --- a/kubernetes/pomba/charts/pomba-search-data/resources/config/analysis-config.json +++ b/kubernetes/pomba/components/pomba-search-data/resources/config/analysis-config.json diff --git a/kubernetes/pomba/charts/pomba-search-data/resources/config/auth/search_policy.json b/kubernetes/pomba/components/pomba-search-data/resources/config/auth/search_policy.json index 00a6de5f4a..00a6de5f4a 100644 --- a/kubernetes/pomba/charts/pomba-search-data/resources/config/auth/search_policy.json +++ b/kubernetes/pomba/components/pomba-search-data/resources/config/auth/search_policy.json diff --git a/kubernetes/pomba/charts/pomba-search-data/resources/config/auth/tomcat_keystore b/kubernetes/pomba/components/pomba-search-data/resources/config/auth/tomcat_keystore Binary files differindex 9eec841aa2..9eec841aa2 100644 --- a/kubernetes/pomba/charts/pomba-search-data/resources/config/auth/tomcat_keystore +++ b/kubernetes/pomba/components/pomba-search-data/resources/config/auth/tomcat_keystore diff --git a/kubernetes/pomba/charts/pomba-search-data/resources/config/dynamic-custom-template.json b/kubernetes/pomba/components/pomba-search-data/resources/config/dynamic-custom-template.json index 0bd8686f85..0bd8686f85 100644 --- a/kubernetes/pomba/charts/pomba-search-data/resources/config/dynamic-custom-template.json +++ b/kubernetes/pomba/components/pomba-search-data/resources/config/dynamic-custom-template.json diff --git a/kubernetes/pomba/charts/pomba-search-data/resources/config/elastic-search.properties b/kubernetes/pomba/components/pomba-search-data/resources/config/elastic-search.properties index 3048e6019e..a42eb427bb 100644 --- a/kubernetes/pomba/charts/pomba-search-data/resources/config/elastic-search.properties +++ b/kubernetes/pomba/components/pomba-search-data/resources/config/elastic-search.properties @@ -1,4 +1,6 @@ +{{/* # ElasticSearch Configuration +*/}} es.cluster-name=POMBA_ES es.ip-address=pomba-es.{{.Release.Namespace}} diff --git a/kubernetes/pomba/charts/pomba-search-data/resources/config/es-payload-translation.json b/kubernetes/pomba/components/pomba-search-data/resources/config/es-payload-translation.json index 58ed8f6428..58ed8f6428 100644 --- a/kubernetes/pomba/charts/pomba-search-data/resources/config/es-payload-translation.json +++ b/kubernetes/pomba/components/pomba-search-data/resources/config/es-payload-translation.json diff --git a/kubernetes/pomba/charts/pomba-search-data/resources/config/filter-config.json b/kubernetes/pomba/components/pomba-search-data/resources/config/filter-config.json index 5f9120e889..5f9120e889 100644 --- a/kubernetes/pomba/charts/pomba-search-data/resources/config/filter-config.json +++ b/kubernetes/pomba/components/pomba-search-data/resources/config/filter-config.json diff --git a/kubernetes/pomba/charts/pomba-search-data/resources/config/log/logback.xml b/kubernetes/pomba/components/pomba-search-data/resources/config/log/logback.xml index bfca544fe0..f84d1bbbb0 100644 --- a/kubernetes/pomba/charts/pomba-search-data/resources/config/log/logback.xml +++ b/kubernetes/pomba/components/pomba-search-data/resources/config/log/logback.xml @@ -163,6 +163,7 @@ <root> <appender-ref ref="asyncEELF" /> + <appender-ref ref="STDOUT" /> <!-- <appender-ref ref="asyncEELFDebug" /> --> </root> diff --git a/kubernetes/pomba/charts/pomba-search-data/templates/configmap.yaml b/kubernetes/pomba/components/pomba-search-data/templates/configmap.yaml index 0715f0d51a..0715f0d51a 100644 --- a/kubernetes/pomba/charts/pomba-search-data/templates/configmap.yaml +++ b/kubernetes/pomba/components/pomba-search-data/templates/configmap.yaml diff --git a/kubernetes/pomba/charts/pomba-search-data/templates/deployment.yaml b/kubernetes/pomba/components/pomba-search-data/templates/deployment.yaml index 6cd404b710..08fc3e9148 100644 --- a/kubernetes/pomba/charts/pomba-search-data/templates/deployment.yaml +++ b/kubernetes/pomba/components/pomba-search-data/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: extensions/v1beta1 kind: Deployment @@ -36,7 +38,7 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - pomba-elasticsearch @@ -46,12 +48,12 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: CONFIG_HOME @@ -119,7 +121,7 @@ spec: # side car containers - name: filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /usr/share/filebeat/filebeat.yml diff --git a/kubernetes/pomba/charts/pomba-search-data/templates/secret.yaml b/kubernetes/pomba/components/pomba-search-data/templates/secret.yaml index 33b058fc8f..33b058fc8f 100644 --- a/kubernetes/pomba/charts/pomba-search-data/templates/secret.yaml +++ b/kubernetes/pomba/components/pomba-search-data/templates/secret.yaml diff --git a/kubernetes/pomba/charts/pomba-search-data/templates/service.yaml b/kubernetes/pomba/components/pomba-search-data/templates/service.yaml index c786a5a894..c786a5a894 100644 --- a/kubernetes/pomba/charts/pomba-search-data/templates/service.yaml +++ b/kubernetes/pomba/components/pomba-search-data/templates/service.yaml diff --git a/kubernetes/pomba/charts/pomba-search-data/values.yaml b/kubernetes/pomba/components/pomba-search-data/values.yaml index 88f45e35c2..a950750f85 100644 --- a/kubernetes/pomba/charts/pomba-search-data/values.yaml +++ b/kubernetes/pomba/components/pomba-search-data/values.yaml @@ -3,12 +3,9 @@ # Declare variables to be passed into your templates. global: # global defaults nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 # application image -repository: nexus3.onap.org:10001 image: onap/search-data-service:1.3.1 pullPolicy: Always restartPolicy: Always diff --git a/kubernetes/pomba/charts/pomba-servicedecomposition/Chart.yaml b/kubernetes/pomba/components/pomba-servicedecomposition/Chart.yaml index d12b3f984d..d12b3f984d 100644 --- a/kubernetes/pomba/charts/pomba-servicedecomposition/Chart.yaml +++ b/kubernetes/pomba/components/pomba-servicedecomposition/Chart.yaml diff --git a/kubernetes/pomba/components/pomba-servicedecomposition/requirements.yaml b/kubernetes/pomba/components/pomba-servicedecomposition/requirements.yaml new file mode 100644 index 0000000000..fbe51550f0 --- /dev/null +++ b/kubernetes/pomba/components/pomba-servicedecomposition/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/pomba/charts/pomba-servicedecomposition/resources/config/application.properties b/kubernetes/pomba/components/pomba-servicedecomposition/resources/config/application.properties index bbf0901449..d03f44a080 100644 --- a/kubernetes/pomba/charts/pomba-servicedecomposition/resources/config/application.properties +++ b/kubernetes/pomba/components/pomba-servicedecomposition/resources/config/application.properties @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License +*/}} spring.jersey.type=filter spring.mvc.urls=swagger,docs,prometheus,auditevents,info,heapdump,autoconfig,beans,loggers,dump,env,trace,health,configprops,mappings,metrics,webjars diff --git a/kubernetes/pomba/charts/pomba-servicedecomposition/resources/config/log/logback.xml b/kubernetes/pomba/components/pomba-servicedecomposition/resources/config/log/logback.xml index 3b02684b68..3b02684b68 100644 --- a/kubernetes/pomba/charts/pomba-servicedecomposition/resources/config/log/logback.xml +++ b/kubernetes/pomba/components/pomba-servicedecomposition/resources/config/log/logback.xml diff --git a/kubernetes/pomba/charts/pomba-servicedecomposition/templates/configmap.yaml b/kubernetes/pomba/components/pomba-servicedecomposition/templates/configmap.yaml index 69823169c5..e2cb33c791 100644 --- a/kubernetes/pomba/charts/pomba-servicedecomposition/templates/configmap.yaml +++ b/kubernetes/pomba/components/pomba-servicedecomposition/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -12,6 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/pomba/charts/pomba-servicedecomposition/templates/deployment.yaml b/kubernetes/pomba/components/pomba-servicedecomposition/templates/deployment.yaml index 74e38f3de5..d30e921e12 100644 --- a/kubernetes/pomba/charts/pomba-servicedecomposition/templates/deployment.yaml +++ b/kubernetes/pomba/components/pomba-servicedecomposition/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: extensions/v1beta1 kind: Deployment @@ -32,7 +34,7 @@ spec: spec: containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -78,7 +80,7 @@ spec: # Filebeat sidecar container - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf diff --git a/kubernetes/pomba/components/pomba-servicedecomposition/templates/service.yaml b/kubernetes/pomba/components/pomba-servicedecomposition/templates/service.yaml new file mode 100644 index 0000000000..2ebd6758a0 --- /dev/null +++ b/kubernetes/pomba/components/pomba-servicedecomposition/templates/service.yaml @@ -0,0 +1,43 @@ +{{/* +# Copyright © 2018 Amdocs +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort }} + #Example internal target port if required + #targetPort: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName | default "http" }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName | default "http" }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} diff --git a/kubernetes/pomba/charts/pomba-servicedecomposition/values.yaml b/kubernetes/pomba/components/pomba-servicedecomposition/values.yaml index ac8a379724..a0e849890a 100644 --- a/kubernetes/pomba/charts/pomba-servicedecomposition/values.yaml +++ b/kubernetes/pomba/components/pomba-servicedecomposition/values.yaml @@ -17,13 +17,11 @@ ################################################################# global: nodePortPrefix: 302 - repository: nexus3.onap.org:10001 ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 image: onap/service-decomposition:1.5.1 pullPolicy: Always diff --git a/kubernetes/pomba/charts/pomba-validation-service/Chart.yaml b/kubernetes/pomba/components/pomba-validation-service/Chart.yaml index 525de440a9..525de440a9 100644 --- a/kubernetes/pomba/charts/pomba-validation-service/Chart.yaml +++ b/kubernetes/pomba/components/pomba-validation-service/Chart.yaml diff --git a/kubernetes/pomba/components/pomba-validation-service/requirements.yaml b/kubernetes/pomba/components/pomba-validation-service/requirements.yaml new file mode 100644 index 0000000000..fbe51550f0 --- /dev/null +++ b/kubernetes/pomba/components/pomba-validation-service/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/README.txt b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/README.txt index 5cc01497f5..5cc01497f5 100644 --- a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/README.txt +++ b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/README.txt diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/aai-environment.properties b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/aai-environment.properties index cd5c62e96b..cd5c62e96b 100644 --- a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/aai-environment.properties +++ b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/aai-environment.properties diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth/client-cert-onap.p12 b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/auth/client-cert-onap.p12 Binary files differindex dbf4fcacec..dbf4fcacec 100644 --- a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth/client-cert-onap.p12 +++ b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/auth/client-cert-onap.p12 diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth/tomcat_keystore b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/auth/tomcat_keystore Binary files differindex 9eec841aa2..9eec841aa2 100644 --- a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth/tomcat_keystore +++ b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/auth/tomcat_keystore diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth_policy.json b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/auth_policy.json index ea5565a71e..ea5565a71e 100644 --- a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth_policy.json +++ b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/auth_policy.json diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/rule-data-dictionary.properties b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/rule-data-dictionary.properties index d93f030395..d93f030395 100644 --- a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/rule-data-dictionary.properties +++ b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/rule-data-dictionary.properties diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/rule-indexing.properties b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/rule-indexing.properties index 06f4626ab6..06f4626ab6 100644 --- a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/rule-indexing.properties +++ b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/rule-indexing.properties diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/schemaIngest.properties b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/schemaIngest.properties index 41e83bb11d..a711881dc5 100644 --- a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/schemaIngest.properties +++ b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/schemaIngest.properties @@ -1,5 +1,7 @@ +{{/* # Properties for the SchemaLocationsBean # The AAI Schema jar will be unpacked to bundleconfig/etc +*/}} schemaConfig=bundleconfig # Files named aai_oxm_v*.xml are unpacked here: nodeDir=${APP_HOME}/bundleconfig/etc/oxm diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-audit-result.properties b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/topics/topic-poa-audit-result.properties index 7d335aed50..fe8e2684d5 100644 --- a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-audit-result.properties +++ b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/topics/topic-poa-audit-result.properties @@ -1,3 +1,4 @@ +{{/* # ============LICENSE_START=================================================== # Copyright (c) 2018 Amdocs # ============================================================================ @@ -13,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END===================================================== +*/}} poa-audit-result.name=POA-AUDIT-RESULT poa-audit-result.host=message-router:3904 diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-rule-validation.properties b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/topics/topic-poa-rule-validation.properties index 15c60afcc4..2dace57936 100644 --- a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-rule-validation.properties +++ b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/topics/topic-poa-rule-validation.properties @@ -1,3 +1,4 @@ +{{/* # ============LICENSE_START=================================================== # Copyright (c) 2018 Amdocs # ============================================================================ @@ -13,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END===================================================== +*/}} poa-rule-validation.name=POA-RULE-VALIDATION poa-rule-validation.host=message-router:3904 diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/validation-service-auth.properties b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/validation-service-auth.properties index 8bbd4233a6..8bbd4233a6 100644 --- a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/validation-service-auth.properties +++ b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/validation-service-auth.properties diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/validation-service.properties b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/validation-service.properties index 9b2e86213a..9b2e86213a 100644 --- a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/validation-service.properties +++ b/kubernetes/pomba/components/pomba-validation-service/resources/appconfig/validation-service.properties diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/application.properties b/kubernetes/pomba/components/pomba-validation-service/resources/application.properties index a71bb9b01e..99879d4557 100644 --- a/kubernetes/pomba/charts/pomba-validation-service/resources/application.properties +++ b/kubernetes/pomba/components/pomba-validation-service/resources/application.properties @@ -1,3 +1,4 @@ +{{/* # ============LICENSE_START=================================================== # Copyright (c) 2018 Amdocs # ============================================================================ @@ -16,6 +17,7 @@ # Note that the start.sh script sets the following System Properties # We provide default values here for testing purposes +*/}} APP_HOME=. CONFIG_HOME=appconfig com.att.eelf.logging.path=src/main/resources diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/bundleconfig/etc/rules/poa-event/default-rules.groovy b/kubernetes/pomba/components/pomba-validation-service/resources/bundleconfig/etc/rules/poa-event/default-rules.groovy index 4a7f30452f..4a7f30452f 100644 --- a/kubernetes/pomba/charts/pomba-validation-service/resources/bundleconfig/etc/rules/poa-event/default-rules.groovy +++ b/kubernetes/pomba/components/pomba-validation-service/resources/bundleconfig/etc/rules/poa-event/default-rules.groovy diff --git a/kubernetes/pomba/charts/pomba-validation-service/templates/configmap.yaml b/kubernetes/pomba/components/pomba-validation-service/templates/configmap.yaml index d3bfd813e6..9a9951ab9f 100644 --- a/kubernetes/pomba/charts/pomba-validation-service/templates/configmap.yaml +++ b/kubernetes/pomba/components/pomba-validation-service/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/pomba/charts/pomba-validation-service/templates/deployment.yaml b/kubernetes/pomba/components/pomba-validation-service/templates/deployment.yaml index d608a0ac92..1590f4e001 100644 --- a/kubernetes/pomba/charts/pomba-validation-service/templates/deployment.yaml +++ b/kubernetes/pomba/components/pomba-validation-service/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: extensions/v1beta1 kind: Deployment @@ -32,7 +34,7 @@ spec: spec: containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -87,7 +89,7 @@ spec: # Filebeat sidecar container - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf diff --git a/kubernetes/pomba/charts/pomba-validation-service/templates/secrets.yaml b/kubernetes/pomba/components/pomba-validation-service/templates/secrets.yaml index 323596762d..63d3b10f9a 100644 --- a/kubernetes/pomba/charts/pomba-validation-service/templates/secrets.yaml +++ b/kubernetes/pomba/components/pomba-validation-service/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Secret diff --git a/kubernetes/pomba/charts/pomba-sdcctxbuilder/templates/service.yaml b/kubernetes/pomba/components/pomba-validation-service/templates/service.yaml index 423df45189..8647447dc1 100644 --- a/kubernetes/pomba/charts/pomba-sdcctxbuilder/templates/service.yaml +++ b/kubernetes/pomba/components/pomba-validation-service/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/pomba/charts/pomba-validation-service/values.yaml b/kubernetes/pomba/components/pomba-validation-service/values.yaml index d0b964e5e3..0626b0312e 100644 --- a/kubernetes/pomba/charts/pomba-validation-service/values.yaml +++ b/kubernetes/pomba/components/pomba-validation-service/values.yaml @@ -17,18 +17,11 @@ ################################################################# global: nodePortPrefix: 302 - repository: nexus3.onap.org:10001 -# readinessRepository: oomk8s -# readinessImage: readiness-check:2.0.0 -# loggingRepository: docker.elastic.co -# loggingImage: beats/filebeat:5.5.0 ################################################################# # Application configuration defaults. ################################################################# # application image -#repository: nexus3.onap.org:10001 -repository: nexus3.onap.org:10001 image: onap/validation:1.3.1 #pullPolicy: Always pullPolicy: IfNotPresent diff --git a/kubernetes/pomba/requirements.yaml b/kubernetes/pomba/requirements.yaml index 9bf26c8d61..69d5a458ad 100644 --- a/kubernetes/pomba/requirements.yaml +++ b/kubernetes/pomba/requirements.yaml @@ -19,3 +19,51 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: pomba-aaictxbuilder + version: ~6.x-0 + repository: 'file://components/pomba-aaictxbuilder' + condition: pomba-aaictxbuilder.enabled + - name: pomba-contextaggregator + version: ~6.x-0 + repository: 'file://components/pomba-contextaggregator' + condition: pomba-contextaggregator.enabled + - name: pomba-data-router + version: ~6.x-0 + repository: 'file://components/pomba-data-router' + condition: pomba-data-router.enabled + - name: pomba-elasticsearch + version: ~6.x-0 + repository: 'file://components/pomba-elasticsearch' + condition: pomba-elasticsearch.enabled + - name: pomba-kibana + version: ~6.x-0 + repository: 'file://components/pomba-kibana' + condition: pomba-kibana.enabled + - name: pomba-networkdiscovery + version: ~6.x-0 + repository: 'file://components/pomba-networkdiscovery' + condition: pomba-networkdiscovery.enabled + - name: pomba-networkdiscoveryctxbuilder + version: ~6.x-0 + repository: 'file://components/pomba-networkdiscoveryctxbuilder' + condition: pomba-networkdiscoveryctxbuilder.enabled + - name: pomba-sdcctxbuilder + version: ~6.x-0 + repository: 'file://components/pomba-sdcctxbuilder' + condition: pomba-sdcctxbuilder.enabled + - name: pomba-sdncctxbuilder + version: ~6.x-0 + repository: 'file://components/pomba-sdncctxbuilder' + condition: pomba-sdncctxbuilder.enabled + - name: pomba-search-data + version: ~6.x-0 + repository: 'file://components/pomba-search-data' + condition: pomba-search-data.enabled + - name: pomba-servicedecomposition + version: ~6.x-0 + repository: 'file://components/pomba-servicedecomposition' + condition: pomba-servicedecomposition.enabled + - name: pomba-validation-service + version: ~6.x-0 + repository: 'file://components/pomba-validation-service' + condition: pomba-validation-service.enabled
\ No newline at end of file diff --git a/kubernetes/pomba/templates/configmap.yaml b/kubernetes/pomba/templates/configmap.yaml index 7a8e71ff4b..4d7e4a0c97 100644 --- a/kubernetes/pomba/templates/configmap.yaml +++ b/kubernetes/pomba/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/pomba/values.yaml b/kubernetes/pomba/values.yaml index 04e89f07b3..28025ebc5b 100644 --- a/kubernetes/pomba/values.yaml +++ b/kubernetes/pomba/values.yaml @@ -17,15 +17,9 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - repository: nexus3.onap.org:10001 - dockerhubRepository: docker.io networkdiscoveryCtxBuilderHost: pomba-networkdiscoveryctxbuilder # application configuration config: logstashServiceName: log-ls logstashPort: 5044 - diff --git a/kubernetes/portal/.helmignore b/kubernetes/portal/.helmignore index a2518729f5..7ddbad7ef4 100644 --- a/kubernetes/portal/.helmignore +++ b/kubernetes/portal/.helmignore @@ -1,24 +1,22 @@ -# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-
-# docker folder
-docker/
+# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +components/ diff --git a/kubernetes/portal/Makefile b/kubernetes/portal/Makefile index 8af301d7ae..89b2f465ec 100644 --- a/kubernetes/portal/Makefile +++ b/kubernetes/portal/Makefile @@ -18,7 +18,9 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts docker +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -32,15 +34,19 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi - @helm repo index $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi +else + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi +endif + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/portal/components/Makefile b/kubernetes/portal/components/Makefile index 2fc0cbe4ab..d62cb0b700 100644 --- a/kubernetes/portal/components/Makefile +++ b/kubernetes/portal/components/Makefile @@ -18,7 +18,9 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -32,15 +34,19 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi - @helm repo index $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi +else + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi +endif + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/portal/components/portal-app/requirements.yaml b/kubernetes/portal/components/portal-app/requirements.yaml index 00b92235f3..bfcaecb7aa 100644 --- a/kubernetes/portal/components/portal-app/requirements.yaml +++ b/kubernetes/portal/components/portal-app/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: certInitializer version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/fusion.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/fusion.properties index 148c080df5..004a1172a0 100755 --- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/fusion.properties +++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/fusion.properties @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} # domain settings #domain_class_location = diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/key.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/key.properties new file mode 100644 index 0000000000..791853db8f --- /dev/null +++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/key.properties @@ -0,0 +1,4 @@ +{{/* +# Encrypted Properties +*/}} +cipher.enc.key = ${CIPHER_ENC_KEY} diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml index 99fe917de5..e707e259ca 100644 --- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml +++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml @@ -40,6 +40,8 @@ <!-- specify the component name -->
<property name="componentName" value="onapportal"></property>
+ <!-- specify the application name -->
+ <property name="application_name" value="Portal"></property>
<!-- specify the base path of the log directory -->
<property name="logDirPrefix" value="/var/log/onap"></property>
@@ -67,7 +69,7 @@ value="%X{MetricsLogBeginTimestamp}|%X{MetricsLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVisualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />
<property name="errorLoggerPattern"
- value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ClassName}|%X{AlertSeverity}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />
+ value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ErrorCategory}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />
<property name="defaultLoggerPattern"
value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ClassName}| %msg%n" />
@@ -274,15 +276,15 @@ <appender-ref ref="asyncEELFServer" /> </logger> <logger name="com.att.eelf.policy"
level="info" additivity="false"> <appender-ref ref="asyncEELFPolicy" /> </logger> -->
- <logger name="com.att.eelf.audit" level="info" additivity="false">
+ <logger name="EELFAudit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
- <logger name="com.att.eelf.metrics" level="info" additivity="false">
+ <logger name="EELFMetrics" level="info" additivity="false">
<appender-ref ref="asyncEELFMetrics" />
</logger>
- <logger name="com.att.eelf.error" level="info" additivity="false">
+ <logger name="EELFError" level="info" additivity="false">
<appender-ref ref="asyncEELFError" />
</logger>
@@ -292,6 +294,7 @@ <root level="INFO">
<appender-ref ref="asyncEELF" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties index 6981fb05bc..1fc99383cd 100644 --- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties +++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} music.version = v2 @@ -27,8 +29,7 @@ music.serialize.compress = true #By default it's eventual music.atomic.get = false -music.atomic.put = true +music.atomic.put = false cassandra.host={{.Values.cassandra.service.name}} -zookeeper.host={{.Values.zookeeper.service.name}} -cassandra.user={{.Values.cassandra.config.cassandraUsername}} -cassandra.password={{.Values.cassandra.config.cassandraPassword}} +cassandra.user=${CASSA_USER} +cassandra.password=${CASSA_PASSWORD} diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/openid-connect.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/openid-connect.properties index 1760d5bc71..63533621f7 100755 --- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/openid-connect.properties +++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/openid-connect.properties @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} authentication_server_url = http://{{.Values.global.portalHostName}}:8383/openid-connect-server-webapp/ ecomp_openid_connect_client = http://{{.Values.global.portalHostName}}:{{.Values.global.portalPort}}/ONAPPORTAL/openid_connect_login diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/portal.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/portal.properties index 06726702f0..4da4854188 100755 --- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/portal.properties +++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/portal.properties @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} # Not used by portal portal.api.impl.class = org.onap.portalsdk.core.onboarding.client.OnBoardingApiServiceImpl.not.used.by.portal diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties index b5b4e48b97..d246a6b0b1 100755 --- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties +++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # Modifications Copyright © 2020 AT&T # @@ -12,12 +13,13 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} #mysql db.driver = org.mariadb.jdbc.Driver db.connectionURL = jdbc:mariadb:failover://portal-db:3306/portal -db.userName =root -db.password =Aa123456 +db.userName =${PORTAL_DB_USER} +db.password =${PORTAL_DB_PASSWORD} db.hib.dialect = org.hibernate.dialect.MySQLDialect db.min_pool_size = 5 db.max_pool_size = 10 @@ -122,4 +124,4 @@ remote_centralized_system_access = {{.Values.global.aafEnabled}} ext_central_access_user_name = aaf_admin@people.osaaf.org ext_central_access_password = demo123456! ext_central_access_url = {{.Values.aafURL}} -ext_central_access_user_domain = @people.osaaf.org
\ No newline at end of file +ext_central_access_user_domain = @people.osaaf.org diff --git a/kubernetes/portal/components/portal-app/templates/configmap.yaml b/kubernetes/portal/components/portal-app/templates/configmap.yaml index feaee66190..a6d8234ee6 100644 --- a/kubernetes/portal/components/portal-app/templates/configmap.yaml +++ b/kubernetes/portal/components/portal-app/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2020 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/portal/components/portal-app/templates/deployment.yaml b/kubernetes/portal/components/portal-app/templates/deployment.yaml index d6b9601beb..71b2aa3227 100644 --- a/kubernetes/portal/components/portal-app/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-app/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2020 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -36,10 +38,10 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-job-completion - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" command: - - /root/job_complete.py + - /app/ready.py args: - --job-name - {{ include "common.release" . }}-portal-db-config @@ -49,10 +51,46 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-portal-config + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - "-c" + - | + cd /config-input && \ + for PFILE in `ls -1 *.xml` + do + cp ${PFILE} /config + chmod 0755 /config/${PFILE} + done + cd /config-input && \ + for PFILE in `ls -1 *.properties` + do + envsubst <${PFILE} >/config/${PFILE} + chmod 0755 /config/${PFILE} + done + env: + - name: CASSA_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "login") | indent 12 }} + - name: CASSA_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }} + - name: CIPHER_ENC_KEY + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }} + - name: PORTAL_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }} + - name: PORTAL_DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }} + volumeMounts: + - mountPath: /config-input + name: properties-onapportal-scrubbed + - mountPath: /config + name: properties-onapportal {{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["bash","-c"] {{- if .Values.global.aafEnabled }} @@ -103,6 +141,9 @@ spec: mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/portal.properties" subPath: portal.properties - name: properties-onapportal + mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/key.properties" + subPath: key.properties + - name: properties-onapportal mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/music.properties" subPath: music.properties - name: properties-onapportal @@ -114,6 +155,8 @@ spec: - name: properties-onapportal mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/web.xml" subPath: web.xml + - name: properties-onapportal + mountPath: "{{ .Values.global.env.tomcatDir }}/temp" - name: var-log-onap mountPath: /var/log/onap resources: @@ -122,12 +165,12 @@ spec: nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} {{- end -}} - {{- if .Values.affinity }} +{{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - name: filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /usr/share/filebeat/filebeat.yml @@ -143,6 +186,9 @@ spec: hostPath: path: /etc/localtime - name: properties-onapportal + emptyDir: + medium: Memory + - name: properties-onapportal-scrubbed configMap: name: {{ include "common.fullname" . }}-onapportal defaultMode: 0755 diff --git a/kubernetes/portal/components/portal-app/templates/secret.yaml b/kubernetes/portal/components/portal-app/templates/secret.yaml index a4019efa2b..78fc709202 100644 --- a/kubernetes/portal/components/portal-app/templates/secret.yaml +++ b/kubernetes/portal/components/portal-app/templates/secret.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # Modifications Copyright © 2020 AT&T # @@ -12,5 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/portal/components/portal-app/templates/service.yaml b/kubernetes/portal/components/portal-app/templates/service.yaml index dd207ea0e6..523b950f8b 100644 --- a/kubernetes/portal/components/portal-app/templates/service.yaml +++ b/kubernetes/portal/components/portal-app/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/portal/components/portal-app/values.yaml b/kubernetes/portal/components/portal-app/values.yaml index 9564723b17..0a818102c6 100644 --- a/kubernetes/portal/components/portal-app/values.yaml +++ b/kubernetes/portal/components/portal-app/values.yaml @@ -20,22 +20,45 @@ global: env: tomcatDir: "/usr/local/tomcat" nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 #AAF service aafEnabled: true +################################################################ +# Secrets metaconfig +################################################################# + +secrets: + - uid: portal-cass + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.cassandra.config.cassandraExternalSecret) . }}' + login: '{{ .Values.cassandra.config.cassandraUsername }}' + password: '{{ .Values.cassandra.config.cassandraPassword }}' + passwordPolicy: required + - uid: cipher-enc-key + type: password + externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}' + password: '{{ .Values.config.cipherEncKey }}' + passwordPolicy: required + - uid: portal-backend-db + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}' + login: '{{ .Values.mariadb.config.backendUserName }}' + password: '{{ .Values.mariadb.config.backendPassword }}' + passwordPolicy: required + ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/portal-app:3.2.3 +image: onap/portal-app:3.4.2 pullPolicy: Always +# application configuration +config: + # cipherEncKeyExternalSecret: some secret + cipherEncKey: AGLDdG4D04BKm2IxIWEr8o==! + #AAF local config aafURL: https://aaf-service:8100/authz/ @@ -98,6 +121,10 @@ service: mariadb: service: name: portal-db + config: + # backendDbExternalSecret: some secret + backendUserName: portal + backendPassword: portal widget: service: name: portal-widget @@ -105,11 +132,9 @@ cassandra: service: name: portal-cassandra config: + # cassandraExternalSecret: some secret cassandraUsername: root cassandraPassword: Aa123456 -zookeeper: - service: - name: portal-zookeeper messageRouter: service: name: message-router diff --git a/kubernetes/portal/components/portal-cassandra/requirements.yaml b/kubernetes/portal/components/portal-cassandra/requirements.yaml index c5d7864b9d..7c92350367 100644 --- a/kubernetes/portal/components/portal-cassandra/requirements.yaml +++ b/kubernetes/portal/components/portal-cassandra/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/portal/components/portal-cassandra/templates/configmap.yaml b/kubernetes/portal/components/portal-cassandra/templates/configmap.yaml index 4ed457d453..5cd33b43a2 100644 --- a/kubernetes/portal/components/portal-cassandra/templates/configmap.yaml +++ b/kubernetes/portal/components/portal-cassandra/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml index 5b4bf0c0e7..80197a6094 100644 --- a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -36,7 +38,7 @@ spec: spec: containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -64,9 +66,9 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: CASSUSER - value: "{{ .Values.config.cassandraUsername }}" + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12}} - name: CASSPASS - value: "{{ .Values.config.cassandraPassword }}" + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12}} - name: JVM_OPTS value: "{{ .Values.config.cassandraJvmOpts }}" - name: POD_IP diff --git a/kubernetes/portal/components/portal-cassandra/templates/secrets.yaml b/kubernetes/portal/components/portal-cassandra/templates/secrets.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/portal/components/portal-cassandra/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/portal/components/portal-cassandra/templates/service.yaml b/kubernetes/portal/components/portal-cassandra/templates/service.yaml index 3e66ac8574..8f486c2175 100644 --- a/kubernetes/portal/components/portal-cassandra/templates/service.yaml +++ b/kubernetes/portal/components/portal-cassandra/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/portal/components/portal-cassandra/values.yaml b/kubernetes/portal/components/portal-cassandra/values.yaml index 65fcdbe84a..a0488e5cc7 100644 --- a/kubernetes/portal/components/portal-cassandra/values.yaml +++ b/kubernetes/portal/components/portal-cassandra/values.yaml @@ -22,14 +22,24 @@ global: # global defaults # application image -repository: nexus3.onap.org:10001 image: onap/music/cassandra_music:3.0.0 pullPolicy: Always +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: 'db-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.cassandraExternalSecret) . }}' + login: '{{ .Values.config.cassandraUsername }}' + password: '{{ .Values.config.cassandraPassword }}' + # application configuration config: cassandraUsername: root cassandraPassword: Aa123456 +# cassandraCredsExternalSecret: some secret cassandraJvmOpts: -Xmx2536m -Xms2536m # default number of instances diff --git a/kubernetes/portal/components/portal-mariadb/requirements.yaml b/kubernetes/portal/components/portal-mariadb/requirements.yaml index c5d7864b9d..7c92350367 100644 --- a/kubernetes/portal/components/portal-mariadb/requirements.yaml +++ b/kubernetes/portal/components/portal-mariadb/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh index 28fcee1551..390241fa1d 100644 --- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh +++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh @@ -2,21 +2,21 @@ set -eo pipefail shopt -s nullglob -# if command starts with an option, prepend mysqld -if [ "${1:0:1}" = '-' ]; then - set -- mysqld "$@" -fi - -# skip setup if they want an option that stops mysqld -wantHelp= -for arg; do - case "$arg" in - -'?'|--help|--print-defaults|-V|--version) - wantHelp=1 - break - ;; - esac -done +# logging functions +mysql_log() { + local type="$1"; shift + printf '%s [%s] [Entrypoint]: %s\n' "$(date --rfc-3339=seconds)" "$type" "$*" +} +mysql_note() { + mysql_log Note "$@" +} +mysql_warn() { + mysql_log Warn "$@" >&2 +} +mysql_error() { + mysql_log ERROR "$@" >&2 + exit 1 +} # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' @@ -27,8 +27,7 @@ file_env() { local fileVar="${var}_FILE" local def="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 + mysql_error "Both $var and $fileVar are set (but are exclusive)" fi local val="$def" if [ "${!var:-}" ]; then @@ -40,157 +39,328 @@ file_env() { unset "$fileVar" } -_check_config() { - toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) +# check to see if this file is being run or sourced from another script +_is_sourced() { + # https://unix.stackexchange.com/a/215279 + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} + +# usage: docker_process_init_files [file [file [...]]] +# ie: docker_process_init_files /always-initdb.d/* +# process initializer files, based on file extensions +docker_process_init_files() { + # mysql here for backwards compatibility "${mysql[@]}" + mysql=( docker_process_sql ) + + echo + local f + for f; do + case "$f" in + *.sh) + # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 + # https://github.com/docker-library/postgres/pull/452 + if [ -x "$f" ]; then + mysql_note "$0: running $f" + "$f" + else + mysql_note "$0: sourcing $f" + . "$f" + fi + ;; + *.sql) mysql_note "$0: running $f"; docker_process_sql < "$f"; echo ;; + *.sql.gz) mysql_note "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; + *.sql.xz) mysql_note "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; + *) mysql_warn "$0: ignoring $f" ;; + esac + echo + done +} + +mysql_check_config() { + local toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) errors if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then - cat >&2 <<-EOM - ERROR: mysqld failed while attempting to check config - command was: "${toRun[*]}" - $errors - EOM - exit 1 + mysql_error $'mysqld failed while attempting to check config\n\tcommand was: '"${toRun[*]}"$'\n\t'"$errors" fi } # Fetch value from server config # We use mysqld --verbose --help instead of my_print_defaults because the # latter only show values present in config files, and not server defaults -_get_config() { +mysql_get_config() { local conf="$1"; shift "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \ - | awk '$1 == "'"$conf"'" && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }' + | awk -v conf="$conf" '$1 == conf && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }' # match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)" } -# allow the container to be started with `--user` -if [ "$1" = 'mysqld' -a -z "$wantHelp" -a "$(id -u)" = '0' ]; then - _check_config "$@" - DATADIR="$(_get_config 'datadir' "$@")" +# Do a temporary startup of the MySQL server, for init purposes +docker_temp_server_start() { + "$@" --skip-networking --socket="${SOCKET}" & + mysql_note "Waiting for server startup" + local i + for i in {30..0}; do + # only use the root password if the database has already been initializaed + # so that it won't try to fill in a password file when it hasn't been set yet + extraArgs=() + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + extraArgs+=( '--dont-use-mysql-root-password' ) + fi + if docker_process_sql "${extraArgs[@]}" --database=mysql <<<'SELECT 1' &> /dev/null; then + break + fi + sleep 1 + done + if [ "$i" = 0 ]; then + mysql_error "Unable to start server." + fi +} + +# Stop the server. When using a local socket file mysqladmin will block until +# the shutdown is complete. +docker_temp_server_stop() { + if ! mysqladmin --defaults-extra-file=<( _mysql_passfile ) shutdown -uroot --socket="${SOCKET}"; then + mysql_error "Unable to shut down server." + fi +} + +# Verify that the minimally required password settings are set for new databases. +docker_verify_minimum_env() { + if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then + mysql_error $'Database is uninitialized and password option is not specified\n\tYou need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD' + fi +} + +# creates folders for the database +# also ensures permission for user mysql of run as root +docker_create_db_directories() { + local user; user="$(id -u)" + + # TODO other directories that are used by default? like /var/lib/mysql-files + # see https://github.com/docker-library/mysql/issues/562 mkdir -p "$DATADIR" - find "$DATADIR" \! -user mysql -exec chown mysql '{}' + - exec gosu mysql "$BASH_SOURCE" "$@" -fi -if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then - # still need to check config, container may have started with --user - _check_config "$@" + if [ "$user" = "0" ]; then + # this will cause less disk access than `chown -R` + find "$DATADIR" \! -user mysql -exec chown mysql '{}' + + fi +} + +# initializes the database directory +docker_init_database_dir() { + mysql_note "Initializing database files" + installArgs=( --datadir="$DATADIR" --rpm ) + if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then + # beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password + # see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3 + # (this flag doesn't exist in 10.0 and below) + installArgs+=( --auth-root-authentication-method=normal ) + fi + # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here) + mysql_install_db "${installArgs[@]}" "${@:2}" + mysql_note "Database files initialized" +} + +# Loads various settings that are used elsewhere in the script +# This should be called after mysql_check_config, but before any other functions +docker_setup_env() { # Get config - DATADIR="$(_get_config 'datadir' "$@")" - - if [ ! -d "$DATADIR/mysql" ]; then - file_env 'MYSQL_ROOT_PASSWORD' - if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then - echo >&2 'error: database is uninitialized and password option is not specified ' - echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD' - exit 1 - fi + declare -g DATADIR SOCKET + DATADIR="$(mysql_get_config 'datadir' "$@")" + SOCKET="$(mysql_get_config 'socket' "$@")" - mkdir -p "$DATADIR" + # Initialize values that might be stored in a file + file_env 'MYSQL_ROOT_HOST' '%' + file_env 'MYSQL_DATABASE' + file_env 'MYSQL_USER' + file_env 'MYSQL_PASSWORD' + file_env 'MYSQL_ROOT_PASSWORD' + file_env 'PORTAL_DB_TABLES' - echo 'Initializing database' - installArgs=( --datadir="$DATADIR" --rpm ) - if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then - # beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password - # see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3 - # (this flag doesn't exist in 10.0 and below) - installArgs+=( --auth-root-authentication-method=normal ) - fi - # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here) - mysql_install_db "${installArgs[@]}" "${@:2}" - echo 'Database initialized' - - SOCKET="$(_get_config 'socket' "$@")" - "$@" --skip-networking --socket="${SOCKET}" & - pid="$!" - - mysql=( mysql --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" ) - - for i in {60..0}; do - if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then - break - fi - echo 'MySQL init process in progress...' - sleep 1 - done - if [ "$i" = 0 ]; then - echo >&2 'MySQL init process failed.' - exit 1 - fi + declare -g DATABASE_ALREADY_EXISTS + if [ -d "$DATADIR/mysql" ]; then + DATABASE_ALREADY_EXISTS='true' + fi +} - if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then - # sed is for https://bugs.mysql.com/bug.php?id=20545 - mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql - fi +# Execute sql script, passed via stdin +# usage: docker_process_sql [--dont-use-mysql-root-password] [mysql-cli-args] +# ie: docker_process_sql --database=mydb <<<'INSERT ...' +# ie: docker_process_sql --dont-use-mysql-root-password --database=mydb <my-file.sql +docker_process_sql() { + passfileArgs=() + if [ '--dont-use-mysql-root-password' = "$1" ]; then + passfileArgs+=( "$1" ) + shift + fi + # args sent in can override this db, since they will be later in the command + if [ -n "$MYSQL_DATABASE" ]; then + set -- --database="$MYSQL_DATABASE" "$@" + fi - if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then - export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)" - echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD" - fi + mysql --defaults-extra-file=<( _mysql_passfile "${passfileArgs[@]}") --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" "$@" +} - rootCreate= - # default root to listen for connections from anywhere - file_env 'MYSQL_ROOT_HOST' '%' - if [ ! -z "$MYSQL_ROOT_HOST" -a "$MYSQL_ROOT_HOST" != 'localhost' ]; then - # no, we don't care if read finds a terminating character in this heredoc - # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151 - read -r -d '' rootCreate <<-EOSQL || true - CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ; - GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ; - EOSQL - fi +# Initializes database with timezone info and root password, plus optional extra db/user +docker_setup_db() { + # Load timezone info into database + if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then + { + # Aria in 10.4+ is slow due to "transactional" (crash safety) + # https://jira.mariadb.org/browse/MDEV-23326 + # https://github.com/docker-library/mariadb/issues/262 + local tztables=( time_zone time_zone_leap_second time_zone_name time_zone_transition time_zone_transition_type ) + for table in "${tztables[@]}"; do + echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=0 */;" + done - "${mysql[@]}" <<-EOSQL - -- What's done in this file shouldn't be replicated - -- or products like mysql-fabric won't work - SET @@SESSION.SQL_LOG_BIN=0; - DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ; - SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ; - GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ; - ${rootCreate} - DROP DATABASE IF EXISTS test ; - FLUSH PRIVILEGES ; + # sed is for https://bugs.mysql.com/bug.php?id=20545 + mysql_tzinfo_to_sql /usr/share/zoneinfo \ + | sed 's/Local time zone must be set--see zic manual page/FCTY/' + + for table in "${tztables[@]}"; do + echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=1 */;" + done + } | docker_process_sql --dont-use-mysql-root-password --database=mysql + # tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is not set yet + fi + # Generate random root password + if [ -n "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then + export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)" + mysql_note "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD" + fi + # Sets root password and creates root users for non-localhost hosts + local rootCreate= + # default root to listen for connections from anywhere + if [ -n "$MYSQL_ROOT_HOST" ] && [ "$MYSQL_ROOT_HOST" != 'localhost' ]; then + # no, we don't care if read finds a terminating character in this heredoc + # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151 + read -r -d '' rootCreate <<-EOSQL || true + CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ; + GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ; EOSQL + fi - if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then - mysql+=( -p"${MYSQL_ROOT_PASSWORD}" ) - fi + # tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is just now being set + docker_process_sql --dont-use-mysql-root-password --database=mysql <<-EOSQL + -- What's done in this file shouldn't be replicated + -- or products like mysql-fabric won't work + SET @@SESSION.SQL_LOG_BIN=0; - file_env 'MYSQL_DATABASE' - if [ "$MYSQL_DATABASE" ]; then - echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}" - mysql+=( "$MYSQL_DATABASE" ) - fi + DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mariadb.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ; + SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ; + -- 10.1: https://github.com/MariaDB/server/blob/d925aec1c10cebf6c34825a7de50afe4e630aff4/scripts/mysql_secure_installation.sh#L347-L365 + -- 10.5: https://github.com/MariaDB/server/blob/00c3a28820c67c37ebbca72691f4897b57f2eed5/scripts/mysql_secure_installation.sh#L351-L369 + DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%' ; - file_env 'MYSQL_USER' - file_env 'MYSQL_PASSWORD' - if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then - echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}" + GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ; + FLUSH PRIVILEGES ; + ${rootCreate} + DROP DATABASE IF EXISTS test ; + EOSQL - if [ "$MYSQL_DATABASE" ]; then - echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}" - fi + # Creates a custom database and user if specified + if [ -n "$MYSQL_DATABASE" ]; then + mysql_note "Creating database ${MYSQL_DATABASE}" + docker_process_sql --database=mysql <<<"CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" + fi + + if [ -n "$MYSQL_USER" ] && [ -n "$MYSQL_PASSWORD" ]; then + mysql_note "Creating user ${MYSQL_USER}" + docker_process_sql --database=mysql <<<"CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" + + if [ -n "$MYSQL_DATABASE" ]; then + mysql_note "Giving user ${MYSQL_USER} access to schema ${MYSQL_DATABASE}" + docker_process_sql --database=mysql <<<"GRANT ALL ON \`${MYSQL_DATABASE//_/\\_}\`.* TO '$MYSQL_USER'@'%' ;" fi - echo - for f in /docker-entrypoint-initdb.d/*; do - case "$f" in - *.sh) echo "$0: running $f"; . "$f" ;; - *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done + docker_process_sql --database=mysql <<<"FLUSH PRIVILEGES ;" + fi +} - if ! kill -s TERM "$pid" || ! wait "$pid"; then - echo >&2 'MySQL init process failed.' - exit 1 +_mysql_passfile() { + # echo the password to the "file" the client uses + # the client command will use process substitution to create a file on the fly + # ie: --defaults-extra-file=<( _mysql_passfile ) + if [ '--dont-use-mysql-root-password' != "$1" ] && [ -n "$MYSQL_ROOT_PASSWORD" ]; then + cat <<-EOF + [client] + password="${MYSQL_ROOT_PASSWORD}" + EOF + fi +} + +# check arguments for an option that would cause mysqld to stop +# return true if there is one +_mysql_want_help() { + local arg + for arg; do + case "$arg" in + -'?'|--help|--print-defaults|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +_main() { + # if command starts with an option, prepend mysqld + if [ "${1:0:1}" = '-' ]; then + set -- mysqld "$@" + fi + + # skip setup if they aren't running mysqld or want an option that stops mysqld + if [ "$1" = 'mysqld' ] && ! _mysql_want_help "$@"; then + mysql_note "Entrypoint script for MySQL Server ${MARIADB_VERSION} started." + + mysql_check_config "$@" + # Load various environment variables + docker_setup_env "$@" + docker_create_db_directories + + # If container is started as root user, restart as dedicated mysql user + if [ "$(id -u)" = "0" ]; then + mysql_note "Switching to dedicated user 'mysql'" + exec gosu mysql "$BASH_SOURCE" "$@" fi - echo - echo 'MySQL init process done. Ready for start up.' - echo + # there's no database, so it needs to be initialized + if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + docker_verify_minimum_env + + # check dir permissions to reduce likelihood of half-initialized database + ls /docker-entrypoint-initdb.d/ > /dev/null + + docker_init_database_dir "$@" + + mysql_note "Starting temporary server" + docker_temp_server_start "$@" + mysql_note "Temporary server started." + + docker_setup_db + docker_process_init_files /docker-entrypoint-initdb.d/* + + for i in $(echo $PORTAL_DB_TABLES | sed "s/,/ /g") + do + echo "Granting portal user ALL PRIVILEGES for table $i" + echo "GRANT ALL ON \`$i\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}" + done + + mysql_note "Stopping temporary server" + docker_temp_server_stop + mysql_note "Temporary server stopped" + + echo + mysql_note "MySQL init process done. Ready for start up." + echo + fi fi -fi + exec "$@" +} -exec "$@"
\ No newline at end of file +# If we are sourced from elsewhere, don't perform any further actions +if ! _is_sourced; then + _main "$@" +fi diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql index 7502e9322a..f9db78ba4d 100644 --- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql +++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql @@ -23,7 +23,7 @@ while the OOM K8s version has these service split up. */ -- app_url is the FE, app_rest_endpoint is the BE --portal-sdk => TODO: doesn't open a node port yet -update fn_app set app_url = 'https://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'https://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App'; +update fn_app set app_url = 'https://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'https://portal-sdk:8443/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App'; --dmaap-bc => the dmaap-bc doesn't open a node port.. update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl'; --sdc-be => 8443:30204 @@ -74,7 +74,10 @@ update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS -- aai sparky update fn_app set app_username='aaiui', app_password='4LK69amiIFtuzcl6Gsv97Tt7MLhzo03aoOx7dTvdjKQ=', ueb_key='ueb_key_7' where app_id = 7; - +-- Disabled Policy APP +UPDATE fn_app fa SET fa.enabled = 'N' WHERE app_name = 'Policy'; +-- Disabled AAIUI APP +UPDATE fn_app fa SET fa.enabled = 'N' WHERE app_name = 'A&AI UI'; /* Replace spaces with underscores for role names to match AAF role names */ diff --git a/kubernetes/portal/components/portal-mariadb/templates/configmap.yaml b/kubernetes/portal/components/portal-mariadb/templates/configmap.yaml index 1602af81f9..eaa0cfb259 100644 --- a/kubernetes/portal/components/portal-mariadb/templates/configmap.yaml +++ b/kubernetes/portal/components/portal-mariadb/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml b/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml index bcd223c7e6..7e94c76896 100644 --- a/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -34,9 +36,16 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: + initContainers: + - name: volume-permissions + image: {{ include "repositoryGenerator.image.busybox" . }} + command: ['sh', '-c', 'chmod -R 777 /var/lib/mysql'] + volumeMounts: + - mountPath: /var/lib/mysql + name: mariadb-data containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -62,6 +71,18 @@ spec: secretKeyRef: name: {{ template "common.fullname" . }} key: db-root-password + - name: MYSQL_USER + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }} + key: backend-db-user + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }} + key: backend-db-password + - name: PORTAL_DB_TABLES + value: {{ .Values.config.backend_portal_tables }} volumeMounts: - mountPath: /var/lib/mysql name: mariadb-data diff --git a/kubernetes/portal/components/portal-mariadb/templates/job.yaml b/kubernetes/portal/components/portal-mariadb/templates/job.yaml index 812dc66a23..5a66bb96bd 100644 --- a/kubernetes/portal/components/portal-mariadb/templates/job.yaml +++ b/kubernetes/portal/components/portal-mariadb/templates/job.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: batch/v1 kind: Job @@ -33,10 +35,10 @@ spec: restartPolicy: Never initContainers: - name: {{ include "common.name" . }}-init-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - {{ include "common.name" . }} @@ -48,7 +50,7 @@ spec: fieldPath: metadata.namespace containers: - name: {{ include "common.name" . }}-job - image: "{{ .Values.global.readinessRepository }}/{{ .Values.mariadbInitImage }}" + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.mariadbInitImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: DB_HOST @@ -61,7 +63,7 @@ spec: - name: SQL_SRC_DIR value: {{ .Values.config.sqlSourceDirectory }} - name: {{ include "common.name" . }}-oom-update-job - image: "{{ .Values.global.readinessRepository }}/{{ .Values.mariadbInitImage }}" + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.mariadbInitImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: DB_HOST @@ -72,7 +74,9 @@ spec: value: "{{ .Values.service.internalPort }}" - name: DB_PASS valueFrom: - secretKeyRef: {name: {{ include "common.fullname" . }}, key: db-root-password} + secretKeyRef: + name: {{ include "common.fullname" . }} + key: db-root-password command: - /bin/sh - -x diff --git a/kubernetes/portal/components/portal-mariadb/templates/secrets.yaml b/kubernetes/portal/components/portal-mariadb/templates/secrets.yaml index ad1db77298..c0800e0275 100644 --- a/kubernetes/portal/components/portal-mariadb/templates/secrets.yaml +++ b/kubernetes/portal/components/portal-mariadb/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Secret @@ -26,3 +28,6 @@ metadata: type: Opaque data: db-root-password: {{ .Values.config.mariadbRootPassword | b64enc | quote }} +stringData: + backend-db-user: {{ .Values.config.backendDbUser }} + backend-db-password: {{ .Values.config.backendDbPassword }} diff --git a/kubernetes/portal/components/portal-mariadb/templates/service.yaml b/kubernetes/portal/components/portal-mariadb/templates/service.yaml index aca4b063b8..7b9ef91900 100644 --- a/kubernetes/portal/components/portal-mariadb/templates/service.yaml +++ b/kubernetes/portal/components/portal-mariadb/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/portal/components/portal-mariadb/values.yaml b/kubernetes/portal/components/portal-mariadb/values.yaml index 08157f7b92..99dda390b4 100644 --- a/kubernetes/portal/components/portal-mariadb/values.yaml +++ b/kubernetes/portal/components/portal-mariadb/values.yaml @@ -19,22 +19,21 @@ global: # global defaults nodePortPrefix: 302 persistence: {} - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - # application image -repository: nexus3.onap.org:10001 -image: onap/portal-db:3.2.3 +image: onap/portal-db:3.4.1 pullPolicy: Always - - -mariadbInitImage: "mariadb-client-init:3.0.0" +mariadbInitImage: oomk8s/mariadb-client-init:3.0.0 # application configuration config: mariadbUser: root mariadbRootPassword: Aa123456 + backendDbUser: portal + backendDbPassword: portal + #backend_portal_tables is a comma delimited string listing back-end tables + #that backendDbUser needs access to, such as to portal and ecomp_sdk tables + backend_portal_tables: portal,ecomp_sdk #The directory where sql files are found in the projects gerrit repo. sqlSourceDirectory: portal/deliveries # sdc frontend assignment for port 9443 diff --git a/kubernetes/portal/components/portal-sdk/requirements.yaml b/kubernetes/portal/components/portal-sdk/requirements.yaml index 00b92235f3..bfcaecb7aa 100644 --- a/kubernetes/portal/components/portal-sdk/requirements.yaml +++ b/kubernetes/portal/components/portal-sdk/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: certInitializer version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/fusion.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/fusion.properties index 5c24429cdb..895de10a4f 100644 --- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/fusion.properties +++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/fusion.properties @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} # login settings login_method_backdoor = backdoor diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/key.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/key.properties new file mode 100644 index 0000000000..a5160457ec --- /dev/null +++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/key.properties @@ -0,0 +1,42 @@ +{{/* +### +# ============LICENSE_START========================================== +# ONAP Portal SDK +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# +### +*/}} + +# Properties read by the ECOMP Framework library (epsdk-fw) +cipher.enc.key = ${CIPHER_ENC_KEY} diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml index 85e1eed648..2c2cd00f1c 100644 --- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml +++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml @@ -41,6 +41,8 @@ <!--<jmxConfigurator /> -->
<!-- specify the component name -->
<property name="componentName" value="onapsdk"></property>
+ <!-- specify the application name -->
+ <property name="application_name" value="PortalSDK"></property>
<!-- specify the base path of the log directory -->
<property name="logDirPrefix" value="/var/log/onap"></property>
<!-- The directories where logs are written -->
@@ -60,7 +62,7 @@ <!-- 1610 Logging Fields Format Revisions -->
<property name="auditLoggerPattern" value="%X{AuditLogBeginTimestamp}|%X{AuditLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />
<property name="metricsLoggerPattern" value="%X{MetricsLogBeginTimestamp}|%X{MetricsLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVisualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />
- <property name="errorLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ClassName}|%X{AlertSeverity}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />
+ <property name="errorLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ErrorCategory}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />
<property name="defaultLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ClassName}| %msg%n" />
<!-- use %class so library logging calls yield their class name -->
<property name="applicationLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%class{36}| %msg%n" />
@@ -204,19 +206,20 @@ <logger name="org.onap.eelf" level="info" additivity="false">
<appender-ref ref="asyncEELF" />
</logger>
- <logger name="org.onap.eelf.audit" level="info" additivity="false">
+ <logger name="EELFAudit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
<logger name="org.onap.eelf.debug" level="debug" additivity="false">
<appender-ref ref="asyncEELFDebug" />
</logger>
- <logger name="org.onap.eelf.error" level="info" additivity="false">
+ <logger name="EELFError" level="info" additivity="false">
<appender-ref ref="asyncEELFError" />
</logger>
- <logger name="org.onap.eelf.metrics" level="info" additivity="false">
+ <logger name="EELFMetrics" level="info" additivity="false">
<appender-ref ref="asyncEELFMetrics" />
</logger>
<root level="DEBUG">
<appender-ref ref="asyncEELF" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties index 8881cc2f2d..3e215647e5 100644 --- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties +++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} music.version = v2 @@ -27,9 +29,8 @@ music.serialize.compress = true #By default it's eventual music.atomic.get = false -music.atomic.put = true +music.atomic.put = false cassandra.host={{.Values.cassandra.service.name}} -zookeeper.host={{.Values.zookeeper.service.name}} -cassandra.user={{.Values.cassandra.config.cassandraUsername}} -cassandra.password={{.Values.cassandra.config.cassandraPassword}} +cassandra.user=${CASSA_USER} +cassandra.password=${CASSA_PASSWORD} diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/portal.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/portal.properties index 2ccace545a..4bb51c1a8a 100755 --- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/portal.properties +++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/portal.properties @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} # Properties read by ECOMP Framework library, ecompFW.jar diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties index 2a2ec59d5c..aad5044fbf 100755 --- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties +++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} # Properties read by ECOMP Core library, ecompSDK-core.jar @@ -40,8 +42,8 @@ decryption_key = AGLDdG4D04BKm2IxIWEr8o== db.driver = org.mariadb.jdbc.Driver db.connectionURL = jdbc:mariadb://portal-db:3306/ecomp_sdk -db.userName = root -db.password = Aa123456 +db.userName =${PORTAL_DB_USER} +db.password =${PORTAL_DB_PASSWORD} db.min_pool_size = 5 db.max_pool_size = 10 hb.dialect = org.hibernate.dialect.MySQLDialect @@ -90,4 +92,4 @@ remote_centralized_system_access = {{.Values.global.aafEnabled}} ext_central_access_user_name = aaf_admin@people.osaaf.org ext_central_access_password = demo123456! ext_central_access_url = {{.Values.aafURL}} -ext_central_access_user_domain = @people.osaaf.org
\ No newline at end of file +ext_central_access_user_domain = @people.osaaf.org diff --git a/kubernetes/portal/components/portal-sdk/templates/configmap.yaml b/kubernetes/portal/components/portal-sdk/templates/configmap.yaml index 5ad9910c56..30d2009c3e 100644 --- a/kubernetes/portal/components/portal-sdk/templates/configmap.yaml +++ b/kubernetes/portal/components/portal-sdk/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018, 2020 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml index ed04d358f8..95247b3dd2 100644 --- a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018,2020 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -36,10 +38,10 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - "portal-db" @@ -49,10 +51,46 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-portalsdk-config + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - "-c" + - | + cd /config-input && \ + for PFILE in `ls -1 *.xml` + do + cp ${PFILE} /config + chmod 0755 /config/${PFILE} + done + cd /config-input && \ + for PFILE in `ls -1 *.properties` + do + envsubst <${PFILE} >/config/${PFILE} + chmod 0755 /config/${PFILE} + done + env: + - name: CASSA_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "login") | indent 12 }} + - name: CASSA_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }} + - name: CIPHER_ENC_KEY + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }} + - name: PORTAL_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }} + - name: PORTAL_DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }} + volumeMounts: + - mountPath: /config-input + name: properties-onapportalsdk-scrubbed + - mountPath: /config + name: properties-onapportalsdk {{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["bash","-c"] {{- if .Values.global.aafEnabled }} @@ -100,6 +138,9 @@ spec: mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/portal.properties" subPath: portal.properties - name: properties-onapportalsdk + mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/key.properties" + subPath: key.properties + - name: properties-onapportalsdk mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/music.properties" subPath: music.properties - name: properties-onapportalsdk @@ -120,7 +161,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - name: filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /usr/share/filebeat/filebeat.yml @@ -135,6 +176,9 @@ spec: hostPath: path: /etc/localtime - name: properties-onapportalsdk + emptyDir: + medium: Memory + - name: properties-onapportalsdk-scrubbed configMap: name: {{ include "common.fullname" . }}-onapportalsdk defaultMode: 0755 diff --git a/kubernetes/portal/components/portal-sdk/templates/secrets.yaml b/kubernetes/portal/components/portal-sdk/templates/secrets.yaml index 61fc2f8037..06a17b4009 100644 --- a/kubernetes/portal/components/portal-sdk/templates/secrets.yaml +++ b/kubernetes/portal/components/portal-sdk/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/portal/components/portal-sdk/templates/service.yaml b/kubernetes/portal/components/portal-sdk/templates/service.yaml index 36d00ccfe2..f3007a4c46 100644 --- a/kubernetes/portal/components/portal-sdk/templates/service.yaml +++ b/kubernetes/portal/components/portal-sdk/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/portal/components/portal-sdk/values.yaml b/kubernetes/portal/components/portal-sdk/values.yaml index 47c0189c40..11ce5a6e42 100644 --- a/kubernetes/portal/components/portal-sdk/values.yaml +++ b/kubernetes/portal/components/portal-sdk/values.yaml @@ -20,23 +20,47 @@ global: env: tomcatDir: "/usr/local/tomcat" nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 persistence: {} #AAF service aafEnabled: true +################################################################ +# Secrets metaconfig +################################################################# + +secrets: + - uid: portal-cass + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.cassandra.config.cassandraExternalSecret) . }}' + login: '{{ .Values.cassandra.config.cassandraUsername }}' + password: '{{ .Values.cassandra.config.cassandraPassword }}' + passwordPolicy: required + - uid: portal-backend-db + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}' + login: '{{ .Values.mariadb.config.backendUserName }}' + password: '{{ .Values.mariadb.config.backendPassword }}' + passwordPolicy: required + - uid: cipher-enc-key + type: password + externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}' + password: '{{ .Values.config.cipherEncKey }}' + passwordPolicy: required + ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/portal-sdk:3.2.0 +image: onap/portal-sdk:3.4.2 pullPolicy: Always +# application configuration +config: + # cipherEncKeyExternalSecret: some secret + cipherEncKey: AGLDdG4D04BKm2IxIWEr8o== + + #AAF local config aafURL: https://aaf-service:8100/authz/ certInitializer: @@ -92,6 +116,10 @@ service: mariadb: service: name: portal-db + config: + # backendDbExternalSecret: some secret + backendUserName: portal + backendPassword: portal widget: service: name: portal-widget @@ -99,11 +127,9 @@ cassandra: service: name: portal-cassandra config: + # cassandraExternalSecret: some secret cassandraUsername: root cassandraPassword: Aa123456 -zookeeper: - service: - name: portal-zookeeper messageRouter: service: name: message-router diff --git a/kubernetes/portal/components/portal-widget/requirements.yaml b/kubernetes/portal/components/portal-widget/requirements.yaml index c5d7864b9d..7c92350367 100644 --- a/kubernetes/portal/components/portal-widget/requirements.yaml +++ b/kubernetes/portal/components/portal-widget/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/portal/components/portal-widget/resources/config/deliveries/properties/ONAPWIDGETMS/application.properties b/kubernetes/portal/components/portal-widget/resources/config/deliveries/properties/ONAPWIDGETMS/application.properties index a53dd2e283..f5a900e8ce 100644 --- a/kubernetes/portal/components/portal-widget/resources/config/deliveries/properties/ONAPWIDGETMS/application.properties +++ b/kubernetes/portal/components/portal-widget/resources/config/deliveries/properties/ONAPWIDGETMS/application.properties @@ -7,27 +7,26 @@ microservice.widget.location=/tmp ## App DB Properties
spring.datasource.url=jdbc:mysql://portal-db:3306/portal
-spring.datasource.username=root
-spring.datasource.password=Aa123456
+spring.datasource.username=${PORTAL_DB_USER}
+spring.datasource.password=${PORTAL_DB_PASSWORD}
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQLDialect
spring.database.driver.classname=org.mariadb.jdbc.Driver
spring.jpa.show-sql=false
spring.jpa.properties.hibernate.format_sql=false
## Basic Authentication Properties
-security.user.name=widget_user
-security.user.password=ENC(IjywcRnI9+nuVEh9+OFFiRWAjBT1n718)
+security.user.name=${WIDGET_USER}
+security.user.password=${WIDGET_PASSWORD}
initialization.default.widgets=true
initialization.widgetData.url=http://portal-app:{{.Values.global.portalPort}}/ONAPPORTAL/commonWidgets
## Account Basic Authentication Properties
-account.user.name=portal
-account.user.password=6APqvG4AU2rfLgCvMdySwQ==
+account.user.name=${ACC_USER}
+account.user.password=${ACC_PASSWORD}
## Certificate Properties
#server.ssl.key-store=classpath:widget-keystore.p12
#server.ssl.key-store-password=ENC(DiIYnAMab4u7rEW2yKhF9zBL00uU55q8)
#server.ssl.keyStoreType=PKCS12
#server.ssl.keyAlias=widget-microservice
-
diff --git a/kubernetes/portal/components/portal-widget/resources/config/deliveries/properties/ONAPWIDGETMS/application.yml b/kubernetes/portal/components/portal-widget/resources/config/deliveries/properties/ONAPWIDGETMS/application.yml index 087c93f5ce..f3da66f882 100644 --- a/kubernetes/portal/components/portal-widget/resources/config/deliveries/properties/ONAPWIDGETMS/application.yml +++ b/kubernetes/portal/components/portal-widget/resources/config/deliveries/properties/ONAPWIDGETMS/application.yml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,7 +12,8 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} jasypt: encryptor: - password: EncryptionKey + password: ${JASYPT_ENC_KEY} diff --git a/kubernetes/portal/components/portal-widget/templates/configmap.yaml b/kubernetes/portal/components/portal-widget/templates/configmap.yaml index 4ac5f6d4ea..58acd42a69 100644 --- a/kubernetes/portal/components/portal-widget/templates/configmap.yaml +++ b/kubernetes/portal/components/portal-widget/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/portal/components/portal-widget/templates/deployment.yaml b/kubernetes/portal/components/portal-widget/templates/deployment.yaml index 798f7c5f24..246257651a 100644 --- a/kubernetes/portal/components/portal-widget/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-widget/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -36,10 +38,10 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - "portal-db" @@ -49,9 +51,43 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-portal-widget-config + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - "-c" + - | + cd /config-input && \ + for PFILE in `ls -1 *.*` + do + envsubst <${PFILE} >/config/${PFILE} + chmod 0755 /config/${PFILE} + done + env: + - name: PORTAL_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }} + - name: PORTAL_DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }} + - name: WIDGET_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-widget" "key" "login") | indent 12 }} + - name: WIDGET_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-widget" "key" "password") | indent 12 }} + - name: ACC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-account" "key" "login") | indent 12 }} + - name: ACC_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-account" "key" "password") | indent 12 }} + - name: JASYPT_ENC_KEY + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "jasypt-enc-key" "key" "password") | indent 12 }} + volumeMounts: + - mountPath: /config-input + name: properties-onapwidgetms-scrubbed + - mountPath: /config + name: properties-onapwidgetms containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /start-wms.sh @@ -94,6 +130,9 @@ spec: hostPath: path: /etc/localtime - name: properties-onapwidgetms + emptyDir: + medium: Memory + - name: properties-onapwidgetms-scrubbed configMap: name: {{ include "common.fullname" . }}-onapwidgetms defaultMode: 0755 diff --git a/kubernetes/portal/components/portal-widget/templates/secret.yaml b/kubernetes/portal/components/portal-widget/templates/secret.yaml new file mode 100644 index 0000000000..9a3f011e80 --- /dev/null +++ b/kubernetes/portal/components/portal-widget/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/portal/components/portal-widget/templates/service.yaml b/kubernetes/portal/components/portal-widget/templates/service.yaml index 58da55fdba..5197841189 100644 --- a/kubernetes/portal/components/portal-widget/templates/service.yaml +++ b/kubernetes/portal/components/portal-widget/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/portal/components/portal-widget/values.yaml b/kubernetes/portal/components/portal-widget/values.yaml index 079847c7e7..f86ff85f75 100644 --- a/kubernetes/portal/components/portal-widget/values.yaml +++ b/kubernetes/portal/components/portal-widget/values.yaml @@ -18,18 +18,51 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - ubuntuInit: ubuntu-init:1.0.0 + +################################################################ +# Secrets metaconfig +################################################################# + +secrets: + - uid: portal-backend-db + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}' + login: '{{ .Values.mariadb.config.backendUserName }}' + password: '{{ .Values.mariadb.config.backendPassword }}' + passwordPolicy: required + - uid: portal-widget + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.widgetCredsExternalSecret) . }}' + login: '{{ .Values.config.widgetUsername }}' + password: '{{ .Values.config.widgetPassword }}' + passwordPolicy: required + - uid: portal-account + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.accountCredsExternalSecret) . }}' + login: '{{ .Values.config.accountUsername }}' + password: '{{ .Values.config.accountPassword }}' + passwordPolicy: required + - uid: jasypt-enc-key + type: password + externalSecret: '{{ .Values.config.jasyptEncKeyExternalSecret}}' + password: '{{ .Values.config.jasyptEncKey }}' + passwordPolicy: required + +config: + widgetUsername: widget_user + widgetPassword: widget_pass +# widgetCredsExternalSecret: some secret + accountUsername: portal + accountPassword: portal +# accountCredsExternalSecret: some secret + jasyptEncKey: EncryptionKey + # jasyptEncKeyExternalSecret: some secret ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/portal-wms:3.2.3 +image: onap/portal-wms:3.4.2 pullPolicy: Always # flag to enable debugging - application support required @@ -57,6 +90,10 @@ readiness: mariadb: service: name: portal-db + config: + # backendDbExternalSecret: some secret + backendUserName: portal + backendPassword: portal service: type: ClusterIP diff --git a/kubernetes/portal/components/portal-zookeeper/Chart.yaml b/kubernetes/portal/components/portal-zookeeper/Chart.yaml deleted file mode 100644 index 8a81b5763f..0000000000 --- a/kubernetes/portal/components/portal-zookeeper/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: Zookeeper for ONAP Portal -name: portal-zookeeper -version: 6.0.0 diff --git a/kubernetes/portal/components/portal-zookeeper/templates/NOTES.txt b/kubernetes/portal/components/portal-zookeeper/templates/NOTES.txt deleted file mode 100644 index ee7a285cc0..0000000000 --- a/kubernetes/portal/components/portal-zookeeper/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/portal/components/portal-zookeeper/templates/deployment.yaml b/kubernetes/portal/components/portal-zookeeper/templates/deployment.yaml deleted file mode 100644 index fbde3c32e1..0000000000 --- a/kubernetes/portal/components/portal-zookeeper/templates/deployment.yaml +++ /dev/null @@ -1,74 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - containers: - - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/portal/components/portal-zookeeper/templates/service.yaml b/kubernetes/portal/components/portal-zookeeper/templates/service.yaml deleted file mode 100644 index aca4b063b8..0000000000 --- a/kubernetes/portal/components/portal-zookeeper/templates/service.yaml +++ /dev/null @@ -1,39 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.externalPort }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - {{- end}} - name: {{ .Values.service.portName }} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/portal/components/portal-zookeeper/values.yaml b/kubernetes/portal/components/portal-zookeeper/values.yaml deleted file mode 100644 index 6037d246cf..0000000000 --- a/kubernetes/portal/components/portal-zookeeper/values.yaml +++ /dev/null @@ -1,77 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Default values for mariadb. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -global: # global defaults - nodePortPrefix: 302 - persistence: {} - - -# application image -repository: nexus3.onap.org:10001 -image: zookeeper:3.4 -pullPolicy: Always - - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: ClusterIP - name: portal-zookeeper - portName: portal-zk - externalPort: 2181 - internalPort: 2181 - -ingress: - enabled: false - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 100m - memory: 200Mi - requests: - cpu: 1m - memory: 80Mi - large: - limits: - cpu: 1 - memory: 1Gi - requests: - cpu: 500m - memory: 600Mi - unlimited: {} diff --git a/kubernetes/portal/requirements.yaml b/kubernetes/portal/requirements.yaml index f89bbd6a2b..969a326ba5 100644 --- a/kubernetes/portal/requirements.yaml +++ b/kubernetes/portal/requirements.yaml @@ -32,6 +32,3 @@ dependencies: - name: portal-widget version: ~6.x-0 repository: 'file://components/portal-widget' - - name: portal-zookeeper - version: ~6.x-0 - repository: 'file://components/portal-zookeeper' diff --git a/kubernetes/portal/resources/config/log/filebeat/filebeat.yml b/kubernetes/portal/resources/config/log/filebeat/filebeat.yml index 400b8df6b9..56ed10a50c 100644 --- a/kubernetes/portal/resources/config/log/filebeat/filebeat.yml +++ b/kubernetes/portal/resources/config/log/filebeat/filebeat.yml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} filebeat.prospectors: #it is mandatory, in our case it's log diff --git a/kubernetes/portal/templates/configmap.yaml b/kubernetes/portal/templates/configmap.yaml index e1a534c695..a474a6c3d3 100644 --- a/kubernetes/portal/templates/configmap.yaml +++ b/kubernetes/portal/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/portal/templates/secrets.yaml b/kubernetes/portal/templates/secrets.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/portal/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/portal/values.yaml b/kubernetes/portal/values.yaml index 1015c86654..0d4b023b12 100644 --- a/kubernetes/portal/values.yaml +++ b/kubernetes/portal/values.yaml @@ -21,14 +21,42 @@ global: portalFEPort: "30225" # application's front end hostname. Must be resolvable on the client side environment portalHostName: "portal.api.simpledemo.onap.org" + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: portal-cass + name: &dbSecretName '{{ include "common.release" . }}-portal-cass-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.casandraCredsExternalSecret) . }}' + login: '{{ .Values.config.cassandraUsername }}' + password: '{{ .Values.config.cassandraPassword }}' + - uid: portal-backend-db + name: &backendDbSecretName '{{ include "common.release" . }}-portal-backend-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}' + login: '{{ .Values.mariadb.config.backendUserName }}' + password: '{{ .Values.mariadb.config.backendPassword }}' + passwordPolicy: required + config: logstashServiceName: log-ls logstashPort: 5044 + cassandraUsername: root + cassandraPassword: Aa123456 +# casandraCredsExternalSecret: some secret + portal-mariadb: nameOverride: portal-db mariadb: service: name: portal-db + config: +# backendDbExternalSecret: some secret + backendUserName: portal + backendPassword: portal + widget: service: name: portal-widget @@ -36,13 +64,23 @@ cassandra: service: name: portal-cassandra config: - cassandraUsername: root - cassandraPassword: Aa123456 -zookeeper: - service: - name: portal-zookeeper + cassandraExternalSecret: *dbSecretName +portal-app: + mariadb: + config: + backendDbExternalSecret: *backendDbSecretName + cassandra: + config: + cassandraExternalSecret: *dbSecretName +portal-sdk: + mariadb: + config: + backendDbExternalSecret: *backendDbSecretName + cassandra: + config: + cassandraExternalSecret: *dbSecretName messageRouter: service: name: message-router ingress: - enabled: false
\ No newline at end of file + enabled: false diff --git a/kubernetes/readiness/.gitignore b/kubernetes/readiness/.gitignore deleted file mode 100644 index 90cb66eacd..0000000000 --- a/kubernetes/readiness/.gitignore +++ /dev/null @@ -1,15 +0,0 @@ -# Eclipse -.classpath -.factorypath -.project -.pydevproject -.settings/ - -# IntelliJ -.idea/* -*.iml - -# Mac OS -*DS_Store* - -/target
\ No newline at end of file diff --git a/kubernetes/readiness/dep-health-init.yaml b/kubernetes/readiness/dep-health-init.yaml deleted file mode 100644 index 5b97852da0..0000000000 --- a/kubernetes/readiness/dep-health-init.yaml +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - labels: - app: healthy - version: 1.0.0 - name: healthy -spec: - selector: - matchLabels: - app: healthy - version: 1.0.0 - template: - metadata: - labels: - app: healthy - version: 1.0.0 - name: healthy - spec: - containers: - - args: - - --container-name - - hbase - command: - - /root/ready.py - image: oomk8s/readiness-check:2.0.0 - imagePullPolicy: Always - name: healthy - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace diff --git a/kubernetes/readiness/pom.xml b/kubernetes/readiness/pom.xml deleted file mode 100644 index af834ff4c2..0000000000 --- a/kubernetes/readiness/pom.xml +++ /dev/null @@ -1,109 +0,0 @@ -<!-- - - ============LICENSE_START======================================================= - org.onap.aai - ================================================================================ - Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - ================================================================================ - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - ============LICENSE_END========================================================= - ---> -<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> - <modelVersion>4.0.0</modelVersion> - <parent> - <groupId>org.onap.oparent</groupId> - <artifactId>oparent</artifactId> - <version>2.0.0</version> - </parent> - - <groupId>org.onap.oom.readiness.check</groupId> - <artifactId>readiness-check-docker</artifactId> - <version>2.2.1-SNAPSHOT</version> - <packaging>pom</packaging> - <name>oom-readiness-check-image</name> - <description>Contains dockerfiles and scrtipts for readiness-ckeck image.</description> - - <properties> - <docker.fabric.version>0.31.0</docker.fabric.version> - <oom.docker.namespace>onap</oom.docker.namespace> - </properties> - - <build> - <plugins> - <plugin> - <groupId>io.fabric8</groupId> - <artifactId>docker-maven-plugin</artifactId> - <version>${docker.fabric.version}</version> - <configuration> - <verbose>true</verbose> - <apiVersion>1.23</apiVersion> - <images> - <image> - <name>${docker.push.registry}/${oom.docker.namespace}/readiness-check:%l</name> - <build> - <filter>@</filter> - <assembly> - <mode>dir</mode> - <inline xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2" xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 http://maven.apache.org/xsd/assembly-1.1.2.xsd"> - <fileSets> - <fileSet> - <directory>${project.basedir}/src/main/scripts</directory> - <outputDirectory>/</outputDirectory> - <includes> - <include>**/*</include> - </includes> - </fileSet> - </fileSets> - </inline> - </assembly> - <tags> - <tag>latest</tag> - <tag>latest-${project.version}</tag> - </tags> - <cleanup>try</cleanup> - <dockerFileDir>${project.basedir}/src/main/docker</dockerFileDir> - </build> - </image> - </images> - </configuration> - <executions> - <execution> - <id>clean-images</id> - <phase>pre-clean</phase> - <goals> - <goal>remove</goal> - </goals> - <configuration> - <removeAll>true</removeAll> - </configuration> - </execution> - <execution> - <id>generate-images</id> - <phase>package</phase> - <goals> - <goal>build</goal> - </goals> - </execution> - <execution> - <id>push-images</id> - <phase>deploy</phase> - <goals> - <goal>push</goal> - </goals> - </execution> - </executions> - </plugin> - </plugins> - </build> -</project>
\ No newline at end of file diff --git a/kubernetes/readiness/src/main/docker/Dockerfile b/kubernetes/readiness/src/main/docker/Dockerfile deleted file mode 100644 index 638e8efd67..0000000000 --- a/kubernetes/readiness/src/main/docker/Dockerfile +++ /dev/null @@ -1,17 +0,0 @@ -FROM python:3-alpine3.9 - -ENV no_proxy "localhost,127.0.0.1,.cluster.local,$KUBERNETES_SERVICE_HOST" -# Setup Corporate proxy -ENV https_proxy ${HTTPS_PROXY} -ENV http_proxy ${HTTP_PROXY} - -RUN pip install requests pyyaml kubernetes - -ENV CERT="/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" -ENV TOKEN="/var/run/secrets/kubernetes.io/serviceaccount/token" - -COPY maven/ /root/ -RUN chmod -R a+x /root/ - -ENTRYPOINT ["/root/ready.py"] -CMD [""]
\ No newline at end of file diff --git a/kubernetes/readiness/src/main/scripts/job_complete.py b/kubernetes/readiness/src/main/scripts/job_complete.py deleted file mode 100644 index a9570c5951..0000000000 --- a/kubernetes/readiness/src/main/scripts/job_complete.py +++ /dev/null @@ -1,108 +0,0 @@ -#!/usr/bin/env python -import getopt -import logging -import os -import sys -import time -import random - -from kubernetes import client - -# extract env variables. -namespace = os.environ['NAMESPACE'] -cert = os.environ['CERT'] -host = os.environ['KUBERNETES_SERVICE_HOST'] -token_path = os.environ['TOKEN'] - -with open(token_path, 'r') as token_file: - token = token_file.read().replace('\n', '') - -# setup logging -log = logging.getLogger(__name__) -handler = logging.StreamHandler(sys.stdout) -formatter = logging.Formatter('%(asctime)s - %(levelname)s - %(message)s') -handler.setFormatter(formatter) -handler.setLevel(logging.INFO) -log.addHandler(handler) -log.setLevel(logging.INFO) - -configuration = client.Configuration() -configuration.host = "https://" + host -configuration.ssl_ca_cert = cert -configuration.api_key['authorization'] = token -configuration.api_key_prefix['authorization'] = 'Bearer' -batchV1Api = client.BatchV1Api(client.ApiClient(configuration)) - - -def is_job_complete(job_name): - complete = False - log.info("Checking if " + job_name + " is complete") - response = "" - try: - response = batchV1Api.read_namespaced_job_status(job_name, namespace) - if response.status.succeeded == 1: - job_status_type = response.status.conditions[0].type - if job_status_type == "Complete": - complete = True - else: - log.info(job_name + " is not complete") - else: - log.info(job_name + " has not succeeded yet") - return complete - except Exception as e: - log.error("Exception when calling read_namespaced_job_status: %s\n" % e) - - -DEF_TIMEOUT = 10 -DESCRIPTION = "Kubernetes container job complete check utility" -USAGE = "Usage: job_complete.py [-t <timeout>] -j <job_name> " \ - "[-j <job_name> ...]\n" \ - "where\n" \ - "<timeout> - wait for container job complete timeout in min, " \ - "default is " + str(DEF_TIMEOUT) + "\n" \ - "<job_name> - name of the job to wait for\n" - - -def main(argv): - # args are a list of job names - job_names = [] - timeout = DEF_TIMEOUT - try: - opts, args = getopt.getopt(argv, "hj:t:", ["job-name=", - "timeout=", - "help"]) - for opt, arg in opts: - if opt in ("-h", "--help"): - print("%s\n\n%s" % (DESCRIPTION, USAGE)) - sys.exit() - elif opt in ("-j", "--job-name"): - job_names.append(arg) - elif opt in ("-t", "--timeout"): - timeout = float(arg) - except (getopt.GetoptError, ValueError) as e: - print("Error parsing input parameters: %s\n" % e) - print(USAGE) - sys.exit(2) - if job_names.__len__() == 0: - print("Missing required input parameter(s)\n") - print(USAGE) - sys.exit(2) - - for job_name in job_names: - timeout = time.time() + timeout * 60 - while True: - complete = is_job_complete(job_name) - if complete is True: - break - elif time.time() > timeout: - log.warning("timed out waiting for '" + job_name + - "' to be completed") - exit(1) - else: - # spread in time potentially parallel execution in multiple - # containers - time.sleep(random.randint(5, 11)) - - -if __name__ == "__main__": - main(sys.argv[1:]) diff --git a/kubernetes/readiness/src/main/scripts/ready.py b/kubernetes/readiness/src/main/scripts/ready.py deleted file mode 100644 index b932b04284..0000000000 --- a/kubernetes/readiness/src/main/scripts/ready.py +++ /dev/null @@ -1,203 +0,0 @@ -#!/usr/bin/env python -import getopt -import logging -import os -import sys -import time -import random - -from kubernetes import client - -# extract env variables. -namespace = os.environ['NAMESPACE'] -cert = os.environ['CERT'] -host = os.environ['KUBERNETES_SERVICE_HOST'] -token_path = os.environ['TOKEN'] - -with open(token_path, 'r') as token_file: - token = token_file.read().replace('\n', '') - -# setup logging -log = logging.getLogger(__name__) -handler = logging.StreamHandler(sys.stdout) -formatter = logging.Formatter('%(asctime)s - %(levelname)s - %(message)s') -handler.setFormatter(formatter) -handler.setLevel(logging.INFO) -log.addHandler(handler) -log.setLevel(logging.INFO) - -configuration = client.Configuration() -configuration.host = "https://" + host -configuration.ssl_ca_cert = cert -configuration.api_key['authorization'] = token -configuration.api_key_prefix['authorization'] = 'Bearer' -coreV1Api = client.CoreV1Api(client.ApiClient(configuration)) -api_instance = client.ExtensionsV1beta1Api(client.ApiClient(configuration)) -api = client.AppsV1beta1Api(client.ApiClient(configuration)) -batchV1Api = client.BatchV1Api(client.ApiClient(configuration)) - - -def is_job_complete(job_name): - complete = False - log.info("Checking if " + job_name + " is complete") - try: - response = batchV1Api.read_namespaced_job_status(job_name, namespace) - if response.status.succeeded == 1: - job_status_type = response.status.conditions[0].type - if job_status_type == "Complete": - complete = True - log.info(job_name + " is complete") - else: - log.info(job_name + " is not complete") - else: - log.info(job_name + " has not succeeded yet") - return complete - except Exception as e: - log.error("Exception when calling read_namespaced_job_status: %s\n" % e) - - -def wait_for_statefulset_complete(statefulset_name): - try: - response = api.read_namespaced_stateful_set(statefulset_name, namespace) - s = response.status - if (s.replicas == response.spec.replicas and - s.ready_replicas == response.spec.replicas and - s.observed_generation == response.metadata.generation): - log.info("Statefulset " + statefulset_name + " is ready") - return True - else: - log.info("Statefulset " + statefulset_name + " is not ready") - return False - except Exception as e: - log.error("Exception when waiting for Statefulset status: %s\n" % e) - - -def wait_for_deployment_complete(deployment_name): - try: - response = api.read_namespaced_deployment(deployment_name, namespace) - s = response.status - if (s.unavailable_replicas is None and - ( s.updated_replicas is None or s.updated_replicas == response.spec.replicas ) and - s.replicas == response.spec.replicas and - s.ready_replicas == response.spec.replicas and - s.observed_generation == response.metadata.generation): - log.info("Deployment " + deployment_name + " is ready") - return True - else: - log.info("Deployment " + deployment_name + " is not ready") - return False - except Exception as e: - log.error("Exception when waiting for deployment status: %s\n" % e) - - -def wait_for_daemonset_complete(daemonset_name): - try: - response = api_instance.read_namespaced_daemon_set(daemonset_name, namespace) - s = response.status - if s.desired_number_scheduled == s.number_ready: - log.info("DaemonSet: " + str(s.number_ready) + "/" + str(s.desired_number_scheduled) + " nodes ready --> " + daemonset_name + " is ready") - return True - else: - log.info("DaemonSet: " + str(s.number_ready) + "/" + str(s.desired_number_scheduled) + " nodes ready --> " + daemonset_name + " is not ready") - return False - except Exception as e: - log.error("Exception when waiting for DaemonSet status: %s\n" % e) - - -def is_ready(container_name): - ready = False - log.info("Checking if " + container_name + " is ready") - try: - response = coreV1Api.list_namespaced_pod(namespace=namespace, - watch=False) - for i in response.items: - # container_statuses can be None, which is non-iterable. - if i.status.container_statuses is None: - continue - for s in i.status.container_statuses: - if s.name == container_name: - name = read_name(i) - if i.metadata.owner_references[0].kind == "StatefulSet": - ready = wait_for_statefulset_complete(name) - elif i.metadata.owner_references[0].kind == "ReplicaSet": - deployment_name = get_deployment_name(name) - ready = wait_for_deployment_complete(deployment_name) - elif i.metadata.owner_references[0].kind == "Job": - ready = is_job_complete(name) - elif i.metadata.owner_references[0].kind == "DaemonSet": - ready = wait_for_daemonset_complete(i.metadata.owner_references[0].name) - - return ready - - else: - continue - return ready - except Exception as e: - log.error("Exception when calling list_namespaced_pod: %s\n" % e) - - -def read_name(item): - return item.metadata.owner_references[0].name - - -def get_deployment_name(replicaset): - api_response = api_instance.read_namespaced_replica_set_status(replicaset, - namespace) - deployment_name = read_name(api_response) - return deployment_name - - -DEF_TIMEOUT = 10 -DESCRIPTION = "Kubernetes container readiness check utility" -USAGE = "Usage: ready.py [-t <timeout>] -c <container_name> " \ - "[-c <container_name> ...]\n" \ - "where\n" \ - "<timeout> - wait for container readiness timeout in min, " \ - "default is " + str(DEF_TIMEOUT) + "\n" \ - "<container_name> - name of the container to wait for\n" - - -def main(argv): - # args are a list of container names - container_names = [] - timeout = DEF_TIMEOUT - try: - opts, args = getopt.getopt(argv, "hc:t:", ["container-name=", - "timeout=", - "help"]) - for opt, arg in opts: - if opt in ("-h", "--help"): - print("%s\n\n%s" % (DESCRIPTION, USAGE)) - sys.exit() - elif opt in ("-c", "--container-name"): - container_names.append(arg) - elif opt in ("-t", "--timeout"): - timeout = float(arg) - except (getopt.GetoptError, ValueError) as e: - print("Error parsing input parameters: %s\n" % e) - print(USAGE) - sys.exit(2) - if container_names.__len__() == 0: - print("Missing required input parameter(s)\n") - print(USAGE) - sys.exit(2) - - for container_name in container_names: - timeout = time.time() + timeout * 60 - while True: - ready = is_ready(container_name) - if ready is True: - break - elif time.time() > timeout: - log.warning("timed out waiting for '" + container_name + - "' to be ready") - exit(1) - else: - # spread in time potentially parallel execution in multiple - # containers - time.sleep(random.randint(5, 11)) - - -if __name__ == "__main__": - main(sys.argv[1:]) - diff --git a/kubernetes/robot b/kubernetes/robot -Subproject ad58ed92bd7c5cc7d51c09b405a99fd360ff526 +Subproject 37ac984e35503182f7fc1b771cefa16bf0c8420 diff --git a/kubernetes/sdc/.helmignore b/kubernetes/sdc/.helmignore index daebc7da77..7ddbad7ef4 100644 --- a/kubernetes/sdc/.helmignore +++ b/kubernetes/sdc/.helmignore @@ -1,21 +1,22 @@ -# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +components/ diff --git a/kubernetes/sdc/Makefile b/kubernetes/sdc/Makefile new file mode 100644 index 0000000000..8737bd208e --- /dev/null +++ b/kubernetes/sdc/Makefile @@ -0,0 +1,58 @@ +# Copyright © 2020 Samsung Electronics, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi +else + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi +endif + + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/sdc/charts/sdc-dcae-be/Chart.yaml b/kubernetes/sdc/charts/sdc-dcae-be/Chart.yaml deleted file mode 100644 index ca6e48d03d..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-be/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP SDC DCAE Backend client of TOSCALAB and SDC -name: sdc-dcae-be -version: 6.0.0 diff --git a/kubernetes/sdc/charts/sdc-dcae-be/resources/config/logging/logback.xml b/kubernetes/sdc/charts/sdc-dcae-be/resources/config/logging/logback.xml deleted file mode 100644 index 8d1e5cd4ea..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-be/resources/config/logging/logback.xml +++ /dev/null @@ -1,205 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?>
-<!--
-================================================================================
-Copyright (C) 2018 AT&T Intellectual Property
-================================================================================
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-================================================================================
--->
-
-<configuration scan="true" scanPeriod="3 seconds">
- <property name="logDir" value="/var/log/onap" />
- <property name="componentName" scope="system" value="sdc"></property>
- <property name="subComponentName" scope="system" value="dcae-be"></property>
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
- <property file="${config.home}/dcae-be/configuration.yaml" />
- <property name="enable-all-log" scope="context" value="false" />
- <!-- log file names -->
- <property name="errorLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
- <property name="transactionLogName" value="transaction" />
- <property name="allLogName" value="all" />
- <property name="queueSize" value="256" />
- <property name="maxFileSize" value="50MB" />
- <property name="maxHistory" value="30" />
- <property name="totalSizeCap" value="10GB" />
- <property name="pattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
- <!-- All log -->
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>
- <then>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ALL_ROLLING">
- <file>${logDirectory}/${allLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${allLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ALL">
- <appender-ref ref="ALL_ROLLING" />
- </appender>
- </then>
- </if>
- <!-- Error log -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ERROR_ROLLING">
- <file>${logDirectory}/${errorLogName}.log</file>
- <!-- Audit messages filter - deny audit messages -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>AUDIT_MARKER</marker>
- </evaluator>
- <onMismatch>NEUTRAL</onMismatch>
- <onMatch>DENY</onMatch>
- </filter>
- <!-- Transaction messages filter - deny Transaction messages -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>TRANSACTION_MARKER</marker>
- </evaluator>
- <onMismatch>NEUTRAL</onMismatch>
- <onMatch>DENY</onMatch>
- </filter>
- <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- Debug log -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="DEBUG_ROLLING">
- <file>${logDirectory}/${debugLogName}.log</file>
- <!-- No need to deny audit messages - they are INFO only, will be denied
- anyway -->
- <!-- Transaction messages filter - deny Transaction messages, there are
- some DEBUG level messages among them -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>TRANSACTION_MARKER</marker>
- </evaluator>
- <onMismatch>NEUTRAL</onMismatch>
- <onMatch>DENY</onMatch>
- </filter>
- <!-- accept DEBUG and TRACE level -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator">
- <expression>e.level.toInt() <= DEBUG.toInt()</expression>
- </evaluator>
- <OnMismatch>DENY</OnMismatch>
- <OnMatch>NEUTRAL</OnMatch>
- </filter>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- Audit log -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="AUDIT_ROLLING">
- <file>${logDirectory}/${auditLogName}.log</file>
- <!-- Audit messages filter - accept audit messages -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>AUDIT_MARKER</marker>
- </evaluator>
- <onMismatch>DENY</onMismatch>
- <onMatch>ACCEPT</onMatch>
- </filter>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- SdncTransaction log -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="TRANSACTION_ROLLING">
- <file>${logDirectory}/${transactionLogName}.log</file>
- <!-- Transaction messages filter - accept audit messages -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>TRANSACTION_MARKER</marker>
- </evaluator>
- <onMismatch>DENY</onMismatch>
- <onMatch>ACCEPT</onMatch>
- </filter>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${transactionLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- Asynchronicity Configurations -->
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_DEBUG">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="DEBUG_ROLLING" />
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_TRANSACTION">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="TRANSACTION_ROLLING" />
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ERROR">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="ERROR_ROLLING" />
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="AUDIT_ROLLING" />
- </appender>
- <root level="INFO">
- <appender-ref ref="ASYNC_ERROR" />
- <appender-ref ref="ASYNC_DEBUG" />
- <appender-ref ref="ASYNC_AUDIT" />
- <appender-ref ref="ASYNC_TRANSACTION" />
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>
- <then>
- <appender-ref ref="ALL_ROLLING" />
- </then>
- </if>
- </root>
- <logger level="INFO" name="org.openecomp.sdc" />
-</configuration>
diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/NOTES.txt b/kubernetes/sdc/charts/sdc-dcae-be/templates/NOTES.txt deleted file mode 100644 index 41f9706fec..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-be/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/configmap.yaml b/kubernetes/sdc/charts/sdc-dcae-be/templates/configmap.yaml deleted file mode 100644 index 5c6af2085a..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-be/templates/configmap.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-logging-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml deleted file mode 100644 index a6196bca38..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml +++ /dev/null @@ -1,187 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - name: {{ include "common.name" . }}-readiness - command: - - /root/ready.py - args: - - --container-name - - "sdc-be" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - name: {{ include "common.name" . }}-job-completion - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" - command: - - /root/job_complete.py - args: - - --job-name - - {{ include "common.release" . }}-sdc-be-config-backend - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: {{ include "common.name" . }}-update-config - image: "{{ .Values.global.envsubstImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - sh - args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" - env: - - name: KEYSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: keystore_password - - name: TRUSTSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: truststore_password - volumeMounts: - - name: {{ include "common.fullname" . }}-environments - mountPath: /config-input/ - - name: sdc-environments-output - mountPath: /config-output/ - containers: - - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - - containerPort: {{ .Values.service.internalPort2 }} - {{ if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort2 }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end }} - readinessProbe: - httpGet: - path: /dcae/conf/composition - port: {{ .Values.service.internalPort2 }} - scheme: HTTPS - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: ENVNAME - value: {{ .Values.global.env.name }} - - name: JAVA_OPTIONS - value: {{ .Values.config.javaOptions }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - volumeMounts: - - name: sdc-environments-output - mountPath: /var/lib/jetty/chef-solo/environments/ - - name: sdc-cert - mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12 - subPath: org.onap.sdc.p12 - - name: sdc-cert - mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks - subPath: org.onap.sdc.trust.jks - - name: {{ include "common.fullname" . }}-localtime - mountPath: /etc/localtime - readOnly: true - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/lib/jetty/logs - - name: {{ include "common.fullname" . }}-logback - mountPath: /tmp/logback.xml - subPath: logback.xml - lifecycle: - postStart: - exec: - command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/dcae-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - - # side car containers - - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - volumes: - - name: {{ include "common.fullname" . }}-localtime - hostPath: - path: /etc/localtime - - name: sdc-cert - secret: - secretName: sdc-cert - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ include "common.release" . }}-sdc-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} - - name: {{ include "common.fullname" . }}-logback - configMap: - name : {{ include "common.fullname" . }}-logging-configmap - - name: {{ include "common.fullname" . }}-environments - configMap: - name: {{ include "common.release" . }}-sdc-environments-configmap - defaultMode: 0755 - - name: sdc-environments-output - emptyDir: { medium: "Memory" } - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/job.yaml b/kubernetes/sdc/charts/sdc-dcae-be/templates/job.yaml deleted file mode 100644 index 9df959abd4..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-be/templates/job.yaml +++ /dev/null @@ -1,70 +0,0 @@ -# Copyright © 2017 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "common.fullname" . }}-tools - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-job - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - backoffLimit: 20 - template: - metadata: - labels: - app: {{ include "common.name" . }}-job - release: {{ include "common.release" . }} - spec: - restartPolicy: Never - initContainers: - - name: {{ include "common.name" . }}-init-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /root/ready.py - args: - - --container-name - - {{ include "common.name" . }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - containers: - - name: {{ include "common.name" . }}-job - image: {{ include "common.repository" . }}/{{ .Values.backendInitImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-environments - mountPath: /var/lib/jetty/chef-solo/environments - env: - - name: ENVNAME - value: {{ .Values.global.env.name }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - volumes: - - name: {{ include "common.fullname" . }}-environments - configMap: - name: {{ include "common.release" . }}-sdc-environments-configmap - defaultMode: 0755 - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" - restartPolicy: Never diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/service.yaml b/kubernetes/sdc/charts/sdc-dcae-be/templates/service.yaml deleted file mode 100644 index 71edaf5734..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-be/templates/service.yaml +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "sdc-dcae-be", - "version": "v1", - "url": "/dcae", - "protocol": "REST", - "port": "{{ .Values.service.internalPort2 }}", - "visualRange": "1" - } - ]' -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - - port: {{ .Values.service.internalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName2 }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName2 }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml b/kubernetes/sdc/charts/sdc-dcae-be/values.yaml deleted file mode 100644 index 0dfed6ae14..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml +++ /dev/null @@ -1,97 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/dcae-be:1.3.4 -pullPolicy: Always -backendInitImage: onap/dcae-tools:1.3.4 - -# flag to enable debugging - application support required -debugEnabled: false - -config: - javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-be/logback-spring.xml - cassandraSslEnabled: "false" - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 240 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: false - -readiness: - initialDelaySeconds: 240 - periodSeconds: 10 - -service: - type: ClusterIP - name: sdc-dcae-be - portName: sdc-dcae-be-8082 - externalPort: 8082 - internalPort: 8082 - portName2: sdc-dcae-be-8444 - externalPort2: 8444 - internalPort2: 8444 - -ingress: - enabled: false - service: - - baseaddr: "sdc.dcae.plugin" - name: "sdc-dcae-be" - port: 8282 - config: - ssl: "none" - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 1 - memory: 4Gi - requests: - cpu: 10m - memory: 1Gi - large: - limits: - cpu: 2 - memory: 8Gi - requests: - cpu: 20m - memory: 2Gi - unlimited: {} diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/Chart.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/Chart.yaml deleted file mode 100644 index ae38135e2e..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-dt/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP DCAE desiner composition tool for creating customized templates -name: sdc-dcae-dt -version: 6.0.0 diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/resources/config/logging/logback.xml b/kubernetes/sdc/charts/sdc-dcae-dt/resources/config/logging/logback.xml deleted file mode 100644 index 89fd30159c..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-dt/resources/config/logging/logback.xml +++ /dev/null @@ -1,205 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?>
-<!--
-================================================================================
-Copyright (C) 2018 AT&T Intellectual Property
-================================================================================
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-================================================================================
--->
-
-<configuration scan="true" scanPeriod="3 seconds">
- <property name="logDir" value="/var/log/onap" />
- <property name="componentName" scope="system" value="sdc"></property>
- <property name="subComponentName" scope="system" value="dcae-dt"></property>
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
- <property file="${config.home}/dcae-dt/configuration.yaml" />
- <property name="enable-all-log" scope="context" value="false" />
- <!-- log file names -->
- <property name="errorLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
- <property name="transactionLogName" value="transaction" />
- <property name="allLogName" value="all" />
- <property name="queueSize" value="256" />
- <property name="maxFileSize" value="50MB" />
- <property name="maxHistory" value="30" />
- <property name="totalSizeCap" value="10GB" />
- <property name="pattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
- <!-- All log -->
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>
- <then>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ALL_ROLLING">
- <file>${logDirectory}/${allLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${allLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ALL">
- <appender-ref ref="ALL_ROLLING" />
- </appender>
- </then>
- </if>
- <!-- Error log -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ERROR_ROLLING">
- <file>${logDirectory}/${errorLogName}.log</file>
- <!-- Audit messages filter - deny audit messages -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>AUDIT_MARKER</marker>
- </evaluator>
- <onMismatch>NEUTRAL</onMismatch>
- <onMatch>DENY</onMatch>
- </filter>
- <!-- Transaction messages filter - deny Transaction messages -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>TRANSACTION_MARKER</marker>
- </evaluator>
- <onMismatch>NEUTRAL</onMismatch>
- <onMatch>DENY</onMatch>
- </filter>
- <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- Debug log -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="DEBUG_ROLLING">
- <file>${logDirectory}/${debugLogName}.log</file>
- <!-- No need to deny audit messages - they are INFO only, will be denied
- anyway -->
- <!-- Transaction messages filter - deny Transaction messages, there are
- some DEBUG level messages among them -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>TRANSACTION_MARKER</marker>
- </evaluator>
- <onMismatch>NEUTRAL</onMismatch>
- <onMatch>DENY</onMatch>
- </filter>
- <!-- accept DEBUG and TRACE level -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator">
- <expression>e.level.toInt() <= DEBUG.toInt()</expression>
- </evaluator>
- <OnMismatch>DENY</OnMismatch>
- <OnMatch>NEUTRAL</OnMatch>
- </filter>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- Audit log -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="AUDIT_ROLLING">
- <file>${logDirectory}/${auditLogName}.log</file>
- <!-- Audit messages filter - accept audit messages -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>AUDIT_MARKER</marker>
- </evaluator>
- <onMismatch>DENY</onMismatch>
- <onMatch>ACCEPT</onMatch>
- </filter>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- SdncTransaction log -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="TRANSACTION_ROLLING">
- <file>${logDirectory}/${transactionLogName}.log</file>
- <!-- Transaction messages filter - accept audit messages -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>TRANSACTION_MARKER</marker>
- </evaluator>
- <onMismatch>DENY</onMismatch>
- <onMatch>ACCEPT</onMatch>
- </filter>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${transactionLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- Asynchronicity Configurations -->
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_DEBUG">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="DEBUG_ROLLING" />
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_TRANSACTION">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="TRANSACTION_ROLLING" />
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ERROR">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="ERROR_ROLLING" />
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="AUDIT_ROLLING" />
- </appender>
- <root level="INFO">
- <appender-ref ref="ASYNC_ERROR" />
- <appender-ref ref="ASYNC_DEBUG" />
- <appender-ref ref="ASYNC_AUDIT" />
- <appender-ref ref="ASYNC_TRANSACTION" />
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>
- <then>
- <appender-ref ref="ALL_ROLLING" />
- </then>
- </if>
- </root>
- <logger level="INFO" name="org.openecomp.sdc" />
-</configuration>
diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/NOTES.txt b/kubernetes/sdc/charts/sdc-dcae-dt/templates/NOTES.txt deleted file mode 100644 index 0063bb6c80..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.fullname" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/configmap.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/templates/configmap.yaml deleted file mode 100644 index 257803fd91..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/configmap.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-logging-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }} diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml deleted file mode 100644 index 8f3e98ce61..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml +++ /dev/null @@ -1,182 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - name: {{ include "common.name" . }}-readiness - command: - - /root/ready.py - args: - - --container-name - - sdc-dcae-be - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - name: {{ include "common.name" . }}-job-completion - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" - command: - - /root/job_complete.py - args: - - --job-name - - {{ include "common.release" . }}-sdc-dcae-be-tools - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: {{ include "common.name" . }}-update-config - image: "{{ .Values.global.envsubstImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - sh - args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" - env: - - name: KEYSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: keystore_password - - name: TRUSTSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: truststore_password - volumeMounts: - - name: {{ include "common.fullname" . }}-environments - mountPath: /config-input/ - - name: sdc-environments-output - mountPath: /config-output/ - containers: - - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - {{ if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end }} - readinessProbe: - httpGet: - path: /dcae/healthCheckOld - port: {{ .Values.service.internalPort }} - scheme: HTTPS - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: ENVNAME - value: {{ .Values.global.env.name }} - - name: JAVA_OPTIONS - value: {{ .Values.config.javaOptions }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - volumeMounts: - - name: sdc-environments-output - mountPath: /var/lib/jetty/chef-solo/environments/ - - name: sdc-cert - mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.p12 - subPath: org.onap.sdc.p12 - - name: sdc-cert - mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.trust.jks - subPath: org.onap.sdc.trust.jks - - name: {{ include "common.fullname" . }}-localtime - mountPath: /etc/localtime - readOnly: true - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/lib/jetty/logs - - name: {{ include "common.fullname" . }}-logback - mountPath: /tmp/logback.xml - subPath: logback.xml - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - - # side car containers - - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - volumes: - - name: {{ include "common.fullname" . }}-localtime - hostPath: - path: /etc/localtime - - name: sdc-cert - secret: - secretName: sdc-cert - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ include "common.release" . }}-sdc-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} - - name: {{ include "common.fullname" . }}-logback - configMap: - name : {{ include "common.fullname" . }}-logging-configmap - - name: {{ include "common.fullname" . }}-environments - configMap: - name: {{ include "common.release" . }}-sdc-environments-configmap - defaultMode: 0755 - - name: sdc-environments-output - emptyDir: { medium: "Memory" } - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/service.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/templates/service.yaml deleted file mode 100644 index 88445c1d56..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/service.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "sdc-dcae-dt", - "version": "v1", - "url": "/dcae", - "protocol": "UI", - "port": "{{ .Values.service.internalPort }}", - "visualRange": "0|1" - } - ]' -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml deleted file mode 100644 index 6dbec2bc24..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml +++ /dev/null @@ -1,86 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/dcae-dt:1.3.4 -pullPolicy: IfNotPresent -config: - javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-dt/logback-spring.xml - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - enabled: false - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: NodePort - name: sdc-dcae-dt - portName: dcae-dt - nodePort: "66" - internalPort: 9446 - -ingress: - enabled: false - service: - - baseaddr: "dcaedt" - name: "sdc-dcae-dt" - port: 9446 - config: - ssl: "redirect" - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 1 - memory: 4Gi - requests: - cpu: 10m - memory: 1Gi - large: - limits: - cpu: 2 - memory: 8Gi - requests: - cpu: 20m - memory: 2Gi - unlimited: {} diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/Chart.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/Chart.yaml deleted file mode 100644 index 7eb7782cac..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-fe/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2013 Amdocs, AT&T,Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP SDC DCAE UI for service monitoring and MC create and configure -name: sdc-dcae-fe -version: 6.0.0 diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/resources/config/logging/logback.xml b/kubernetes/sdc/charts/sdc-dcae-fe/resources/config/logging/logback.xml deleted file mode 100644 index 8dbf347dc7..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-fe/resources/config/logging/logback.xml +++ /dev/null @@ -1,204 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?>
-<!--
-================================================================================
-Copyright (C) 2018 AT&T Intellectual Property
-================================================================================
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-================================================================================
--->
-<configuration scan="true" scanPeriod="3 seconds">
- <property name="logDir" value="/var/log/onap" />
- <property name="componentName" scope="system" value="sdc"></property>
- <property name="subComponentName" scope="system" value="dcae-fe"></property>
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
- <property file="${config.home}/dcae-fe/configuration.yaml" />
- <property name="enable-all-log" scope="context" value="false" />
- <!-- log file names -->
- <property name="errorLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
- <property name="transactionLogName" value="transaction" />
- <property name="allLogName" value="all" />
- <property name="queueSize" value="256" />
- <property name="maxFileSize" value="50MB" />
- <property name="maxHistory" value="30" />
- <property name="totalSizeCap" value="10GB" />
- <property name="pattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
- <!-- All log -->
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>
- <then>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ALL_ROLLING">
- <file>${logDirectory}/${allLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${allLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ALL">
- <appender-ref ref="ALL_ROLLING" />
- </appender>
- </then>
- </if>
- <!-- Error log -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ERROR_ROLLING">
- <file>${logDirectory}/${errorLogName}.log</file>
- <!-- Audit messages filter - deny audit messages -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>AUDIT_MARKER</marker>
- </evaluator>
- <onMismatch>NEUTRAL</onMismatch>
- <onMatch>DENY</onMatch>
- </filter>
- <!-- Transaction messages filter - deny Transaction messages -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>TRANSACTION_MARKER</marker>
- </evaluator>
- <onMismatch>NEUTRAL</onMismatch>
- <onMatch>DENY</onMatch>
- </filter>
- <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- Debug log -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="DEBUG_ROLLING">
- <file>${logDirectory}/${debugLogName}.log</file>
- <!-- No need to deny audit messages - they are INFO only, will be denied
- anyway -->
- <!-- Transaction messages filter - deny Transaction messages, there are
- some DEBUG level messages among them -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>TRANSACTION_MARKER</marker>
- </evaluator>
- <onMismatch>NEUTRAL</onMismatch>
- <onMatch>DENY</onMatch>
- </filter>
- <!-- accept DEBUG and TRACE level -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator">
- <expression>e.level.toInt() <= DEBUG.toInt()</expression>
- </evaluator>
- <OnMismatch>DENY</OnMismatch>
- <OnMatch>NEUTRAL</OnMatch>
- </filter>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- Audit log -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="AUDIT_ROLLING">
- <file>${logDirectory}/${auditLogName}.log</file>
- <!-- Audit messages filter - accept audit messages -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>AUDIT_MARKER</marker>
- </evaluator>
- <onMismatch>DENY</onMismatch>
- <onMatch>ACCEPT</onMatch>
- </filter>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- SdncTransaction log -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="TRANSACTION_ROLLING">
- <file>${logDirectory}/${transactionLogName}.log</file>
- <!-- Transaction messages filter - accept audit messages -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>TRANSACTION_MARKER</marker>
- </evaluator>
- <onMismatch>DENY</onMismatch>
- <onMatch>ACCEPT</onMatch>
- </filter>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${transactionLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- Asynchronicity Configurations -->
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_DEBUG">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="DEBUG_ROLLING" />
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_TRANSACTION">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="TRANSACTION_ROLLING" />
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ERROR">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="ERROR_ROLLING" />
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="AUDIT_ROLLING" />
- </appender>
- <root level="INFO">
- <appender-ref ref="ASYNC_ERROR" />
- <appender-ref ref="ASYNC_DEBUG" />
- <appender-ref ref="ASYNC_AUDIT" />
- <appender-ref ref="ASYNC_TRANSACTION" />
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>
- <then>
- <appender-ref ref="ALL_ROLLING" />
- </then>
- </if>
- </root>
- <logger level="INFO" name="org.openecomp.sdc" />
-</configuration>
diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/NOTES.txt b/kubernetes/sdc/charts/sdc-dcae-fe/templates/NOTES.txt deleted file mode 100644 index 0063bb6c80..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.fullname" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/configmap.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/templates/configmap.yaml deleted file mode 100644 index 257803fd91..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/configmap.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-logging-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }} diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml deleted file mode 100644 index a2278b6df8..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml +++ /dev/null @@ -1,186 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - name: {{ include "common.name" . }}-readiness - command: - - /root/ready.py - args: - - --container-name - - sdc-dcae-be - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - name: {{ include "common.name" . }}-job-completion - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" - command: - - /root/job_complete.py - args: - - --job-name - - {{ include "common.release" . }}-sdc-dcae-be-tools - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: {{ include "common.name" . }}-update-config - image: "{{ .Values.global.envsubstImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - sh - args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" - env: - - name: KEYSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: keystore_password - - name: TRUSTSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: truststore_password - volumeMounts: - - name: {{ include "common.fullname" . }}-environments - mountPath: /config-input/ - - name: sdc-environments-output - mountPath: /config-output/ - containers: - - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - {{ if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end }} - readinessProbe: - httpGet: - path: /dcaed/healthCheck - port: {{ .Values.service.internalPort }} - scheme: HTTPS - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: ENVNAME - value: {{ .Values.global.env.name }} - - name: JAVA_OPTIONS - value: {{ .Values.config.javaOptions }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - volumeMounts: - - name: sdc-environments-output - mountPath: /var/lib/jetty/chef-solo/environments/ - - name: sdc-cert - mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12 - subPath: org.onap.sdc.p12 - - name: sdc-cert - mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks - subPath: org.onap.sdc.trust.jks - - name: {{ include "common.fullname" . }}-localtime - mountPath: /etc/localtime - readOnly: true - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/lib/jetty/logs - - name: {{ include "common.fullname" . }}-logback - mountPath: /tmp/logback.xml - subPath: logback.xml - lifecycle: - postStart: - exec: - command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/dcae-fe/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - - # side car containers - - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - volumes: - - name: {{ include "common.fullname" . }}-localtime - hostPath: - path: /etc/localtime - - name: sdc-cert - secret: - secretName: sdc-cert - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ include "common.release" . }}-sdc-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} - - name: {{ include "common.fullname" . }}-logback - configMap: - name : {{ include "common.fullname" . }}-logging-configmap - - name: {{ include "common.fullname" . }}-environments - configMap: - name: {{ include "common.release" . }}-sdc-environments-configmap - defaultMode: 0755 - - name: sdc-environments-output - emptyDir: { medium: "Memory" } - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/service.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/templates/service.yaml deleted file mode 100644 index e1f541b6b1..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/service.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "dcae-gui", - "version": "v1", - "url": "/dcae", - "protocol": "UI", - "port": "{{ .Values.service.internalPort }}", - "visualRange": "0|1" - } - ]' -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml deleted file mode 100644 index eae409a431..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml +++ /dev/null @@ -1,90 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/dcae-fe:1.3.4 -pullPolicy: Always -config: - javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-fe/logback-spring.xml - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: false - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - #Example service definition with external, internal and node ports. - #Services may use any combination of ports depending on the 'type' of - #service being defined. - type: NodePort - name: sdc-dcae-fe - portName: dcae-fe - nodePort: "64" - internalPort: 9444 - -ingress: - enabled: false - service: - - baseaddr: "dcaedt" - name: "sdc-dcae-fe" - port: 9444 - config: - ssl: "redirect" -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 1 - memory: 4Gi - requests: - cpu: 10m - memory: 1Gi - large: - limits: - cpu: 2 - memory: 8Gi - requests: - cpu: 20m - memory: 2Gi - unlimited: {} diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/Chart.yaml b/kubernetes/sdc/charts/sdc-dcae-tosca-lab/Chart.yaml deleted file mode 100644 index f851518a4e..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Tosca model for component monitoring and descriptors deployment -name: sdc-dcae-tosca-lab -version: 6.0.0 diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/NOTES.txt b/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/NOTES.txt deleted file mode 100644 index 41f9706fec..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/deployment.yaml deleted file mode 100644 index 75b486138b..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/deployment.yaml +++ /dev/null @@ -1,127 +0,0 @@ -# Copyright © 2017 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - name: {{ include "common.name" . }}-readiness - command: - - /root/ready.py - args: - - --container-name - - "sdc-dcae-be" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - containers: - - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - - containerPort: {{ .Values.service.internalPort2 }} - {{ if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort2 }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end }} - readinessProbe: - httpGet: - path: /healthcheck - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: ENVNAME - value: {{ .Values.global.env.name }} - - name: JAVA_OPTIONS - value: {{ .Values.config.javaOptions }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - volumeMounts: - - name: {{ include "common.fullname" . }}-environments - mountPath: /var/lib/jetty/chef-solo/environments/ - - name: {{ include "common.fullname" . }}-localtime - mountPath: /etc/localtime - readOnly: true - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - # side car containers - - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - volumes: - - name: {{ include "common.fullname" . }}-localtime - hostPath: - path: /etc/localtime - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ include "common.release" . }}-sdc-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} - - name: {{ include "common.fullname" . }}-environments - configMap: - name: {{ include "common.release" . }}-sdc-environments-configmap - defaultMode: 0755 - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/service.yaml b/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/service.yaml deleted file mode 100644 index 04661b9ea1..0000000000 --- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/service.yaml +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "dcae-be", - "version": "v1", - "url": "/dcae", - "protocol": "REST", - "port": "{{ .Values.service.internalPort2 }}", - "visualRange": "1" - } - ]' -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - - port: {{ .Values.service.internalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName2 }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName2 }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/sdc/charts/sdc-fe/resources/config/plugins/plugins-configuration.yaml b/kubernetes/sdc/charts/sdc-fe/resources/config/plugins/plugins-configuration.yaml deleted file mode 100644 index f9a3b17e03..0000000000 --- a/kubernetes/sdc/charts/sdc-fe/resources/config/plugins/plugins-configuration.yaml +++ /dev/null @@ -1,28 +0,0 @@ -pluginsList: - - pluginId: DCAED - pluginDiscoveryUrl: "{{ .Values.config.plugins.dcae_discovery_url }}" - pluginSourceUrl: "{{ .Values.config.plugins.dcae_source_url }}" - pluginStateUrl: "dcaed" - pluginDisplayOptions: - context: - displayName: "Monitoring" - displayContext: ["SERVICE"] - displayRoles: ["DESIGNER"] - - pluginId: DCAE-DS - pluginDiscoveryUrl: "{{ .Values.config.plugins.dcae_dt_discovery_url }}" - pluginSourceUrl: "{{ .Values.config.plugins.dcae_dt_source_url }}" - pluginStateUrl: "dcae-ds" - pluginDisplayOptions: - tab: - displayName: "DCAE-DS" - displayRoles: ["DESIGNER"] - - pluginId: WORKFLOW - pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url }}" - pluginSourceUrl: "{{ .Values.config.plugins.workflow_source_url }}" - pluginStateUrl: "workflowDesigner" - pluginDisplayOptions: - tab: - displayName: "WORKFLOW" - displayRoles: ["DESIGNER", "TESTER"] - -connectionTimeout: 1000
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/.helmignore b/kubernetes/sdc/charts/sdc-onboarding-be/.helmignore deleted file mode 100644 index daebc7da77..0000000000 --- a/kubernetes/sdc/charts/sdc-onboarding-be/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml deleted file mode 100644 index cc9f38be6d..0000000000 --- a/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml +++ /dev/null @@ -1,70 +0,0 @@ -# Copyright © 2017 Amdocs, AT&T, Bell Canada -# Modifications Copyright © 2018 ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ if .Values.initJob.enabled }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "common.fullname" . }}-workflow-init - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-job - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - backoffLimit: 20 - template: - metadata: - labels: - app: {{ include "common.name" . }}-job - release: {{ include "common.release" . }} - spec: - restartPolicy: Never - initContainers: - - name: {{ include "common.name" . }}-init-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /root/job_complete.py - args: - - --job-name - - {{ include "common.release" . }}-sdc-cs-config-cassandra - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - containers: - - name: {{ include "common.name" . }}-job - image: "{{ include "common.repository" . }}/{{ .Values.configInitImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CS_HOST - value: "{{ .Values.global.cassandra.serviceName }}" - - name: CS_PORT - value: "{{ .Values.config.cassandraClientPort }}" - - name: CS_AUTHENTICATE - value: "{{ .Values.config.cassandraAuthenticationEnabled }}" - - name: CS_USER - valueFrom: - secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user} - - name: CS_PASSWORD - valueFrom: - secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" -{{ end }} diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/ingress.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/ingress.yaml deleted file mode 100644 index 8f87c68f1e..0000000000 --- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/ingress.yaml +++ /dev/null @@ -1 +0,0 @@ -{{ include "common.ingress" . }} diff --git a/kubernetes/sdc/components/Makefile b/kubernetes/sdc/components/Makefile new file mode 100644 index 0000000000..577fd95b4c --- /dev/null +++ b/kubernetes/sdc/components/Makefile @@ -0,0 +1,56 @@ +# Copyright © 2020 Samsung Electronics, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi +else + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi +endif + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/portal/components/portal-zookeeper/.helmignore b/kubernetes/sdc/components/sdc-be/.helmignore index daebc7da77..daebc7da77 100644 --- a/kubernetes/portal/components/portal-zookeeper/.helmignore +++ b/kubernetes/sdc/components/sdc-be/.helmignore diff --git a/kubernetes/sdc/charts/sdc-be/Chart.yaml b/kubernetes/sdc/components/sdc-be/Chart.yaml index 3189bebf01..3189bebf01 100644 --- a/kubernetes/sdc/charts/sdc-be/Chart.yaml +++ b/kubernetes/sdc/components/sdc-be/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-be/requirements.yaml b/kubernetes/sdc/components/sdc-be/requirements.yaml new file mode 100644 index 0000000000..4bbe175a80 --- /dev/null +++ b/kubernetes/sdc/components/sdc-be/requirements.yaml @@ -0,0 +1,26 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-be/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-be/resources/config/logging/logback.xml index 0f044d7646..0f044d7646 100644 --- a/kubernetes/sdc/charts/sdc-be/resources/config/logging/logback.xml +++ b/kubernetes/sdc/components/sdc-be/resources/config/logging/logback.xml diff --git a/kubernetes/sdc/charts/sdc-be/templates/NOTES.txt b/kubernetes/sdc/components/sdc-be/templates/NOTES.txt index 3a5553b84f..3a5553b84f 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/NOTES.txt +++ b/kubernetes/sdc/components/sdc-be/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-be/templates/configmap.yaml b/kubernetes/sdc/components/sdc-be/templates/configmap.yaml index ea5009914a..aa632f33f4 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/configmap.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T, ZTE # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml index 84f6d0b51d..44439869cc 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, AT&T, Bell Canada # Modifications Copyright © 2018 ZTE # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -22,10 +24,10 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - name: {{ include "common.name" . }}-readiness command: - - /root/ready.py + - /app/ready.py args: - --container-name - "sdc-onboarding-be" @@ -35,13 +37,20 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi - name: {{ include "common.name" . }}-job-completion - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" command: - - /root/job_complete.py + - /app/ready.py args: - --job-name - {{ include "common.release" . }}-sdc-onboarding-be-cassandra-init @@ -51,34 +60,60 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi + {{- if .Values.global.aafEnabled }} - name: {{ include "common.name" . }}-update-config - image: "{{ .Values.global.envsubstImage }}" + image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - sh args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" - env: - - name: KEYSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: keystore_password - - name: TRUSTSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: truststore_password - volumeMounts: + - "-c" + - | + export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export KEYSTORE_PASS=$cadi_keystore_password_p12 + export KEYMANAGER_PASS=$cadi_keystore_password_p12 + export TRUSTSTORE_PASS=$cadi_truststore_password + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output + cd /config-input && \ + for PFILE in `find . -not -type d | grep -v -F ..` + do + envsubst <${PFILE} >/config-output/${PFILE} + chmod 0755 /config-output/${PFILE} + done + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - name: {{ include "common.fullname" . }}-environments mountPath: /config-input/ - name: sdc-environments-output mountPath: /config-output/ + {{- end }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - "-c" + - | + sed -i '/trustStorePassword/d' ${JETTY_BASE}/startup.sh + ${JETTY_BASE}/startup.sh + {{- end }} ports: {{ include "common.containerPorts" . | nindent 10 }} {{ if eq .Values.liveness.enabled true }} livenessProbe: @@ -100,7 +135,7 @@ spec: resources: {{ include "common.resources" . | nindent 12 }} env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} - name: cassandra_ssl_enabled @@ -112,10 +147,10 @@ spec: volumeMounts: - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime @@ -132,7 +167,7 @@ spec: command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/catalog-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] # side car containers - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf @@ -142,13 +177,17 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data - volumes: + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime - - name: sdc-cert - secret: - secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/ingress.yaml b/kubernetes/sdc/components/sdc-be/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/ingress.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/ingress.yaml diff --git a/kubernetes/sdc/charts/sdc-be/templates/job.yaml b/kubernetes/sdc/components/sdc-be/templates/job.yaml index a4b44a1a54..b9db3f93c8 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/job.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, AT&T, Bell Canada # Modifications Copyright © 2018 ZTE # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: batch/v1 kind: Job @@ -32,35 +34,51 @@ spec: restartPolicy: Never initContainers: - name: {{ include "common.name" . }}-init-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - sdc-be + - "-t" + - "35" env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi containers: - name: {{ include "common.name" . }}-job - image: "{{ include "common.repository" . }}/{{ .Values.backendInitImage }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.backendInitImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-environments - mountPath: /home/sdc/chef-solo/environments/ + mountPath: /home/onap/chef-solo/environments/ - name: sdc-logs mountPath: /var/lib/jetty/logs env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: HOST_IP valueFrom: fieldRef: fieldPath: status.podIP + resources: + limits: + cpu: 800m + memory: 1024Mi + requests: + cpu: 200m + memory: 200Mi volumes: - name: {{ include "common.fullname" . }}-environments configMap: diff --git a/kubernetes/sdc/charts/sdc-be/templates/service.yaml b/kubernetes/sdc/components/sdc-be/templates/service.yaml index a0d0f5b438..fd6a25408d 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T, ZTE # @@ -12,5 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.service" . }} diff --git a/kubernetes/sdc/charts/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml index efe9cb0cf0..e9f83b6978 100644 --- a/kubernetes/sdc/charts/sdc-be/values.yaml +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -18,23 +18,58 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 + aafEnabled: true + cassandra: + #This flag allows SDC to instantiate its own cluster, serviceName + #should be sdc-cs if this flag is enabled + localCluster: false + #The cassandra service name to connect to (default: shared cassandra service) + serviceName: cassandra + #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled + #to match with its own cluster replica + replicaCount: 3 + clusterName: cassandra + dataCenter: Pod ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/sdc-backend:1.6.7 -backendInitImage: onap/sdc-backend-init:1.6.7 +image: onap/sdc-backend-all-plugins:1.7.3 +backendInitImage: onap/sdc-backend-init:1.7.3 + pullPolicy: Always # flag to enable debugging - application support required debugEnabled: false +#environment file +env: + name: AUTO + +certInitializer: + nameOverride: sdc-be-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: sdc + fqi: sdc@sdc.onap.org + public_fqdn: sdc.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + addconfig: true + keystoreFile: "org.onap.sdc.p12" + truststoreFile: "org.onap.sdc.trust.jks" + permission_user: 352070 + permission_group: 35953 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop + +################################################################# +# SDC Config part +################################################################# config: javaOptions: "-Xmx1536m -Xms1536m" cassandraSslEnabled: "false" @@ -66,12 +101,13 @@ service: name: sdc-be both_tls_and_plain: true msb: - - port: 8080 + - port: 8443 url: "/sdc/v1" version: "v1" protocol: "REST" visualRange: "1" serviceName: sdc + enable_ssl: true - port: 8080 url: "/sdc/v1" version: "v1" @@ -102,15 +138,15 @@ resources: small: limits: cpu: 1 - memory: 4Gi + memory: 2Gi requests: - cpu: 10m + cpu: 100m memory: 1Gi large: limits: cpu: 2 - memory: 8Gi + memory: 4Gi requests: - cpu: 20m + cpu: 200m memory: 2Gi unlimited: {} diff --git a/kubernetes/sdc/charts/sdc-be/.helmignore b/kubernetes/sdc/components/sdc-cs/.helmignore index daebc7da77..daebc7da77 100644 --- a/kubernetes/sdc/charts/sdc-be/.helmignore +++ b/kubernetes/sdc/components/sdc-cs/.helmignore diff --git a/kubernetes/sdc/charts/sdc-cs/Chart.yaml b/kubernetes/sdc/components/sdc-cs/Chart.yaml index 973ca4512e..973ca4512e 100644 --- a/kubernetes/sdc/charts/sdc-cs/Chart.yaml +++ b/kubernetes/sdc/components/sdc-cs/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-cs/requirements.yaml b/kubernetes/sdc/components/sdc-cs/requirements.yaml new file mode 100644 index 0000000000..a37208c8b7 --- /dev/null +++ b/kubernetes/sdc/components/sdc-cs/requirements.yaml @@ -0,0 +1,26 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-cs/templates/NOTES.txt b/kubernetes/sdc/components/sdc-cs/templates/NOTES.txt index 3a5553b84f..3a5553b84f 100644 --- a/kubernetes/sdc/charts/sdc-cs/templates/NOTES.txt +++ b/kubernetes/sdc/components/sdc-cs/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-cs/templates/job.yaml b/kubernetes/sdc/components/sdc-cs/templates/job.yaml index 4e4aad46fc..bb218bbfae 100644 --- a/kubernetes/sdc/charts/sdc-cs/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-cs/templates/job.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, AT&T, Bell Canada # Modifications Copyright © 2018 ZTE # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: batch/v1 kind: Job @@ -34,10 +36,10 @@ spec: restartPolicy: Never initContainers: - name: {{ include "common.name" . }}-init-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name {{- if .Values.global.cassandra.localCluster }} @@ -45,15 +47,24 @@ spec: {{- else }} - cassandra {{- end }} + - "-t" + - "15" env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi containers: - name: {{ include "common.name" . }}-job - image: "{{ include "common.repository" . }}/{{ .Values.cassandraInitImage }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.cassandraInitImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-environments @@ -62,7 +73,7 @@ spec: mountPath: /home/sdc/chef-solo/cache env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: RELEASE value: {{ .Values.config.release }} - name: SDC_USER @@ -78,6 +89,13 @@ spec: valueFrom: fieldRef: fieldPath: status.podIP + resources: + limits: + cpu: 800m + memory: 1024Mi + requests: + cpu: 200m + memory: 300Mi volumes: - name: {{ include "common.fullname" . }}-environments configMap: diff --git a/kubernetes/sdc/charts/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml index 927dd98887..efe6dcddea 100644 --- a/kubernetes/sdc/charts/sdc-cs/values.yaml +++ b/kubernetes/sdc/components/sdc-cs/values.yaml @@ -18,18 +18,28 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 + readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + cassandra: + #This flag allows SDC to instantiate its own cluster, serviceName + #should be sdc-cs if this flag is enabled + localCluster: false + #The cassandra service name to connect to (default: shared cassandra service) + serviceName: cassandra + #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled + #to match with its own cluster replica + replicaCount: 3 + clusterName: cassandra + dataCenter: Pod ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-cassandra:1.6.7 -cassandraInitImage: onap/sdc-cassandra-init:1.6.7 +image: onap/sdc-cassandra:1.7.3 +cassandraInitImage: onap/sdc-cassandra-init:1.7.3 pullPolicy: Always @@ -38,6 +48,10 @@ config: maxHeapSize: "1536M" heapNewSize: "512M" +#environment file +env: + name: AUTO + # default number of instances replicaCount: 1 @@ -90,23 +104,3 @@ persistence: ingress: enabled: false - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 1 - memory: 4Gi - requests: - cpu: 10m - memory: 1Gi - large: - limits: - cpu: 2 - memory: 8Gi - requests: - cpu: 20m - memory: 2Gi - unlimited: {} diff --git a/kubernetes/sdc/charts/sdc-cs/.helmignore b/kubernetes/sdc/components/sdc-fe/.helmignore index daebc7da77..daebc7da77 100644 --- a/kubernetes/sdc/charts/sdc-cs/.helmignore +++ b/kubernetes/sdc/components/sdc-fe/.helmignore diff --git a/kubernetes/sdc/charts/sdc-fe/Chart.yaml b/kubernetes/sdc/components/sdc-fe/Chart.yaml index 4794092b6c..4794092b6c 100644 --- a/kubernetes/sdc/charts/sdc-fe/Chart.yaml +++ b/kubernetes/sdc/components/sdc-fe/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-fe/requirements.yaml b/kubernetes/sdc/components/sdc-fe/requirements.yaml new file mode 100644 index 0000000000..4bbe175a80 --- /dev/null +++ b/kubernetes/sdc/components/sdc-fe/requirements.yaml @@ -0,0 +1,26 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-fe/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-fe/resources/config/logging/logback.xml index 1000982b6e..1000982b6e 100644 --- a/kubernetes/sdc/charts/sdc-fe/resources/config/logging/logback.xml +++ b/kubernetes/sdc/components/sdc-fe/resources/config/logging/logback.xml diff --git a/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml b/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml new file mode 100644 index 0000000000..9dc317b2b5 --- /dev/null +++ b/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml @@ -0,0 +1,11 @@ +pluginsList: + - pluginId: WORKFLOW + pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url }}" + pluginSourceUrl: "{{ .Values.config.plugins.workflow_source_url }}" + pluginStateUrl: "workflowDesigner" + pluginDisplayOptions: + tab: + displayName: "WORKFLOW" + displayRoles: ["DESIGNER", "TESTER"] + +connectionTimeout: 1000
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-fe/templates/NOTES.txt b/kubernetes/sdc/components/sdc-fe/templates/NOTES.txt index 6319bfb6a3..6319bfb6a3 100644 --- a/kubernetes/sdc/charts/sdc-fe/templates/NOTES.txt +++ b/kubernetes/sdc/components/sdc-fe/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-fe/templates/configmap.yaml b/kubernetes/sdc/components/sdc-fe/templates/configmap.yaml index ba24fd705b..2ac85aead6 100644 --- a/kubernetes/sdc/charts/sdc-fe/templates/configmap.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T, ZTE # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml index ccfbc7064b..45c7bc85b6 100644 --- a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T, ZTE # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -34,49 +36,77 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - name: {{ include "common.name" . }}-job-completion - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" command: - - /root/job_complete.py + - /app/ready.py args: - --job-name - {{ include "common.release" . }}-sdc-be-config-backend + - "-t" + - "35" env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi + {{- if .Values.global.aafEnabled }} - name: {{ include "common.name" . }}-update-config - image: "{{ .Values.global.envsubstImage }}" + image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - sh + - sh args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" - env: - - name: KEYSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: keystore_password - - name: TRUSTSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: truststore_password - volumeMounts: + - "-c" + - | + export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export KEYSTORE_PASS=$cadi_keystore_password_p12 + export KEYMANAGER_PASS=$cadi_keystore_password_p12 + export TRUSTSTORE_PASS=$cadi_truststore_password + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output + cd /config-input && \ + for PFILE in `find . -not -type d | grep -v -F ..` + do + envsubst <${PFILE} >/config-output/${PFILE} + chmod 0755 /config-output/${PFILE} + done + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: {{ include "common.fullname" . }}-environments mountPath: /config-input/ - name: sdc-environments-output mountPath: /config-output/ + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi + {{- end }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - "-c" + - | + sed -i '/trustStorePassword/d' ${JETTY_BASE}/startup.sh + ${JETTY_BASE}/startup.sh + {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} @@ -94,11 +124,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: HOST_IP valueFrom: fieldRef: @@ -108,10 +137,10 @@ spec: volumeMounts: - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime @@ -131,7 +160,7 @@ spec: command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/catalog-fe/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] # side car containers - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf @@ -141,13 +170,17 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data - volumes: + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime - - name: sdc-cert - secret: - secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap diff --git a/kubernetes/sdc/charts/sdc-be/templates/ingress.yaml b/kubernetes/sdc/components/sdc-fe/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/ingress.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/ingress.yaml diff --git a/kubernetes/sdc/charts/sdc-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-fe/templates/service.yaml index 2133990b60..db8b59c2ce 100644 --- a/kubernetes/sdc/charts/sdc-fe/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T, ZTE # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service @@ -37,7 +39,7 @@ metadata: spec: type: {{ .Values.service.type }} ports: - {{ if not .Values.global.security.disableHttp }} + {{ if not .Values.security.disableHttp }} # setting http port only if enabled {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} diff --git a/kubernetes/sdc/charts/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml index ff1890ca66..0db5a390c8 100644 --- a/kubernetes/sdc/charts/sdc-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-fe/values.yaml @@ -18,17 +18,37 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 + aafEnabled: true + +################################################################# +# AAF Part +################################################################# +certInitializer: + nameOverride: sdc-fe-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: sdc + fqi: sdc@sdc.onap.org + public_fqdn: sdc.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + addconfig: true + keystoreFile: "org.onap.sdc.p12" + truststoreFile: "org.onap.sdc.trust.jks" + permission_user: 352070 + permission_group: 35953 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/sdc-frontend:1.6.7 +image: onap/sdc-frontend:1.7.3 + pullPolicy: Always config: @@ -41,6 +61,13 @@ config: workflow_discovery_url: "https://sdc-wfd-fe:8443/workflows" workflow_source_url: "https://sdc.workflow.plugin.simpledemo.onap.org:30256/workflows/" +#environment file +env: + name: AUTO + +security: + disableHttp: true + # default number of instances replicaCount: 1 @@ -93,16 +120,16 @@ flavor: small resources: small: limits: - cpu: 1 - memory: 4Gi + cpu: 500m + memory: 2Gi requests: - cpu: 10m + cpu: 40m memory: 1Gi large: limits: - cpu: 2 - memory: 8Gi + cpu: 1 + memory: 4Gi requests: - cpu: 20m + cpu: 80m memory: 2Gi unlimited: {} diff --git a/kubernetes/sdc/charts/sdc-fe/.helmignore b/kubernetes/sdc/components/sdc-onboarding-be/.helmignore index daebc7da77..daebc7da77 100644 --- a/kubernetes/sdc/charts/sdc-fe/.helmignore +++ b/kubernetes/sdc/components/sdc-onboarding-be/.helmignore diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/Chart.yaml b/kubernetes/sdc/components/sdc-onboarding-be/Chart.yaml index dadcc730d0..dadcc730d0 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/Chart.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-onboarding-be/requirements.yaml b/kubernetes/sdc/components/sdc-onboarding-be/requirements.yaml new file mode 100644 index 0000000000..5b3c7a6575 --- /dev/null +++ b/kubernetes/sdc/components/sdc-onboarding-be/requirements.yaml @@ -0,0 +1,26 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-onboarding-be/resources/config/logging/logback.xml index 515076fe30..515076fe30 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/resources/config/logging/logback.xml +++ b/kubernetes/sdc/components/sdc-onboarding-be/resources/config/logging/logback.xml diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/NOTES.txt b/kubernetes/sdc/components/sdc-onboarding-be/templates/NOTES.txt index edfb08642a..edfb08642a 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/NOTES.txt +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/configmap.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/configmap.yaml index ea5009914a..aa632f33f4 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/configmap.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T, ZTE # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml index db9876fcb4..5c530fea72 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, AT&T, Bell Canada # Modifications Copyright © 2018 ZTE # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -34,12 +36,12 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - name: {{ include "common.name" . }}-job-completion - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" command: - - /root/job_complete.py + - /app/ready.py args: - --job-name - {{ include "common.release" . }}-sdc-onboarding-be-cassandra-init @@ -49,36 +51,54 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi + {{- if .Values.global.aafEnabled }} - name: {{ include "common.name" . }}-update-config - image: "{{ .Values.global.envsubstImage }}" + image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - sh + - sh args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" - env: - - name: KEYSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: keystore_password - - name: TRUSTSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: truststore_password - volumeMounts: + - "-c" + - | + export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export KEYSTORE_PASS=$cadi_keystore_password_p12 + export KEYMANAGER_PASS=$cadi_keystore_password_p12 + export TRUSTSTORE_PASS=$cadi_truststore_password + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output + cd /config-input && \ + for PFILE in `find . -not -type d | grep -v -F ..` + do + envsubst <${PFILE} >/config-output/${PFILE} + chmod 0755 /config-output/${PFILE} + done + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: {{ include "common.fullname" . }}-environments mountPath: /config-input/ - name: sdc-environments-output mountPath: /config-output/ + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi + {{- end }} - name: volume-permissions image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /bin/sh - - -c + - sh + args: + - "-c" - | chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert securityContext: @@ -86,9 +106,16 @@ spec: volumeMounts: - name: {{ include "common.fullname" . }}-cert-storage mountPath: "/onboard/cert" + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -109,15 +136,14 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} - name: SDC_CLUSTER_NAME - value: "SDC-CS-{{ .Values.global.env.name }}" + value: "SDC-CS-{{ .Values.env.name }}" - name: cassandra_ssl_enabled value: {{ .Values.config.cassandraSslEnabled | quote }} - name: HOST_IP @@ -135,10 +161,10 @@ spec: volumeMounts: - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime @@ -146,18 +172,18 @@ spec: readOnly: true - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap + - name: {{ include "common.fullname" . }}-cert-storage + mountPath: "{{ .Values.cert.certDir }}" - name: {{ include "common.fullname" . }}-logback mountPath: /tmp/logback.xml subPath: logback.xml - - name: {{ include "common.fullname" . }}-cert-storage - mountPath: "{{ .Values.cert.certDir }}" lifecycle: postStart: exec: command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/onboarding-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] # side car containers - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf @@ -167,13 +193,17 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data - volumes: + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime - - name: sdc-cert - secret: - secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/job.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml index 0e5e63b772..c8edb29a28 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, AT&T, Bell Canada # Modifications Copyright © 2018 ZTE # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: batch/v1 kind: Job @@ -34,29 +36,38 @@ spec: restartPolicy: Never initContainers: - name: {{ include "common.name" . }}-job-completion - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" command: - - /root/job_complete.py + - /app/ready.py args: - --job-name - {{ include "common.release" . }}-sdc-cs-config-cassandra + - "-t" + - "20" env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi containers: - name: {{ include "common.name" . }}-job - image: "{{ include "common.repository" . }}/{{ .Values.onboardingInitImage }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.onboardingInitImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-environments mountPath: /home/sdc/chef-solo/environments/ env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: HOST_IP valueFrom: fieldRef: @@ -72,6 +83,13 @@ spec: secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: cs_password} - name: CS_HOST_IP value: "{{ .Values.global.cassandra.serviceName }}" + resources: + limits: + cpu: 800m + memory: 1024Mi + requests: + cpu: 200m + memory: 200Mi volumes: - name: {{ include "common.fullname" . }}-environments configMap: diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/pv.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/pv.yaml index bc110c3b0f..bc110c3b0f 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/pv.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/pv.yaml diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/pvc.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/pvc.yaml index 006d736b63..006d736b63 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/pvc.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/pvc.yaml diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/service.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml index ad6650aa86..2ee87eeb33 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T, ZTE # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml index bdd99953bd..553ec72260 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml @@ -18,18 +18,49 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 + aafEnabled: true + persistence: {} + cassandra: + #This flag allows SDC to instantiate its own cluster, serviceName + #should be sdc-cs if this flag is enabled + localCluster: false + #The cassandra service name to connect to (default: shared cassandra service) + serviceName: cassandra + #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled + #to match with its own cluster replica + replicaCount: 3 + clusterName: cassandra + dataCenter: Pod + +################################################################# +# AAF Part +################################################################# +certInitializer: + nameOverride: sdc-onboarding-be-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: sdc + fqi: sdc@sdc.onap.org + public_fqdn: sdc.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + addconfig: true + keystoreFile: "org.onap.sdc.p12" + truststoreFile: "org.onap.sdc.trust.jks" + permission_user: 352070 + permission_group: 35953 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/sdc-onboard-backend:1.6.7 -onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.7 +image: onap/sdc-onboard-backend:1.7.3 +onboardingInitImage: onap/sdc-onboard-cassandra-init:1.7.3 pullPolicy: Always # flag to enable debugging - application support required @@ -39,6 +70,10 @@ config: javaOptions: "-Xmx1g -Xms1g" cassandraSslEnabled: "false" +#environment file +env: + name: AUTO + # default number of instances replicaCount: 1 @@ -116,16 +151,16 @@ flavor: small resources: small: limits: - cpu: 1 - memory: 4Gi + cpu: 500m + memory: 2Gi requests: - cpu: 10m + cpu: 40m memory: 1Gi large: limits: - cpu: 2 - memory: 8Gi + cpu: 1 + memory: 4Gi requests: - cpu: 20m + cpu: 80m memory: 2Gi unlimited: {} diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/.helmignore b/kubernetes/sdc/components/sdc-wfd-be/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/pomba/charts/pomba-sdncctxbuilder/.helmignore +++ b/kubernetes/sdc/components/sdc-wfd-be/.helmignore diff --git a/kubernetes/sdc/charts/sdc-wfd-be/Chart.yaml b/kubernetes/sdc/components/sdc-wfd-be/Chart.yaml index 7201db2fee..7201db2fee 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/Chart.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-wfd-be/requirements.yaml b/kubernetes/sdc/components/sdc-wfd-be/requirements.yaml new file mode 100644 index 0000000000..4bbe175a80 --- /dev/null +++ b/kubernetes/sdc/components/sdc-wfd-be/requirements.yaml @@ -0,0 +1,26 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/NOTES.txt b/kubernetes/sdc/components/sdc-wfd-be/templates/NOTES.txt index a3c79b12a4..a3c79b12a4 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/templates/NOTES.txt +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/_helper.tpl b/kubernetes/sdc/components/sdc-wfd-be/templates/_helper.tpl index 298a2cd673..298a2cd673 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/templates/_helper.tpl +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/_helper.tpl diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml index 135b1f8207..9defb8e1ce 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, AT&T, Bell Canada # Modifications Copyright © 2018 ZTE # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -34,13 +36,13 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} {{- if .Values.initJob.enabled }} - name: {{ include "common.name" . }}-job-completion - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" command: - - /root/job_complete.py + - /app/ready.py args: - --job-name - {{ include "common.fullname" . }}-workflow-init @@ -50,11 +52,32 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi {{ end }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - "-c" + - | + export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export SERVER_SSL_KEY_PASSWORD=$cadi_keystore_password_p12 + export KEYMANAGER_PASS=$cadi_keystore_password_p12 + export SERVER_SSL_TRUST_PASSWORD=$cadi_truststore_password + export SERVER_SSL_KEYSTORE_PATH={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} + export SERVER_SSL_TRUSTSTORE_PATH={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} + ./startup.sh + {{- end }} ports: - containerPort: {{ template "wfd-be.internalPort" . }} # disable liveness probe when breakpoints set in debugger @@ -106,28 +129,10 @@ spec: value: "{{ .Values.config.serverSSLEnabled }}" - name: SERVER_SSL_KEYSTORE_TYPE value: "{{ .Values.config.serverSSLKeyStoreType }}" - - name: SERVER_SSL_KEYSTORE_PATH - value: "{{ .Values.config.serverSSLKeyStorePath }}" - - name: SERVER_SSL_KEY_PASSWORD - valueFrom: - secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: keystore_password} - name: SERVER_SSL_TRUSTSTORE_TYPE value: "{{ .Values.config.serverSSLTrustStoreType }}" - - name: SERVER_SSL_TRUSTSTORE_PATH - value: "{{ .Values.config.serverSSLTrustStorePath }}" - - name: SERVER_SSL_TRUST_PASSWORD - valueFrom: - secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: truststore_password} - volumeMounts: - - name: sdc-cert - mountPath: /keystore - subPath: org.onap.sdc.p12 - - name: sdc-cert - mountPath: /truststore - subPath: org.onap.sdc.trust.jks - volumes: - - name: sdc-cert - secret: - secretName: sdc-cert + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + resources: {{ include "common.resources" . | nindent 12 }} + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/ingress.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/ingress.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml new file mode 100644 index 0000000000..f7b0cfa04b --- /dev/null +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml @@ -0,0 +1,82 @@ +{{/* +# Copyright © 2017 Amdocs, AT&T, Bell Canada +# Modifications Copyright © 2018 ZTE +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ if .Values.initJob.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-workflow-init + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-job + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + backoffLimit: 20 + template: + metadata: + labels: + app: {{ include "common.name" . }}-job + release: {{ include "common.release" . }} + spec: + restartPolicy: Never + initContainers: + - name: {{ include "common.name" . }}-init-readiness + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /app/ready.py + args: + - --job-name + - {{ include "common.release" . }}-sdc-cs-config-cassandra + - "-t" + - "20" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi + containers: + - name: {{ include "common.name" . }}-job + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.configInitImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CS_HOST + value: "{{ .Values.global.cassandra.serviceName }}" + - name: CS_PORT + value: "{{ .Values.config.cassandraClientPort }}" + - name: CS_AUTHENTICATE + value: "{{ .Values.config.cassandraAuthenticationEnabled }}" + - name: CS_USER + valueFrom: + secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user} + - name: CS_PASSWORD + valueFrom: + secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password} + resources: {{ include "common.resources" . | nindent 12 }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{ end }} diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/service.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml index d9ea066ab3..2af5e2ba26 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T, ZTE @@ -13,6 +14,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/components/sdc-wfd-be/values.yaml index 8bab2c84ea..4aebe7ab9a 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/values.yaml @@ -18,18 +18,48 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 + aafEnabled: true + cassandra: + #This flag allows SDC to instantiate its own cluster, serviceName + #should be sdc-cs if this flag is enabled + localCluster: false + #The cassandra service name to connect to (default: shared cassandra service) + serviceName: cassandra + #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled + #to match with its own cluster replica + replicaCount: 3 + clusterName: cassandra + dataCenter: Pod + +################################################################# +# AAF Part +################################################################# +certInitializer: + nameOverride: sdc-wfd-be-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: sdc + fqi: sdc@sdc.onap.org + public_fqdn: sdc.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + addconfig: true + keystoreFile: "org.onap.sdc.p12" + truststoreFile: "org.onap.sdc.trust.jks" + permission_user: 352070 + permission_group: 35953 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/workflow-backend:1.6.4 -configInitImage: onap/workflow-init:1.6.4 +image: onap/sdc-workflow-backend:1.7.0 +configInitImage: onap/sdc-workflow-init:1.7.0 pullPolicy: Always initJob: @@ -39,22 +69,19 @@ config: javaOptions: "-Xmx1536m -Xms1536m" cassandraAuthenticationEnabled: true cassandraClientPort: 9042 - sdcProtocol: HTTPS sdcEndpoint: sdc-be:8443 sdcExternalUser: workflow - serverSSLEnabled: true - serverSSLKeyStoreType: jks - serverSSLKeyStorePath: /home/sdc/etc/keystore - serverSSLTrustStoreType: jks - serverSSLTrustStorePath: /home/sdc/etc/truststore - cassandraSSLEnabled: false cassandraTrustStorePath: /home/sdc/etc/truststore +# environment file +env: + name: AUTO + # default number of instances replicaCount: 1 @@ -83,7 +110,6 @@ service: externalPort2: 8443 nodePort: "57" # only one node port. set to http or https port depending on isHttpsEnabled property - ingress: enabled: false service: @@ -92,22 +118,23 @@ ingress: port: 8443 config: ssl: "redirect" - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi + +# Resource Limit flavor -By Default using small +# Segregation for Different environment (Small and Large) +flavor: small +resources: + small: + limits: + cpu: 500m + memory: 2Gi + requests: + cpu: 40m + memory: 1Gi + large: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 80m + memory: 2Gi + unlimited: {} diff --git a/kubernetes/pomba/charts/pomba-search-data/.helmignore b/kubernetes/sdc/components/sdc-wfd-fe/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/pomba/charts/pomba-search-data/.helmignore +++ b/kubernetes/sdc/components/sdc-wfd-fe/.helmignore diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/Chart.yaml b/kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml index d5ef0a4db7..d5ef0a4db7 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/Chart.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml b/kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml new file mode 100644 index 0000000000..4bbe175a80 --- /dev/null +++ b/kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml @@ -0,0 +1,26 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/NOTES.txt b/kubernetes/sdc/components/sdc-wfd-fe/templates/NOTES.txt index a3c79b12a4..a3c79b12a4 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/NOTES.txt +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/_helper.tpl b/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl index 546bab7ddf..546bab7ddf 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/_helper.tpl +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml index 57d849cafe..7a8cf8fb34 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -33,10 +35,10 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - name: {{ include "common.name" . }}-readiness command: - - /root/ready.py + - /app/ready.py args: - --container-name - "sdc-wfd-be" @@ -46,12 +48,55 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi + {{- if .Values.global.aafEnabled }} + - name: {{ include "common.fullname" . }}-move-cert + command: + - /bin/sh + args: + - -c + - | + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /sdc-certs/{{ .Values.certInitializer.keystoreFile }} + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /sdc-certs/{{ .Values.certInitializer.truststoreFile }} + cp {{ .Values.certInitializer.credsPath }}/mycreds.prop /sdc-certs/mycreds.prop + image: {{ include "repositoryGenerator.image.busybox" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + - name: sdc-certs + mountPath: /sdc-certs + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi + {{- end }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - "-c" + - | + export $(grep '^c' /sdc-certs/mycreds.prop | xargs -0) + export KEYSTORE_PASS=$cadi_keystore_password_p12 + export TRUSTSTORE_PASS=$cadi_truststore_password + export KEYSTORE_PATH=/etc/{{ .Values.certInitializer.keystoreFile }} + export TRUSTSTORE_PATH=/etc/{{ .Values.certInitializer.truststoreFile }} + ./startup.sh + {{- end }} ports: - containerPort: {{ template "wfd-fe.internalPort" . }} {{ if .Values.liveness.enabled }} @@ -68,7 +113,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} - name: BACKEND @@ -76,16 +121,6 @@ spec: - name: IS_HTTPS value: "{{ .Values.config.isHttpsEnabled}}" {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }} - - name: KEYSTORE_PASS - valueFrom: - secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: keystore_password} - - name: TRUSTSTORE_PASS - valueFrom: - secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: truststore_password} - - name: TRUSTSTORE_PATH - value: "{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }}" - - name: KEYSTORE_PATH - value: "{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }}" - name: TRUST_ALL value: "{{ .Values.config.isTrustAll}}" {{ end }} @@ -93,14 +128,18 @@ spec: - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true - - name: sdc-cert - mountPath: /var/lib/jetty/etc/org.onap.sdc.p12 - subPath: org.onap.sdc.p12 - - name: sdc-cert - mountPath: /var/lib/jetty/etc/org.onap.sdc.trust.jks - subPath: org.onap.sdc.trust.jks - resources: -{{ include "common.resources" . | indent 12 }} + {{- if .Values.global.aafEnabled }} + - name: sdc-certs + mountPath: /sdc-certs/mycreds.prop + subPath: mycreds.prop + - name: sdc-certs + mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.keystoreFile }} + subPath: {{ .Values.certInitializer.keystoreFile }} + - name: sdc-certs + mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.truststoreFile }} + subPath: {{ .Values.certInitializer.truststoreFile }} + {{ end }} + resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} @@ -111,7 +150,7 @@ spec: {{- end }} # side car containers - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf @@ -121,13 +160,22 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data - volumes: + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime - - name: sdc-cert - secret: - secretName: sdc-cert + {{- if .Values.global.aafEnabled }} + - name: sdc-certs + emptyDir: + medium: "Memory" + {{- end }} - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/ingress.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/ingress.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/ingress.yaml diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml index 96e1c0aee4..bc838ac22f 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 ZTE # Modifications Copyright © 2018 AT&T, Amdocs, Bell Canada # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml index 359c33ab61..ff8aebf6b2 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml @@ -18,17 +18,36 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 + aafEnabled: true + +################################################################# +# AAF Part +################################################################# +certInitializer: + nameOverride: sdc-wfd-fe-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: sdc + fqi: sdc@sdc.onap.org + public_fqdn: sdc.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + addconfig: true + keystoreFile: "org.onap.sdc.p12" + truststoreFile: "org.onap.sdc.trust.jks" + permission_user: 352070 + permission_group: 35953 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/workflow-frontend:1.6.4 +image: onap/sdc-workflow-frontend:1.7.0 pullPolicy: Always # flag to enable debugging - application support required @@ -41,11 +60,13 @@ config: # following flag decides whether to check the certificate on the outgoing proxy request or whether to trust all parties isTrustAll: true # https relevant settings. Change in case you have other trust files then default ones. + +#environment file +env: + name: AUTO + security: isDefaultStore: false - truststoreFilename: "org.onap.sdc.trust.jks" - keystoreFilename: "org.onap.sdc.p12" - storePath: "etc" # default number of instances replicaCount: 1 @@ -89,21 +110,22 @@ ingress: nginx.ingress.kubernetes.io/backend-protocol: "HTTP" nginx.ingress.kubernetes.io/rewrite-target: "/workflows/" -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi +# Resource Limit flavor -By Default using small +# Segregation for Different environment (Small and Large) +flavor: small +resources: + small: + limits: + cpu: 500m + memory: 2Gi + requests: + cpu: 40m + memory: 1Gi + large: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 80m + memory: 2Gi + unlimited: {} diff --git a/kubernetes/sdc/requirements.yaml b/kubernetes/sdc/requirements.yaml index 2ce7b9dc24..1b7cd0ebb1 100644 --- a/kubernetes/sdc/requirements.yaml +++ b/kubernetes/sdc/requirements.yaml @@ -14,15 +14,23 @@ # limitations under the License. dependencies: - - name: common + - name: sdc-be version: ~6.x-0 - repository: '@local' - - - name: cassandra + repository: 'file://components/sdc-be' + - name: sdc-cs version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local' - condition: global.cassandra.localCluster - + repository: 'file://components/sdc-cs' + - name: sdc-fe + version: ~6.x-0 + repository: 'file://components/sdc-fe' + - name: sdc-onboarding-be + version: ~6.x-0 + repository: 'file://components/sdc-onboarding-be' + - name: sdc-wfd-be + version: ~6.x-0 + repository: 'file://components/sdc-wfd-be' + condition: sdc-wfd.enabled + - name: sdc-wfd-fe + version: ~6.x-0 + repository: 'file://components/sdc-wfd-fe' + condition: sdc-wfd.enabled
\ No newline at end of file diff --git a/kubernetes/sdc/resources/cert/org.onap.sdc.p12 b/kubernetes/sdc/resources/cert/org.onap.sdc.p12 Binary files differdeleted file mode 100644 index 446856071b..0000000000 --- a/kubernetes/sdc/resources/cert/org.onap.sdc.p12 +++ /dev/null diff --git a/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks b/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks Binary files differdeleted file mode 100644 index e6686cc08c..0000000000 --- a/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks +++ /dev/null diff --git a/kubernetes/sdc/resources/config/environments/AUTO.json b/kubernetes/sdc/resources/config/environments/AUTO.json index 2bd165b723..79428f73c6 100755 --- a/kubernetes/sdc/resources/config/environments/AUTO.json +++ b/kubernetes/sdc/resources/config/environments/AUTO.json @@ -1,6 +1,6 @@ { - "name": "{{ .Values.global.env.name }}", - "description": "OpenSource-{{ .Values.global.env.name }}", + "name": "{{ .Values.env.name }}", + "description": "OpenSource-{{ .Values.env.name }}", "cookbook_versions": { "Deploy-SDandC": "= 1.0.0" }, @@ -12,9 +12,6 @@ "CS_VIP": "{{.Values.global.cassandra.serviceName}}.{{include "common.namespace" .}}", "BE_VIP": "sdc-be.{{include "common.namespace" .}}", "ONBOARDING_BE_VIP": "sdc-onboarding-be.{{include "common.namespace" .}}", - "DCAE_BE_VIP": "sdc-dcae-be.{{include "common.namespace" .}}", - "DCAE_FE_VIP": "sdc-dcae-fe.{{include "common.namespace" .}}", - "DCAE_TOSCA_LAB_VIP": "sdc-dcae-tosca-lab.{{include "common.namespace" .}}", "FE_VIP": "sdc-fe.{{include "common.namespace" .}}", "interfaces": { "application": "eth0", @@ -107,7 +104,8 @@ }, "jetty": { "keystore_pwd": "${KEYSTORE_PASS}", - "truststore_pwd": "${TRUSTSTORE_PASS}" + "truststore_pwd": "${TRUSTSTORE_PASS}", + "keymanager_pwd": "${KEYMANAGER_PASS}" } } } diff --git a/kubernetes/sdc/resources/config/log/filebeat/filebeat.yml b/kubernetes/sdc/resources/config/log/filebeat/filebeat.yml index 3f75cdff73..59350f0097 100644 --- a/kubernetes/sdc/resources/config/log/filebeat/filebeat.yml +++ b/kubernetes/sdc/resources/config/log/filebeat/filebeat.yml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T, ZTE # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} filebeat.prospectors: #it is mandatory, in our case it's log diff --git a/kubernetes/sdc/templates/configmap.yaml b/kubernetes/sdc/templates/configmap.yaml index 5231e5f198..fbb0b4216c 100644 --- a/kubernetes/sdc/templates/configmap.yaml +++ b/kubernetes/sdc/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, AT&T, Bell Canada # Modifications Copyright © 2018 ZTE # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/sdc/templates/secrets.yaml b/kubernetes/sdc/templates/secrets.yaml index 6187104ce6..af6378d88b 100644 --- a/kubernetes/sdc/templates/secrets.yaml +++ b/kubernetes/sdc/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, AT&T, Bell Canada # Modifications Copyright © 2018 ZTE # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Secret @@ -36,17 +38,3 @@ data: keystore_password: "{{ .Values.global.secrets.keystore_password }}" # workflow wf_external_user_password: "{{ .Values.global.secrets.wf_external_user_password }}" ---- -apiVersion: v1 -kind: Secret -metadata: - name: sdc-cert - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/cert/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml index 2694b5de80..fef7dab310 100644 --- a/kubernetes/sdc/values.yaml +++ b/kubernetes/sdc/values.yaml @@ -15,8 +15,6 @@ global: persistence: {} - env: - name: AUTO secrets: sdc_user: YXNkY191c2Vy sdc_password: QWExMjM0JV4h @@ -26,10 +24,7 @@ global: truststore_password: eitLRWo7dCssS05eaWltU2lTODllI3Aw keystore_password: PyhrUCFZdXIhWyohWTUhRV5mKFpLYzMx wf_external_user_password: S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ== - ubuntuInitRepository: oomk8s - ubuntuInitImage: ubuntu-init:1.0.0 - busyboxRepository: registry.hub.docker.com - busyboxImage: library/busybox:latest + aafEnabled: true cassandra: #This flag allows SDC to instantiate its own cluster, serviceName #should be sdc-cs if this flag is enabled @@ -43,13 +38,17 @@ global: dataCenter: Pod security: disableHttp: true - envsubstImage: dibi/envsubst + +# Environment file +env: + name: AUTO + config: logstashServiceName: log-ls logstashPort: 5044 environment: workflowUrl: 10.0.2.15 - vnfRepoPort: 8702 + vnfRepoPort: 8703 #Used only if localCluster is enabled. Instantiates SDC's own cassandra cluster cassandra: @@ -60,3 +59,7 @@ cassandra: persistence: mountSubPath: sdc/sdc-cs/CS enabled: true + +# dependency / sub-chart configuration +sdc-wfd: + enabled: true diff --git a/kubernetes/sdnc/.helmignore b/kubernetes/sdnc/.helmignore index f0c1319444..7ddbad7ef4 100644 --- a/kubernetes/sdnc/.helmignore +++ b/kubernetes/sdnc/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +components/ diff --git a/kubernetes/sdnc/Makefile b/kubernetes/sdnc/Makefile index e4b5dda95d..32b3b728d7 100644 --- a/kubernetes/sdnc/Makefile +++ b/kubernetes/sdnc/Makefile @@ -19,7 +19,9 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -33,15 +35,19 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi - @helm repo index $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi +else + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi +endif + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/requirements.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/requirements.yaml deleted file mode 100644 index 6a61926e9e..0000000000 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/requirements.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~6.x-0 - repository: '@local'
\ No newline at end of file diff --git a/kubernetes/sdnc/charts/sdnc-portal/Chart.yaml b/kubernetes/sdnc/charts/sdnc-portal/Chart.yaml deleted file mode 100644 index 15dd2dde29..0000000000 --- a/kubernetes/sdnc/charts/sdnc-portal/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: SDN-C Admin Portal -name: sdnc-portal -version: 6.0.0
\ No newline at end of file diff --git a/kubernetes/sdnc/charts/sdnc-portal/requirements.yaml b/kubernetes/sdnc/charts/sdnc-portal/requirements.yaml deleted file mode 100644 index 6a61926e9e..0000000000 --- a/kubernetes/sdnc/charts/sdnc-portal/requirements.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~6.x-0 - repository: '@local'
\ No newline at end of file diff --git a/kubernetes/sdnc/charts/sdnc-portal/resources/config/admportal.json b/kubernetes/sdnc/charts/sdnc-portal/resources/config/admportal.json deleted file mode 100644 index e845e96b7f..0000000000 --- a/kubernetes/sdnc/charts/sdnc-portal/resources/config/admportal.json +++ /dev/null @@ -1,68 +0,0 @@ -{ - "MainMenu": "gamma", - "dbConnLimit": "100", - "home": "/opt/admportal", - "sslEnabled": "true", - "nonSslPort": "8543", - "ConexusNetworkPort": "{{.Values.service.internalPort}}", - "AppNetworkPort": "8543", - "clusterPort": "8443", - "serviceHomingServiceType": "SDN-ETHERNET-INTERNET", - "passwordKey": "QtfJMKggVk", - "preloadImportDirectory": "C:/data/csv", - "clusterPrefixURL": "/jolokia/read/org.opendaylight.controller:Category=Shards,name=member-", - "clusterMidURL": "-shard-", - "clusterSuffixURL": "-config,type=DistributedConfigDatastore", - "shards": [ - "default", - "inventory", - "topology" - ], - "dbFabric": "false", - "ip-addresses": { - "lo": "127.0.0.1", - "eth0": "127.0.0.1", - "docker0": "172.17.0.1", - "virbr0": "192.168.122.1" - }, - "svclogicPropertiesDb01": "{{.Values.config.configDir}}/svclogic.properties.sdnctldb01", - "databases": [ - "{{include "common.mariadbService" $}}|sdnc-sdnctldb01.{{.Release.Namespace}}" - ], - "dbFabricServer": "localhost", - "dbFabricPort": "32275", - "dbFabricGroupId": "hagroup1", - "dbFabricUser": "${DB_FABRIC_USER}", - "dbFabricPassword": "${DB_FABRIC_PASSWORD", - "dbFabricDB": "{{.Values.config.dbFabricDB}}", - "dbUser": "${SDNC_DB_USER}", - "dbPassword": "${SDNC_DB_PASSWORD}", - "dbName": "{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}", - "odlProtocol": "http", - "odlHost": "sdnc.{{.Release.Namespace}}", - "odlConexusHost": "sdnc.{{.Release.Namespace}}", - "odlPort": "8181", - "odlConexusPort": "8181", - "odlUser": "${ODL_USER}", - "odlPasswd": "${ODL_PASSWORD}", - "ConexusNetwork_sslCert": "{{.Values.config.storesDir}}/org.onap.sdnc.p12", - "ConexusNetwork_sslKey": "${KEYSTORE_PASSWORD}", - "AppNetwork_sslCert": "", - "AppNetwork_sslKey": "", - "hostnameList": [ - { - "hname": "localhost" - } - ], - "shard_list": [ - { - "shard_name": "default" - }, - { - "shard_name": "inventory" - }, - { - "shard_name": "topology" - } - ] -} diff --git a/kubernetes/sdnc/charts/sdnc-portal/resources/config/dblib.properties b/kubernetes/sdnc/charts/sdnc-portal/resources/config/dblib.properties deleted file mode 100644 index beb514e583..0000000000 --- a/kubernetes/sdnc/charts/sdnc-portal/resources/config/dblib.properties +++ /dev/null @@ -1,31 +0,0 @@ -### -# ============LICENSE_START======================================================= -# Copyright (C) 2018 ONAP Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -### -org.onap.ccsdk.sli.dbtype=jdbc -org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01 -org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}} -org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver -org.onap.ccsdk.sli.jdbc.database={{index $.Values "mariadb-galera" "config" "mysqlDatabase"}} -org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER} -org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD} -org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01 -org.onap.ccsdk.sli.jdbc.connection.timeout=50 -org.onap.ccsdk.sli.jdbc.request.timeout=100 -org.onap.ccsdk.sli.jdbc.limit.init=10 -org.onap.ccsdk.sli.jdbc.limit.min=10 -org.onap.ccsdk.sli.jdbc.limit.max=20 -org.onap.dblib.connection.recovery=false diff --git a/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties b/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties deleted file mode 100644 index a2570cd8a1..0000000000 --- a/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties +++ /dev/null @@ -1,5 +0,0 @@ -org.openecomp.sdnctl.sli.dbtype = jdbc -org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb01:3306/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}} -org.openecomp.sdnctl.sli.jdbc.database = {{index $.Values "mariadb-galera" "config" "mysqlDatabase"}} -org.openecomp.sdnctl.sli.jdbc.user = ${SDNC_DB_USER} -org.openecomp.sdnctl.sli.jdbc.password = ${SDNC_DB_PASSWORD} diff --git a/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties.sdnctldb02 b/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties.sdnctldb02 deleted file mode 100644 index 267bc2085a..0000000000 --- a/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties.sdnctldb02 +++ /dev/null @@ -1,5 +0,0 @@ -org.openecomp.sdnctl.sli.dbtype = jdbc -org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb02:3306/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}} -org.openecomp.sdnctl.sli.jdbc.database = {{index $.Values "mariadb-galera" "config" "mysqlDatabase"}} -org.openecomp.sdnctl.sli.jdbc.user = ${SDNC_DB_USER} -org.openecomp.sdnctl.sli.jdbc.password = ${SDNC_DB_PASSWORD} diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml b/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml deleted file mode 100644 index b0e85efdfd..0000000000 --- a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml +++ /dev/null @@ -1,152 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - command: - - sh - args: - - -c - - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" - env: - - name: SDNC_DB_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - - name: SDNC_DB_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - - name: DB_FABRIC_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "fabric-db-creds" "key" "login") | indent 10 }} - - name: DB_FABRIC_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "fabric-db-creds" "key" "password") | indent 10 }} - - name: ODL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }} - - name: ODL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }} - - name: KEYSTORE_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 10 }} - volumeMounts: - - mountPath: /config-input - name: config-input - - mountPath: /config - name: properties - image: "{{ .Values.global.envsubstImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config - - - command: - - /root/ready.py - args: - - --container-name - - {{ include "common.mariadbService" . }} - - --container-name - - {{ .Values.config.sdncChartName }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - containers: - - name: {{ include "common.name" . }} - command: ["/bin/bash"] - args: ["-c", "cd /opt/onap/sdnc/admportal/shell && ./start_portal.sh"] - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{ if .Values.liveness.enabled }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 14 }} - - name: SDNC_CONFIG_DIR - value: "{{ .Values.config.configDir }}" - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: {{ .Values.config.configDir }}/admportal.json - name: properties - subPath: admportal.json - - mountPath: {{ .Values.config.configDir }}/dblib.properties - name: properties - subPath: dblib.properties - - mountPath: {{ .Values.config.configDir }}/svclogic.properties - name: properties - subPath: svclogic.properties - - mountPath: {{ .Values.config.configDir }}/svclogic.properties.sdnctldb01 - name: properties - subPath: svclogic.properties - - mountPath: {{ .Values.config.configDir }}/svclogic.properties.sdnctldb02 - name: properties - subPath: svclogic.properties.sdnctldb02 - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: config-input - configMap: - name: {{ include "common.fullname" . }} - defaultMode: 0644 - - name: properties - emptyDir: - medium: Memory - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/service.yaml b/kubernetes/sdnc/charts/sdnc-portal/templates/service.yaml deleted file mode 100644 index 815035292b..0000000000 --- a/kubernetes/sdnc/charts/sdnc-portal/templates/service.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "sdnc-portal", - "version": "v1", - "url": "/", - "protocol": "UI", - "port": "{{ .Values.service.externalPort }}", - "visualRange":"0|1" - } - ]' -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/sdnc/charts/sdnc-portal/values.yaml b/kubernetes/sdnc/charts/sdnc-portal/values.yaml deleted file mode 100644 index f2ce269505..0000000000 --- a/kubernetes/sdnc/charts/sdnc-portal/values.yaml +++ /dev/null @@ -1,162 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - # envsusbt - envsubstImage: dibi/envsubst - - mariadbGalera: - #This flag allows SO to instantiate its own mariadb-galera cluster - #If shared instance is used, this chart assumes that DB already exists - localCluster: false - service: mariadb-galera - internalPort: 3306 - nameOverride: mariadb-galera - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: db-root-password - type: password - externalSecret: '{{ .Values.global.mariadbGalera.localCluster | ternary (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride"))) (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}' - password: '{{ index .Values "mariadb-galera" "config" "mariadbRootPassword" }}' - passwordPolicy: required - - uid: db-secret - name: &dbSecretName '{{ include "common.release" . }}-sdnc-portal-db-secret' - type: basicAuth - # This is a nasty trick that allows you override this secret using external one - # with the same field that is used to pass this to subchart - externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-portal-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}' - login: '{{ index .Values "mariadb-galera" "config" "userName" }}' - password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}' - passwordPolicy: required - - uid: odl-creds - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}' - login: '{{ .Values.config.odlUser }}' - password: '{{ .Values.config.odlPassword }}' - passwordPolicy: required - - uid: fabric-db-creds - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}' - login: '{{ .Values.config.dbFabricUser }}' - password: '{{ .Values.config.dbFabricPassword }}' - passwordPolicy: required - - uid: keystore-password - type: password - externalSecret: '{{ tpl (default "" .Values.config.KeyStorePwdExternalSecret) . }}' - password: '{{ .Values.config.keystorePwd }}' - passwordPolicy: required - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/admportal-sdnc-image:1.8.4 -config: - dbFabricDB: mysql - dbFabricUser: admin - dbFabricPassword: admin - # dbFabricDBCredsExternalSecret: some secret - sdncChartName: sdnc - configDir: /opt/onap/sdnc/data/properties - storesDir: /opt/onap/sdnc/data/stores - odlUser: admin - odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U - # odlCredsExternalSecret: some secret - keystorePwd: ff^G9D]yf&r}Ktum@BJ0YB?N - # keystorePwdExternalSecret: some secret - -mariadb-galera: - config: - userCredentialsExternalSecret: *dbSecretName - userName: sdnctl - userPassword: gamma - mysqlDatabase: sdnctl - nameOverride: sdnc-portal-galera - service: - name: sdnc-portal-galera - portName: sdnc-portal-galera - internalPort: 3306 - replicaCount: 1 - persistence: - enabled: true - mountSubPath: sdnc-portal/maria/data - -# default number of instances -replicaCount: 0 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 180 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 60 - periodSeconds: 10 - -service: - type: NodePort - name: sdnc-portal - portName: sdnc-portal - internalPort: 8443 - externalPort: 8443 - nodePort: "01" - -ingress: - enabled: false - service: - - baseaddr: "sdnc-portal.api" - name: "sdnc-portal" - port: 8443 - config: - ssl: "redirect" - -#Resource limit flavor -By default using small -flavor: small -#segregation for different environment (small and large) - -resources: - small: - limits: - cpu: 1 - memory: 1Gi - requests: - cpu: 0.5 - memory: 500Mi - large: - limits: - cpu: 2 - memory: 2Gi - requests: - cpu: 1 - memory: 1Gi - unlimited: {} diff --git a/kubernetes/sdnc/charts/ueb-listener/requirements.yaml b/kubernetes/sdnc/charts/ueb-listener/requirements.yaml deleted file mode 100644 index f99477141f..0000000000 --- a/kubernetes/sdnc/charts/ueb-listener/requirements.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~6.x-0 - repository: '@local' diff --git a/kubernetes/sdnc/components/Makefile b/kubernetes/sdnc/components/Makefile index 4e737638a6..313cca8c27 100644 --- a/kubernetes/sdnc/components/Makefile +++ b/kubernetes/sdnc/components/Makefile @@ -19,7 +19,9 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -33,15 +35,19 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi - @helm repo index $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi +else + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi +endif + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/sdnc/charts/dmaap-listener/Chart.yaml b/kubernetes/sdnc/components/dmaap-listener/Chart.yaml index 1ff1b22a11..1ff1b22a11 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/Chart.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/Chart.yaml diff --git a/kubernetes/pomba/charts/pomba-validation-service/requirements.yaml b/kubernetes/sdnc/components/dmaap-listener/requirements.yaml index f99477141f..f99477141f 100644 --- a/kubernetes/pomba/charts/pomba-validation-service/requirements.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/requirements.yaml diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/aai.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/aai.properties index 6a4ca4ca16..6a4ca4ca16 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/aai.properties +++ b/kubernetes/sdnc/components/dmaap-listener/resources/config/aai.properties diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dblib.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/dblib.properties index beb514e583..846abc2381 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dblib.properties +++ b/kubernetes/sdnc/components/dmaap-listener/resources/config/dblib.properties @@ -1,3 +1,4 @@ +{{/* ### # ============LICENSE_START======================================================= # Copyright (C) 2018 ONAP Intellectual Property. All rights reserved. @@ -15,6 +16,7 @@ # limitations under the License. # ============LICENSE_END========================================================= ### +*/}} org.onap.ccsdk.sli.dbtype=jdbc org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01 org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}} diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dhcpalert.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/dhcpalert.properties index d2b55fb131..d2b55fb131 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dhcpalert.properties +++ b/kubernetes/sdnc/components/dmaap-listener/resources/config/dhcpalert.properties diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties index 6d5afef190..6d5afef190 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties +++ b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties diff --git a/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties new file mode 100644 index 0000000000..f114a9c65b --- /dev/null +++ b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties @@ -0,0 +1,35 @@ +TransportType=HTTPNOAUTH +Latitude =50.000000 +Longitude =-100.000000 +Version =1.0 +ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events +Environment =TEST +Partner = +routeOffer=MR1 +SubContextPath =/ +Protocol =http +MethodType =GET +username =UNUSED +password =UNUSED +contenttype =application/json +authKey=UNUSED +authDate=UNUSED +host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} +topic=RAN-Slice-Mgmt +group=users +id=sdnc1 +timeout=15000 +limit=1000 +filter= +AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler +AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler +AFT_DME2_REQ_TRACE_ON=true +AFT_ENVIRONMENT=AFTUAT +AFT_DME2_EP_CONN_TIMEOUT=15000 +AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000 +AFT_DME2_EP_READ_TIMEOUT_MS=50000 +sessionstickinessrequired=NO +DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt +sdnc.odl.user=${ODL_USER} +sdnc.odl.password=${ODL_PASSWORD} +sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties index fcb56e08c3..fcb56e08c3 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties +++ b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties index a03871d428..a03871d428 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties +++ b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/lcm.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/lcm.properties index 15f32c4248..15f32c4248 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/lcm.properties +++ b/kubernetes/sdnc/components/dmaap-listener/resources/config/lcm.properties diff --git a/kubernetes/sdnc/charts/dmaap-listener/templates/configmap.yaml b/kubernetes/sdnc/components/dmaap-listener/templates/configmap.yaml index c41c3ef0d6..c41c3ef0d6 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/templates/configmap.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/templates/configmap.yaml diff --git a/kubernetes/sdnc/charts/dmaap-listener/templates/deployment.yaml b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml index adf2136e33..e3dfa869ee 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/templates/deployment.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml @@ -16,24 +16,15 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: selector: matchLabels: app: {{ include "common.name" . }} replicas: {{ .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - command: @@ -60,7 +51,7 @@ spec: name: {{ include "common.name" . }}-update-config - command: - - /root/ready.py + - /app/ready.py args: - --container-name - {{ include "common.mariadbService" . }} @@ -74,7 +65,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: @@ -113,6 +104,9 @@ spec: - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-oofpcipoc.properties name: properties subPath: dmaap-consumer-oofpcipoc.properties + - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-RANSlice.properties + name: properties + subPath: dmaap-consumer-RANSlice.properties resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/so/charts/so-appc-orchestrator/templates/secret.yaml b/kubernetes/sdnc/components/dmaap-listener/templates/secret.yaml index bd7eb8ea40..34932b713d 100644 --- a/kubernetes/so/charts/so-appc-orchestrator/templates/secret.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/templates/secret.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/sdnc/charts/dmaap-listener/templates/service.yaml b/kubernetes/sdnc/components/dmaap-listener/templates/service.yaml index 728ba05046..728ba05046 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/templates/service.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/templates/service.yaml diff --git a/kubernetes/sdnc/charts/dmaap-listener/values.yaml b/kubernetes/sdnc/components/dmaap-listener/values.yaml index 9fe8232532..0f3f18b6b2 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/values.yaml @@ -17,8 +17,7 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 + readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 # envsusbt @@ -56,7 +55,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-dmaap-listener-image:1.8.4 +image: onap/sdnc-dmaap-listener-image:2.0.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdc/charts/sdc-dcae-be/.helmignore b/kubernetes/sdnc/components/sdnc-ansible-server/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/sdc/charts/sdc-dcae-be/.helmignore +++ b/kubernetes/sdnc/components/sdnc-ansible-server/.helmignore diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/Chart.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/Chart.yaml index a8408165bf..a8408165bf 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/Chart.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/Chart.yaml diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/requirements.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/requirements.yaml index 6a61926e9e..6a61926e9e 100755..100644 --- a/kubernetes/pomba/charts/pomba-contextaggregator/requirements.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/requirements.yaml diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/resources/config/RestServer_config b/kubernetes/sdnc/components/sdnc-ansible-server/resources/config/RestServer_config index 7dc5c19e12..ce20cc98fe 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/resources/config/RestServer_config +++ b/kubernetes/sdnc/components/sdnc-ansible-server/resources/config/RestServer_config @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} # Host definition ip: 0.0.0.0 diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/configmap.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/templates/configmap.yaml index c41c3ef0d6..c41c3ef0d6 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/configmap.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/templates/configmap.yaml diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml index 16a12b34db..d6d05efbdd 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml @@ -16,24 +16,15 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: selector: matchLabels: app: {{ include "common.name" . }} replicas: {{ .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - command: @@ -60,7 +51,7 @@ spec: name: {{ include "common.name" . }}-update-config - command: - - /root/ready.py + - /app/ready.py args: - --container-name - {{ .Values.config.sdncChartName }} @@ -70,7 +61,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/secret.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/templates/secret.yaml index bd7eb8ea40..34932b713d 100644 --- a/kubernetes/so/charts/so-bpmn-infra/templates/secret.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/templates/secret.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/appc/charts/appc-ansible-server/templates/service.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/templates/service.yaml index 5a79d5b093..3543044eaf 100644 --- a/kubernetes/appc/charts/appc-ansible-server/templates/service.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service @@ -29,5 +31,5 @@ spec: targetPort: {{ .Values.service.internalPort }} name: {{ .Values.service.name }} selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }}
\ No newline at end of file + app.kubernetes.io/name: {{ include "common.name" . }} + app.kubernetes.io/instance: {{ include "common.release" . }} diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml index fc93a6ea32..080ae9c15f 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml @@ -17,8 +17,7 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 + readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 # envsusbt @@ -56,7 +55,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ansible-server-image:1.8.4 +image: onap/sdnc-ansible-server-image:2.0.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh index fb24653129..5a53fa1ca2 100755 --- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh @@ -1,4 +1,5 @@ #!/bin/bash +{{/* # Copyright © 2018 Amdocs # @@ -13,6 +14,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} debugLog(){ if [ "$enableDebugLogging" == true ]; then diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh index 8dd84bd3ea..9c81069812 100755 --- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh @@ -1,4 +1,5 @@ #!/bin/bash +{{/* # Copyright © 2018 Amdocs # @@ -13,6 +14,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} debugLog(){ if [ "$enableDebugLogging" == true ]; then diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh index c93ba24bd7..7764d00cc2 100755 --- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh @@ -1,4 +1,5 @@ #!/bin/bash +{{/* # Copyright © 2018 Amdocs # @@ -13,6 +14,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} if [ "${SDNC_IS_PRIMARY_CLUSTER:-true}" = "true" ];then id=sdnc01 diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.cluster b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.cluster index bdfa1a440b..5e815477e4 100755 --- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.cluster +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.cluster @@ -1,4 +1,5 @@ #!/bin/bash +{{/* # Copyright © 2018 Amdocs # @@ -13,6 +14,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} # query ODL cluster state USERNAME="{{.Values.odl.jolokia.username}}" diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.dnsswitch b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.dnsswitch index 209352c4e3..b6fcf166fd 100755 --- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.dnsswitch +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.dnsswitch @@ -1,4 +1,5 @@ #! /bin/bash +{{/* # Copyright © 2018 Amdocs # @@ -17,6 +18,7 @@ #################################################################################################### # sdncDnsSwitchWrapper.bash: Wrapper script to invoke SDNC DNS Switch for domain: sdnc.example.com # #################################################################################################### +*/}} ssh -i {{.Values.coreDNS.sshKeyFile}} -o StrictHostKeyChecking=no {{.Values.coreDNS.sshUser}}@{{.Values.coreDNS.host}} "{{.Values.coreDNS.switchScript}} $SDNC_LOCAL_K8S_CLUSTER_MASTER {{.Values.config.deployment}}" exit $? diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.failover b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.failover index e78b7eeee3..d9133e8477 100755 --- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.failover +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.failover @@ -1,4 +1,5 @@ #!/bin/bash +{{/* # Copyright © 2018 Amdocs # @@ -13,6 +14,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} LOGFILE="/app/geo.log" enableDebugLogging=true diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.monitor b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.monitor index 0042ac368a..7eac9a3fd5 100755 --- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.monitor +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.monitor @@ -1,4 +1,5 @@ #!/usr/bin/env python2 +{{/* # encoding: utf-8 # Copyright © 2018 Amdocs @@ -14,6 +15,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} import sys import os diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/switchVoting.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/switchVoting.sh index f13196e7e8..091643f174 100755 --- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/switchVoting.sh +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/switchVoting.sh @@ -1,3 +1,4 @@ +{{/* #/bin/sh # Copyright © 2018 Amdocs @@ -13,6 +14,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} set -e primary=${SDNC_IS_PRIMARY_CLUSTER:-true} diff --git a/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml b/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml index c702012694..1853ab937e 100644 --- a/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml +++ b/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml @@ -16,28 +16,19 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: selector: matchLabels: app: {{ include "common.name" . }} replicas: 1 + selector: {{- include "common.selectors" . | nindent 4 }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - sdnc @@ -49,7 +40,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: diff --git a/kubernetes/sdnc/components/sdnc-prom/values.yaml b/kubernetes/sdnc/components/sdnc-prom/values.yaml index 7216e81abf..9551bc4ffd 100644 --- a/kubernetes/sdnc/components/sdnc-prom/values.yaml +++ b/kubernetes/sdnc/components/sdnc-prom/values.yaml @@ -18,8 +18,7 @@ global: nodePortPrefix: 302 repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 + readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 persistence: diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/.helmignore b/kubernetes/sdnc/components/sdnc-web/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/sdc/charts/sdc-dcae-fe/.helmignore +++ b/kubernetes/sdnc/components/sdnc-web/.helmignore diff --git a/kubernetes/pnda/Chart.yaml b/kubernetes/sdnc/components/sdnc-web/Chart.yaml index 39310b35e1..869f7fc428 100644 --- a/kubernetes/pnda/Chart.yaml +++ b/kubernetes/sdnc/components/sdnc-web/Chart.yaml @@ -1,4 +1,4 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada +# Copyright © 2020 highstreet technologies GmbH # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +13,6 @@ # limitations under the License. apiVersion: v1 -description: ONAP DCAE PNDA -name: pnda +description: SDN-C Web Server +name: sdnc-web version: 6.0.0 diff --git a/kubernetes/sdnc/components/sdnc-web/requirements.yaml b/kubernetes/sdnc/components/sdnc-web/requirements.yaml new file mode 100644 index 0000000000..dcb280d037 --- /dev/null +++ b/kubernetes/sdnc/components/sdnc-web/requirements.yaml @@ -0,0 +1,22 @@ +# Copyright © 2020 highstreet technologies GmbH +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml b/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml new file mode 100644 index 0000000000..acaf1ae900 --- /dev/null +++ b/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml @@ -0,0 +1,108 @@ +{{/* +# Copyright © 2020 highstreet technologies GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: {{ include "common.certInitializer.initContainer" . | indent 6 }} + - name: {{ include "common.name" . }}-readiness + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /app/ready.py + args: + - --container-name + - {{ .Values.config.sdncChartName }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{- include "common.containerPorts" . | indent 10 }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{ if .Values.liveness.enabled }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + env: + - name: WEBPROTOCOL + value: {{ .Values.config.webProtocol }} + - name: WEBPORT + value: {{ .Values.config.webPort | quote }} + - name: SDNRPROTOCOL + value: {{ .Values.config.sdnrProtocol }} + - name: SDNRHOST + value: {{ .Values.config.sdnrHost }}.{{ include "common.namespace" . }} + - name: SDNRPORT + value: {{ .Values.config.sdnrPort | quote }} + - name: SSL_CERT_DIR + value: {{ .Values.config.sslCertDir }} + - name: SSL_CERTIFICATE + value: {{ .Values.config.sslCertiticate }} + - name: SSL_CERTIFICATE_KEY + value: {{ .Values.config.sslCertKey }} + {{ if .Values.config.transportpce.enabled }} + - name: TRPCEURL + value: {{ .Values.config.transportpce.transportpceUrl }} + {{ end }} + {{ if .Values.config.topologyserver.enabled }} + - name: TOPOURL + value: {{ .Values.config.topologyserver.topologyserverUrl }} + - name: TILEURL + value: {{ .Values.config.topologyserver.tileserverUrl }} + {{ end }} + + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + - mountPath: /etc/localtime + name: localtime + readOnly: true + + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} + - name: localtime + hostPath: + path: /etc/localtime + + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/requirements.yaml b/kubernetes/sdnc/components/sdnc-web/templates/service.yaml index 6a61926e9e..216073eee6 100644 --- a/kubernetes/pomba/charts/pomba-elasticsearch/requirements.yaml +++ b/kubernetes/sdnc/components/sdnc-web/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 highstreet technologies GmbH # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,8 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} +{{- include "common.service" . -}} -dependencies: - - name: common - version: ~6.x-0 - repository: '@local'
\ No newline at end of file diff --git a/kubernetes/sdnc/components/sdnc-web/values.yaml b/kubernetes/sdnc/components/sdnc-web/values.yaml new file mode 100644 index 0000000000..136379a7a2 --- /dev/null +++ b/kubernetes/sdnc/components/sdnc-web/values.yaml @@ -0,0 +1,129 @@ +# Copyright © 2020 highstreet technologies GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + aafEnabled: true + nodePortPrefix: 322 + readinessImage: onap/oom/readiness:3.0.1 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + k8scluster: svc.cluster.local +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: "onap/sdnc-web-image:2.0.4" +pullPolicy: Always + +config: + sdncChartName: sdnc + webProtocol: HTTPS + webPort: 8443 + sdnrProtocol: https + sdnrHost: "sdnc" + sdnrPort: "8443" + sslCertDir: "/opt/app/osaaf/local/certs" + sslCertiticate: "cert.pem" + sslCertKey: "key.pem" + transportpce: + enabled: false + transportpceUrl: http://transportpce.transportpce:8181 + topologyserver: + enabled: false + topologyserverUrl: http://toplogy-api-service.topology:3001 + tileserverUrl: https://tile.openstreetmap.org + + +################################################################# +# aaf configuration defaults. +################################################################# +certInitializer: + nameOverride: sdnc-web-cert-initializer + fqdn: "sdnc" + app_ns: "org.osaaf.aaf" + fqi: "sdnc@sdnc.onap.org" + fqi_namespace: "org.onap.sdnc" + public_fqdn: "sdnc.onap.org" + aafDeployFqi: "deployer@people.osaaf.org" + aafDeployPass: demo123456! + cadi_latitude: "38.0" + cadi_longitude: "-72.0" + credsPath: /opt/app/osaaf/local + aaf_add_config: > + cd /opt/app/osaaf/local; + mkdir -p certs; + export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0); + keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password; + openssl pkcs12 -in {{ .Values.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12; + cp {{ .Values.fqi_namespace }}.key certs/key.pem; + chmod -R 755 certs; + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 180 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 60 + periodSeconds: 10 + +service: + name: sdnc-web + suffix: service + type: NodePort + sessionAffinity: ClientIP + # for liveness and readiness probe only + # internalPort: + internalPort: 8443 + ports: + - name: "sdnc-web" + port: "8443" + nodePort: "05" + +#ingress: +# enabled: false + +#Resource limit flavor -By default using small +flavor: small +#segregation for different environment (small and large) +resources: + small: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 0.5 + memory: 500Mi + large: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 1 + memory: 1Gi + unlimited: {} diff --git a/kubernetes/sdnc/charts/ueb-listener/Chart.yaml b/kubernetes/sdnc/components/ueb-listener/Chart.yaml index 3195ab670d..3195ab670d 100644 --- a/kubernetes/sdnc/charts/ueb-listener/Chart.yaml +++ b/kubernetes/sdnc/components/ueb-listener/Chart.yaml diff --git a/kubernetes/sdnc/charts/dmaap-listener/requirements.yaml b/kubernetes/sdnc/components/ueb-listener/requirements.yaml index f99477141f..f99477141f 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/requirements.yaml +++ b/kubernetes/sdnc/components/ueb-listener/requirements.yaml diff --git a/kubernetes/sdnc/charts/ueb-listener/resources/config/dblib.properties b/kubernetes/sdnc/components/ueb-listener/resources/config/dblib.properties index b4e69d36f5..5d8c44998f 100644 --- a/kubernetes/sdnc/charts/ueb-listener/resources/config/dblib.properties +++ b/kubernetes/sdnc/components/ueb-listener/resources/config/dblib.properties @@ -1,3 +1,4 @@ +{{/* ### # ============LICENSE_START======================================================= # openECOMP : SDN-C @@ -18,6 +19,7 @@ # limitations under the License. # ============LICENSE_END========================================================= ### +*/}} # dblib.properties org.onap.ccsdk.sli.dbtype=jdbc diff --git a/kubernetes/sdnc/charts/ueb-listener/resources/config/ueb-listener.properties b/kubernetes/sdnc/components/ueb-listener/resources/config/ueb-listener.properties index 946773b18b..946773b18b 100644 --- a/kubernetes/sdnc/charts/ueb-listener/resources/config/ueb-listener.properties +++ b/kubernetes/sdnc/components/ueb-listener/resources/config/ueb-listener.properties diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/configmap.yaml b/kubernetes/sdnc/components/ueb-listener/templates/configmap.yaml index c41c3ef0d6..c41c3ef0d6 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/templates/configmap.yaml +++ b/kubernetes/sdnc/components/ueb-listener/templates/configmap.yaml diff --git a/kubernetes/sdnc/charts/ueb-listener/templates/deployment.yaml b/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml index 50fbede110..63a1f8ac18 100644 --- a/kubernetes/sdnc/charts/ueb-listener/templates/deployment.yaml +++ b/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml @@ -16,24 +16,15 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: selector: matchLabels: app: {{ include "common.name" . }} replicas: {{ .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - command: @@ -63,7 +54,7 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config - command: - - /root/ready.py + - /app/ready.py args: - --container-name - {{ include "common.mariadbService" . }} @@ -79,7 +70,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: diff --git a/kubernetes/sdnc/components/ueb-listener/templates/secret.yaml b/kubernetes/sdnc/components/ueb-listener/templates/secret.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/sdnc/components/ueb-listener/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/sdnc/charts/ueb-listener/templates/service.yaml b/kubernetes/sdnc/components/ueb-listener/templates/service.yaml index 728ba05046..728ba05046 100644 --- a/kubernetes/sdnc/charts/ueb-listener/templates/service.yaml +++ b/kubernetes/sdnc/components/ueb-listener/templates/service.yaml diff --git a/kubernetes/sdnc/charts/ueb-listener/values.yaml b/kubernetes/sdnc/components/ueb-listener/values.yaml index d9baeab11c..2b0da14424 100644 --- a/kubernetes/sdnc/charts/ueb-listener/values.yaml +++ b/kubernetes/sdnc/components/ueb-listener/values.yaml @@ -17,8 +17,7 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 + readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 # envsusbt @@ -62,7 +61,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ueb-listener-image:1.8.4 +image: onap/sdnc-ueb-listener-image:2.0.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/requirements.yaml b/kubernetes/sdnc/requirements.yaml index a283678bc5..fd57517e32 100644 --- a/kubernetes/sdnc/requirements.yaml +++ b/kubernetes/sdnc/requirements.yaml @@ -1,4 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2017 Amdocs, Bell Canada, +# Copyright © 2020 highstreet technologies GmbH # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,12 +20,17 @@ dependencies: - name: certInitializer version: ~6.x-0 repository: '@local' + - name: logConfiguration + version: ~6.x-0 + repository: '@local' - name: network-name-gen version: ~6.x-0 repository: '@local' + condition: network-name-gen.enabled - name: dgbuilder version: ~6.x-0 repository: '@local' + condition: dgbuilder.enabled - name: sdnc-prom version: ~6.x-0 repository: '@local' @@ -36,3 +42,24 @@ dependencies: - name: elasticsearch version: ~6.x-0 repository: '@local' + condition: config.sdnr.enabled + # conditions for sdnc-subcharts + - name: dmaap-listener + version: ~6.x-0 + repository: 'file://components/dmaap-listener/' + condition: sdnc.dmaap-listener.enabled,dmaap-listener.enabled + - name: ueb-listener + version: ~6.x-0 + repository: 'file://components/ueb-listener/' + condition: sdnc.ueb-listener.enabled,ueb-listener.enabled + - name: sdnc-ansible-server + version: ~6.x-0 + repository: 'file://components/sdnc-ansible-server/' + condition: sdnc.sdnc-ansible-server.enabled,sdnc-ansible-server.enabled + - name: sdnc-web + version: ~6.x-0 + repository: 'file://components/sdnc-web/' + condition: sdnc.sdnc-web.enabled,sdnc-web.enabled + + + diff --git a/kubernetes/sdnc/resources/config/bin/installSdncDb.sh b/kubernetes/sdnc/resources/config/bin/installSdncDb.sh index 754ff2c5cc..caf745c9d3 100755 --- a/kubernetes/sdnc/resources/config/bin/installSdncDb.sh +++ b/kubernetes/sdnc/resources/config/bin/installSdncDb.sh @@ -1,4 +1,5 @@ #!/bin/bash +{{/* ### # ============LICENSE_START======================================================= @@ -20,6 +21,7 @@ # limitations under the License. # ============LICENSE_END========================================================= ### +*/}} SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc} ETC_DIR=${ETC_DIR:-${SDNC_HOME}/data} diff --git a/kubernetes/sdnc/resources/config/bin/startODL.sh b/kubernetes/sdnc/resources/config/bin/startODL.sh deleted file mode 100755 index 6aa796a163..0000000000 --- a/kubernetes/sdnc/resources/config/bin/startODL.sh +++ /dev/null @@ -1,169 +0,0 @@ -#!/bin/bash - -### -# ============LICENSE_START======================================================= -# SDNC -# ================================================================================ -# Copyright © 2020 Samsung Electronics -# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -### - -# Append features to karaf boot feature configuration -# $1 additional feature to be added -# $2 repositories to be added (optional) -function addToFeatureBoot() { - CFG=$ODL_HOME/etc/org.apache.karaf.features.cfg - ORIG=$CFG.orig - if [ -n "$2" ] ; then - echo "Add repository: $2" - mv $CFG $ORIG - cat $ORIG | sed -e "\|featuresRepositories|s|$|,$2|" > $CFG - fi - echo "Add boot feature: $1" - mv $CFG $ORIG - cat $ORIG | sed -e "\|featuresBoot *=|s|$|,$1|" > $CFG -} - -# Append features to karaf boot feature configuration -# $1 search pattern -# $2 replacement -function replaceFeatureBoot() { - CFG=$ODL_HOME/etc/org.apache.karaf.features.cfg - ORIG=$CFG.orig - echo "Replace boot feature $1 with: $2" - sed -i "/featuresBoot/ s/$1/$2/g" $CFG -} - -function install_sdnrwt_features() { - addToFeatureBoot "$SDNRWT_BOOTFEATURES" $SDNRWT_REPOSITORY -} - -function enable_odl_cluster(){ - if [ -z $SDNC_REPLICAS ]; then - echo "SDNC_REPLICAS is not configured in Env field" - exit - fi - - #Be sure to remove feature odl-netconf-connector-all from list - replaceFeatureBoot "odl-netconf-connector-all," - - echo "Installing Opendaylight cluster features" - replaceFeatureBoot odl-netconf-topology odl-netconf-clustered-topology - replaceFeatureBoot odl-mdsal-all odl-mdsal-all,odl-mdsal-clustering - addToFeatureBoot odl-jolokia - #${ODL_HOME}/bin/client feature:install odl-mdsal-clustering - #${ODL_HOME}/bin/client feature:install odl-jolokia - - - echo "Update cluster information statically" - hm=$(hostname) - echo "Get current Hostname ${hm}" - - node=($(echo ${hm} | sed 's/-[0-9]*$//g')) - node_index=($(echo ${hm} | awk -F"-" '{print $NF}')) - member_offset=1 - - if $GEO_ENABLED; then - echo "This is a Geo cluster" - - if [ -z $IS_PRIMARY_CLUSTER ] || [ -z $MY_ODL_CLUSTER ] || [ -z $PEER_ODL_CLUSTER ]; then - echo "IS_PRIMARY_CLUSTER, MY_ODL_CLUSTER and PEER_ODL_CLUSTER must all be configured in Env field" - return - fi - - if $IS_PRIMARY_CLUSTER; then - PRIMARY_NODE=${MY_ODL_CLUSTER} - SECONDARY_NODE=${PEER_ODL_CLUSTER} - else - PRIMARY_NODE=${PEER_ODL_CLUSTER} - SECONDARY_NODE=${MY_ODL_CLUSTER} - member_offset=4 - fi - - node_list="${PRIMARY_NODE} ${SECONDARY_NODE}" - - /opt/onap/sdnc/bin/configure_geo_cluster.sh $((node_index+member_offset)) ${node_list} - else - echo "This is a local cluster" - - node_list="${node}-0.{{.Values.service.name}}-cluster.{{.Release.Namespace}}"; - - for ((i=1;i<${SDNC_REPLICAS};i++)); - do - node_list="${node_list} ${node}-$i.{{.Values.service.name}}-cluster.{{.Release.Namespace}}" - done - - /opt/opendaylight/current/bin/configure_cluster.sh $((node_index+1)) ${node_list} - fi -} - - -# Install SDN-C platform components if not already installed and start container - -ODL_HOME=${ODL_HOME:-/opt/opendaylight/current} -ODL_ADMIN_USERNAME=${ODL_ADMIN_USERNAME} -ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD} -SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc} -SDNC_BIN=${SDNC_BIN:-/opt/onap/sdnc/bin} -CCSDK_HOME=${CCSDK_HOME:-/opt/onap/ccsdk} -ENABLE_ODL_CLUSTER=${ENABLE_ODL_CLUSTER:-false} -GEO_ENABLED=${GEO_ENABLED:-false} -SDNC_AAF_ENABLED=${SDNC_AAF_ENABLED:-false} -SDNRWT=${SDNRWT:-false} -SDNRWT_BOOTFEATURES=${SDNRWT_BOOTFEATURES:-sdnr-wt-feature-aggregator} -export ODL_ADMIN_PASSWORD ODL_ADMIN_USERNAME - -echo "Settings:" -echo " ENABLE_ODL_CLUSTER=$ENABLE_ODL_CLUSTER" -echo " SDNC_REPLICAS=$SDNC_REPLICAS" -echo " SDNRWT=$SDNRWT" -echo " AAF_ENABLED=$SDNC_AAF_ENABLED" - - -if $SDNC_AAF_ENABLED; then - export SDNC_AAF_STORE_DIR=/opt/app/osaaf/local - export SDNC_AAF_CONFIG_DIR=/opt/app/osaaf/local - export SDNC_KEYPASS=`cat /opt/app/osaaf/local/.pass` - export SDNC_KEYSTORE=org.onap.sdnc.p12 - sed -i '/cadi_prop_files/d' $ODL_HOME/etc/system.properties - echo "cadi_prop_files=$SDNC_AAF_CONFIG_DIR/org.onap.sdnc.props" >> $ODL_HOME/etc/system.properties - - sed -i '/org.ops4j.pax.web.ssl.keystore/d' $ODL_HOME/etc/custom.properties - sed -i '/org.ops4j.pax.web.ssl.password/d' $ODL_HOME/etc/custom.properties - sed -i '/org.ops4j.pax.web.ssl.keypassword/d' $ODL_HOME/etc/custom.properties - echo org.ops4j.pax.web.ssl.keystore=$SDNC_AAF_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties - echo org.ops4j.pax.web.ssl.password=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties - echo org.ops4j.pax.web.ssl.keypassword=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties -fi - -if [ ! -f ${SDNC_HOME}/.installed ] -then - echo "Installing SDN-C keyStore" - ${SDNC_HOME}/bin/addSdncKeyStore.sh - - if $ENABLE_ODL_CLUSTER ; then enable_odl_cluster ; fi - - if $SDNRWT ; then install_sdnrwt_features ; fi - - echo "Installed at `date`" > ${SDNC_HOME}/.installed -fi - -cp /opt/opendaylight/current/certs/* /tmp - -nohup python ${SDNC_BIN}/installCerts.py & - - -exec ${ODL_HOME}/bin/karaf server diff --git a/kubernetes/sdnc/resources/config/conf/aaiclient.properties b/kubernetes/sdnc/resources/config/conf/aaiclient.properties index 5d4473c978..7021990da0 100755 --- a/kubernetes/sdnc/resources/config/conf/aaiclient.properties +++ b/kubernetes/sdnc/resources/config/conf/aaiclient.properties @@ -1,3 +1,4 @@ +{{/* ### # ============LICENSE_START======================================================= # openECOMP : SDN-C @@ -17,6 +18,7 @@ # limitations under the License. # ============LICENSE_END========================================================= ### +*/}} # # Configuration file for A&AI Client @@ -78,4 +80,4 @@ org.onap.ccsdk.sli.adaptors.aai.path.vnf.image.query=/aai/v13/service-design-and org.onap.ccsdk.sli.adaptors.aai.param.format=filter=%s:%s org.onap.ccsdk.sli.adaptors.aai.param.vnf_type=vnf-type org.onap.ccsdk.sli.adaptors.aai.param.physical.location.id=physical-location-id -org.onap.ccsdk.sli.adaptors.aai.param.service.type=service-type
\ No newline at end of file +org.onap.ccsdk.sli.adaptors.aai.param.service.type=service-type diff --git a/kubernetes/sdnc/resources/config/conf/blueprints-processor-adaptor.properties b/kubernetes/sdnc/resources/config/conf/blueprints-processor-adaptor.properties index 224e84b3a7..4ce1851658 100644 --- a/kubernetes/sdnc/resources/config/conf/blueprints-processor-adaptor.properties +++ b/kubernetes/sdnc/resources/config/conf/blueprints-processor-adaptor.properties @@ -1,3 +1,4 @@ +{{/* ### # Copyright � 2017-2018 AT&T Intellectual Property. # Modifications Copyright � 2018 IBM. @@ -17,6 +18,7 @@ # # Configuration file for SDNC Controller Module # +*/}} org.onap.ccsdk.features.blueprints.adaptors.envtype=solo diff --git a/kubernetes/sdnc/resources/config/conf/dblib.properties b/kubernetes/sdnc/resources/config/conf/dblib.properties index 1fb6fb8732..97daec079e 100644 --- a/kubernetes/sdnc/resources/config/conf/dblib.properties +++ b/kubernetes/sdnc/resources/config/conf/dblib.properties @@ -1,3 +1,4 @@ +{{/* ### # ============LICENSE_START======================================================= # Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. @@ -15,6 +16,7 @@ # limitations under the License. # ============LICENSE_END========================================================= ### +*/}} org.onap.ccsdk.sli.dbtype=jdbc org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01 org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{$.Values.config.dbSdnctlDatabase}} diff --git a/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties b/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties new file mode 100644 index 0000000000..a21ac0441c --- /dev/null +++ b/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties @@ -0,0 +1,31 @@ +[general] +dmaapEnabled={{.Values.config.sdnr.mountpointRegistrarEnabled | default "false"}} +{{ if .Values.global.aafEnabled }} +baseUrl=https://localhost:{{.Values.service.internalPort4}} +{{- else }} +baseUrl=http://localhost:{{.Values.service.internalPort}} +{{- end }} +sdnrUser=${ODL_ADMIN_USERNAME} +sdnrPasswd=${ODL_ADMIN_PASSWORD} + +[fault] +faultConsumerClass=org.onap.ccsdk.features.sdnr.wt.mountpointregistrar.impl.DMaaPFaultVESMsgConsumer +TransportType=HTTPNOAUTH +host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}} +topic=unauthenticated.SEC_FAULT_OUTPUT +contenttype=application/json +group=myG +id=C1 +timeout=50000 +limit=10000 + +[pnfRegistration] +pnfRegConsumerClass=org.onap.ccsdk.features.sdnr.wt.mountpointregistrar.impl.DMaaPPNFRegVESMsgConsumer +TransportType=HTTPNOAUTH +host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}} +topic=unauthenticated.VES_PNFREG_OUTPUT +contenttype=application/json +group=myG +id=C1 +timeout=50000 +limit=10000 diff --git a/kubernetes/sdnc/resources/config/conf/mountpoint-state-provider.properties b/kubernetes/sdnc/resources/config/conf/mountpoint-state-provider.properties new file mode 100644 index 0000000000..34f3cf9a4b --- /dev/null +++ b/kubernetes/sdnc/resources/config/conf/mountpoint-state-provider.properties @@ -0,0 +1,11 @@ +[general] +dmaapEnabled={{.Values.config.sdnr.mountpointStateProviderEnabled | default "false"}} +TransportType=HTTPNOAUTH +host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}} +topic=unauthenticated.SDNR_MOUNTPOINT_STATE_INFO +contenttype=application/json +timeout=20000 +limit=10000 +maxBatchSize=100 +maxAgeMs=250 +MessageSentThreadOccurance=50 diff --git a/kubernetes/sdnc/resources/config/conf/netbox.properties b/kubernetes/sdnc/resources/config/conf/netbox.properties index a768041945..c94e06091a 100755 --- a/kubernetes/sdnc/resources/config/conf/netbox.properties +++ b/kubernetes/sdnc/resources/config/conf/netbox.properties @@ -1,3 +1,4 @@ +{{/* # # Copyright (C) 2018 AT&T, Bell Canada. # @@ -13,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # +*/}} # Configuration file for Netbox client org.onap.ccsdk.sli.adaptors.netbox.url=http://netbox-app.{{.Release.Namespace}}:8001 diff --git a/kubernetes/sdnc/resources/config/conf/setenv b/kubernetes/sdnc/resources/config/conf/setenv index 7476e6849a..85af48ac1d 100644 --- a/kubernetes/sdnc/resources/config/conf/setenv +++ b/kubernetes/sdnc/resources/config/conf/setenv @@ -1,4 +1,5 @@ #!/bin/sh +{{/* # # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with @@ -50,12 +51,13 @@ # export KARAF_DEBUG # Enable debug mode # export KARAF_REDIRECT # Enable/set the std/err redirection when using bin/start # export KARAF_NOROOT # Prevent execution as root if set to true +*/}} if [ "x$JAVA_MAX_MEM" = "x" ]; then export JAVA_MAX_MEM="2048m" fi -EXTRA_JAVA_OPTS: "-XX:+UseG1GC -XX:MaxGCPauseMillis={{.Values.config.odl.javaOptions.maxGCPauseMillis}} \ - -XX:ParallelGCThreads={{.Values.config.odl.javaOptions.parallelGCThreads}} -XX:+ParallelRefProcEnabled \ - -XX:+UseStringDeduplication -XX:+PrintGC -XX:+PrintGCDateStamps -XX:+PrintGCDetails \ - -XX:+PrintGCTimeStamps -XX:+UseGCLogFileRotation \ - -XX:NumberOfGCLogFiles={{.Values.config.odl.javaOptions.numberGGLogFiles}} -Xloggc:/var/log/onap/sdnc/gc-%t.log" +EXTRA_JAVA_OPTS=${EXTRA_JAVA_OPTS:-"-XX:+UseG1GC \ + -XX:MaxGCPauseMillis={{.Values.config.odl.javaOptions.maxGCPauseMillis}} \ + -XX:ParallelGCThreads={{.Values.config.odl.javaOptions.parallelGCThreads}} \ + -XX:+ParallelRefProcEnabled \ + -XX:+UseStringDeduplication {{.Values.config.odl.javaOptions.gcLogOptions}}"} diff --git a/kubernetes/sdnc/resources/config/conf/svclogic.properties b/kubernetes/sdnc/resources/config/conf/svclogic.properties index adbba660c5..298bbccb9a 100644 --- a/kubernetes/sdnc/resources/config/conf/svclogic.properties +++ b/kubernetes/sdnc/resources/config/conf/svclogic.properties @@ -1,3 +1,4 @@ +{{/* ### # ============LICENSE_START======================================================= # openECOMP : SDN-C @@ -17,6 +18,7 @@ # limitations under the License. # ============LICENSE_END========================================================= ### +*/}} org.onap.ccsdk.sli.dbtype = jdbc org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{$.Values.config.dbSdnctlDatabase}} diff --git a/kubernetes/sdnc/resources/config/log/org.ops4j.pax.logging.cfg b/kubernetes/sdnc/resources/config/log/org.ops4j.pax.logging.cfg index a2daef1833..685a285021 100644 --- a/kubernetes/sdnc/resources/config/log/org.ops4j.pax.logging.cfg +++ b/kubernetes/sdnc/resources/config/log/org.ops4j.pax.logging.cfg @@ -1,3 +1,4 @@ +{{/* ################################################################################ # # Licensed to the Apache Software Foundation (ASF) under one or more @@ -17,6 +18,7 @@ # ################################################################################ # Properties used as default values in MDC +*/}} log4j2.property.ServiceName = INTERNAL log4j2.property.ErrorCode = 900 log4j2.property.ErrorDesc = UnknownError @@ -42,7 +44,7 @@ log4j2.rootLogger.appenderRef.Console.ref = Console log4j2.rootLogger.appenderRef.DebugFile.ref = DebugFile log4j2.rootLogger.appenderRef.ErrorFile.ref = ErrorFile log4j2.rootLogger.appenderRef.Console.filter.threshold.type = ThresholdFilter -log4j2.rootLogger.appenderRef.Console.filter.threshold.level = ${karaf.log.console:-OFF} +log4j2.rootLogger.appenderRef.Console.filter.threshold.level = ${env:KARAF_CONSOLE_LOG_LEVEL\:-OFF} log4j2.bundle.info = %X{bundle.id} - %.50X{bundle.name} - %X{bundle.version} # Veracode: Address Improper Output Neutralization for Logs CWE ID 117 flaw @@ -113,7 +115,6 @@ log4j2.appender.error.strategy.max = ${maxBackupIndex} log4j2.appender.error.strategy.fileIndex = min log4j2.appender.error.filter.threshold.type = ThresholdFilter log4j2.appender.error.filter.threshold.level = WARN -log4j2.appender.error.filter.threshold.match = ACCEPT log4j2.appender.metric.type = RollingRandomAccessFile log4j2.appender.metric.name = MetricFile @@ -163,7 +164,7 @@ log4j2.appender.rr.strategy.max = 100 log4j2.appender.rr.strategy.fileIndex = min log4j2.appender.security.type = RollingRandomAccessFile -log4j2.appender.security.name = securityRollingFile +log4j2.appender.security.name = SecurityFile log4j2.appender.security.fileName = ${logDirectory}/${securityLogName}.log log4j2.appender.security.filePattern = ${logDirectory}/${securityLogName}.log.%i log4j2.appender.security.append = true @@ -177,7 +178,7 @@ log4j2.appender.security.policies.size.size = ${maxFileSize} log4j2.logger.security.name = org.apache.karaf.jaas.modules.audit log4j2.logger.security.level = INFO log4j2.logger.security.additivity = false -log4j2.logger.security.appenderRef.AuditRollingFile.ref = AuditRollingFile +log4j2.logger.security.appenderRef.SecurityFile.ref = SecurityFile log4j2.logger.audit.name = org.onap.logging.filter.base.AbstractAuditLogFilter log4j2.logger.audit.level = INFO diff --git a/kubernetes/sdnc/resources/config/overrides/sdnc-versions.yaml b/kubernetes/sdnc/resources/config/overrides/sdnc-versions.yaml index c664860218..a27bccc246 100644 --- a/kubernetes/sdnc/resources/config/overrides/sdnc-versions.yaml +++ b/kubernetes/sdnc/resources/config/overrides/sdnc-versions.yaml @@ -4,8 +4,6 @@ sdnc: image: onap/sdnc-ansible-server-image:1.7.0 dmaap-listener: image: onap/sdnc-dmaap-listener-image:1.7.0 - sdnc-portal: - image: onap/admportal-sdnc-image:1.7.0 ueb-listener: image: onap/sdnc-ueb-listener-image:1.7.0 cds: diff --git a/kubernetes/sdnc/resources/env.yaml b/kubernetes/sdnc/resources/env.yaml index 6e38ae99d6..f02f8aef16 100644 --- a/kubernetes/sdnc/resources/env.yaml +++ b/kubernetes/sdnc/resources/env.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} SDNC_AAF_ENABLED: "{{ .Values.global.aafEnabled }}" SDNC_GEO_ENABLED: "{{ .Values.config.geoEnabled }}" diff --git a/kubernetes/sdnc/resources/geo/bin/sdnc.cluster b/kubernetes/sdnc/resources/geo/bin/sdnc.cluster index 87cdeffe89..bc285fb42d 100755 --- a/kubernetes/sdnc/resources/geo/bin/sdnc.cluster +++ b/kubernetes/sdnc/resources/geo/bin/sdnc.cluster @@ -1,4 +1,5 @@ #!/bin/bash +{{/* # Copyright © 2018 Amdocs # @@ -13,6 +14,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} if ! [ "$(command -v jq)" ]; then echo "Error: jq is not installed." diff --git a/kubernetes/sdnc/resources/geo/bin/sdnc.isPrimaryCluster b/kubernetes/sdnc/resources/geo/bin/sdnc.isPrimaryCluster index 7a4f6a7dd0..ffd044854f 100755 --- a/kubernetes/sdnc/resources/geo/bin/sdnc.isPrimaryCluster +++ b/kubernetes/sdnc/resources/geo/bin/sdnc.isPrimaryCluster @@ -1,4 +1,5 @@ #!/bin/bash +{{/* # Copyright © 2018 Amdocs # @@ -13,6 +14,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} dir=$( dirname $0 ) diff --git a/kubernetes/sdnc/resources/geo/bin/sdnc.makeActive b/kubernetes/sdnc/resources/geo/bin/sdnc.makeActive index 76eca48af5..88f57b1ceb 100755 --- a/kubernetes/sdnc/resources/geo/bin/sdnc.makeActive +++ b/kubernetes/sdnc/resources/geo/bin/sdnc.makeActive @@ -1,4 +1,5 @@ #!/bin/sh +{{/* # Copyright © 2018 Amdocs # @@ -13,6 +14,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} if [ $# -lt 1 ];then echo "Usage: makeactive <release> [namespace]" diff --git a/kubernetes/sdnc/resources/geo/bin/sdnc.monitor b/kubernetes/sdnc/resources/geo/bin/sdnc.monitor index b14bd7325d..3f9f4014b3 100755 --- a/kubernetes/sdnc/resources/geo/bin/sdnc.monitor +++ b/kubernetes/sdnc/resources/geo/bin/sdnc.monitor @@ -1,4 +1,5 @@ #!/bin/sh +{{/* # Copyright © 2018 Amdocs # @@ -13,6 +14,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} if [ $# -lt 1 ];then echo "Usage: $(basename $0) [--debug] <release> [namespace]" diff --git a/kubernetes/sdnc/resources/geo/bin/switchVoting.sh b/kubernetes/sdnc/resources/geo/bin/switchVoting.sh index 7a1c193492..076f1ea35f 100755 --- a/kubernetes/sdnc/resources/geo/bin/switchVoting.sh +++ b/kubernetes/sdnc/resources/geo/bin/switchVoting.sh @@ -1,4 +1,5 @@ #!/bin/bash +{{/* # Copyright © 2018 Amdocs # @@ -13,6 +14,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} function usage() { diff --git a/kubernetes/sdnc/templates/job.yaml b/kubernetes/sdnc/templates/job.yaml index bce94f3008..e0f0e55252 100755 --- a/kubernetes/sdnc/templates/job.yaml +++ b/kubernetes/sdnc/templates/job.yaml @@ -1,3 +1,4 @@ +{{- if .Values.dgbuilder.enabled -}} {{/* # Copyright © 2017 Amdocs, Bell Canada, AT&T # @@ -81,7 +82,7 @@ spec: - name: {{ include "common.name" . }}-readiness command: - - /root/ready.py + - /app/ready.py args: - --container-name - {{ include "common.mariadbService" . }} @@ -91,7 +92,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} containers: - name: {{ include "common.name" . }} @@ -165,3 +166,4 @@ spec: restartPolicy: Never imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{- end -}} diff --git a/kubernetes/sdnc/templates/sdnrdb-init-job.yaml b/kubernetes/sdnc/templates/sdnrdb-init-job.yaml new file mode 100755 index 0000000000..7975b70ed2 --- /dev/null +++ b/kubernetes/sdnc/templates/sdnrdb-init-job.yaml @@ -0,0 +1,104 @@ +{{/* +# Copyright © 2020 highstreet technologies GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ if .Values.config.sdnr.enabled -}} +apiVersion: batch/v1 +kind: Job +metadata: {{- include "common.resourceMetadata" (dict "suffix" "sdnrdb-init-job" "dot" . ) | nindent 2 }} +spec: + backoffLimit: 20 + template: + metadata: {{ include "common.templateMetadata" . | indent 6}} + spec: + initContainers: + {{ include "common.certInitializer.initContainer" . | indent 6 }} + {{ if .Values.global.aafEnabled }} + - name: {{ include "common.name" . }}-chown + image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }}"] + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + {{ end }} + - name: {{ include "common.name" . }}-readiness + command: + - /app/ready.py + args: + - --container-name + - {{.Values.elasticsearch.nameOverride}}-elasticsearch + - --container-name + - {{.Values.elasticsearch.nameOverride}}-nginx + - --container-name + - {{.Values.elasticsearch.nameOverride}}-master + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + containers: + - name: {{ include "common.name" . }}-sdnrdb-init-job + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/bin/bash"] + args: ["-c", "{{ .Values.config.binDir }}/startODL.sh"] + env: + - name: SDNC_AAF_ENABLED + value: "{{ .Values.global.aafEnabled}}" + - name: SDNC_HOME + value: "{{.Values.config.sdncHome}}" + - name: ETC_DIR + value: "{{.Values.config.etcDir}}" + - name: BIN_DIR + value: "{{.Values.config.binDir}}" + ## start sdnrdb parameter + - name: SDNRINIT + value: "true" + - name: SDNRDBURL + {{ if .Values.global.aafEnabled -}} + value: "https://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}" + {{- else -}} + value: "http://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}" + {{- end }} + - name: SDNRDBPARAMETER + value: "-k" + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: docker-entrypoint-initdb-d + emptyDir: {} + - name: bin + configMap: + name: {{ include "common.fullname" . }}-bin + defaultMode: 0755 + - name: properties + configMap: + name: {{ include "common.fullname" . }}-properties + defaultMode: 0644 +{{ include "common.certInitializer.volumes" . | nindent 6 }} + restartPolicy: Never + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" + +{{ end -}} diff --git a/kubernetes/sdnc/templates/secrets.yaml b/kubernetes/sdnc/templates/secrets.yaml index 34932b713d..916d47d753 100644 --- a/kubernetes/sdnc/templates/secrets.yaml +++ b/kubernetes/sdnc/templates/secrets.yaml @@ -13,5 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} - {{ include "common.secretFast" . }} diff --git a/kubernetes/sdnc/templates/service.yaml b/kubernetes/sdnc/templates/service.yaml index 741a15ae53..e3be4bc46a 100644 --- a/kubernetes/sdnc/templates/service.yaml +++ b/kubernetes/sdnc/templates/service.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2020 highstreet technologies GmbH # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -48,9 +49,12 @@ spec: targetPort: {{ .Values.service.internalPort4 }} {{ end }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }} + {{ if .Values.config.sdnr.enabled }} + sessionAffinity: ClientIP + {{ end }} selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + app.kubernetes.io/name: {{ include "common.name" . }} + app.kubernetes.io/instance: {{ include "common.release" . }} --- apiVersion: v1 kind: Service @@ -77,8 +81,8 @@ spec: port: {{ .Values.service.externalPort2 }} targetPort: {{ .Values.service.internalPort2 }} selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + app.kubernetes.io/name: {{ include "common.name" . }} + app.kubernetes.io/instance: {{ include "common.release" . }} --- apiVersion: v1 kind: Service @@ -96,8 +100,8 @@ spec: port: {{ .Values.service.clusterPort }} clusterIP: None selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + app.kubernetes.io/name: {{ include "common.name" . }} + app.kubernetes.io/instance: {{ include "common.release" . }} sessionAffinity: None type: ClusterIP diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index 437cb31a8e..98ad43ed60 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -17,26 +17,17 @@ apiVersion: apps/v1 kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: selector: matchLabels: app: {{ include "common.name" . }} serviceName: {{ include "common.servicename" . }}-cluster replicas: {{ .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} podManagementPolicy: Parallel template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - command: @@ -71,6 +62,11 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: SDNC_DB_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: ODL_ADMIN_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }} + - name: ODL_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }} + volumeMounts: - mountPath: /config-input name: config-input @@ -79,27 +75,82 @@ spec: image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config - + {{ if .Values.dgbuilder.enabled -}} - command: - - /root/ready.py + - /app/ready.py args: + {{ if or .Values.dgbuilder.enabled .Values.config.sdnr.enabled -}} - --container-name - {{ include "common.mariadbService" . }} + {{ end -}} + {{ if .Values.config.sdnr.enabled -}} + - --container-name + - {{ include "common.name" . }}-sdnrdb-init-job + {{ end -}} env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - + {{ end -}} {{ include "common.certInitializer.initContainer" . | indent 6 }} + {{ if .Values.global.cmpv2Enabled }} + - name: certs-init + image: "{{ .Values.global.repository }}/{{ .Values.global.platform.certServiceClient.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: REQUEST_URL + value: {{ .Values.global.platform.certServiceClient.envVariables.requestURL }} + - name: REQUEST_TIMEOUT + value: "30000" + - name: OUTPUT_PATH + value: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }} + - name: CA_NAME + value: {{ .Values.global.platform.certServiceClient.envVariables.caName }} + - name: COMMON_NAME + value: {{ .Values.global.platform.certServiceClient.envVariables.common_name }} + - name: ORGANIZATION + value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Organization }} + - name: ORGANIZATION_UNIT + value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2OrganizationalUnit }} + - name: LOCATION + value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Location }} + - name: STATE + value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2State }} + - name: COUNTRY + value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Country }} + - name: KEYSTORE_PATH + value: {{ .Values.global.platform.certServiceClient.envVariables.keystorePath }} + - name: KEYSTORE_PASSWORD + value: {{ .Values.global.platform.certServiceClient.envVariables.keystorePassword }} + - name: TRUSTSTORE_PATH + value: {{ .Values.global.platform.certServiceClient.envVariables.truststorePath }} + - name: TRUSTSTORE_PASSWORD + value: {{ .Values.global.platform.certServiceClient.envVariables.truststorePassword }} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }} + name: certs + - mountPath: {{ .Values.global.platform.certServiceClient.secret.mountPath }} + name: certservice-tls-volume + {{ end }} + - name: {{ include "common.name" . }}-chown - image: "busybox" - command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }} ; chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }}"] + image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + command: + - sh + args: + - -c + - chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }} +{{- if .Values.global.aafEnabled }} + - chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }} +{{- end }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: {{ .Values.persistence.mdsalPath }} @@ -151,6 +202,26 @@ spec: value: {{ include "common.mariadbService" . }} - name: JAVA_HOME value: "{{ .Values.config.javaHome}}" + - name: JAVA_OPTS + value: "-Xms{{.Values.config.odl.javaOptions.minMemory}} -Xmx{{.Values.config.odl.javaOptions.maxMemory}}" + - name: KARAF_CONSOLE_LOG_LEVEL + value: "{{ include "common.log.level" . }}" + - name: SDNRWT + value: "{{ .Values.config.sdnr.enabled | default "false"}}" + {{- if eq .Values.config.sdnr.mode "web" }} + - name: SDNRDM + value: "true" + {{- end }} + - name: SDNRONLY + value: "{{ .Values.config.sdnr.sdnronly | default "false" }}" + - name: SDNRDBURL + {{- $prefix := ternary "https" "http" .Values.global.aafEnabled}} + value: "{{$prefix}}://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}" + {{- if .Values.config.sdnr.sdnrdbTrustAllCerts }} + - name: SDNRDBTRUSTALLCERTS + value: "true" + {{ end }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime @@ -159,9 +230,6 @@ spec: - mountPath: /opt/opendaylight/current/etc/org.ops4j.pax.logging.cfg name: sdnc-logging-cfg-config subPath: org.ops4j.pax.logging.cfg - - mountPath: {{ .Values.config.binDir }}/startODL.sh - name: bin - subPath: startODL.sh - mountPath: {{ .Values.config.binDir }}/installSdncDb.sh name: bin subPath: installSdncDb.sh @@ -202,6 +270,16 @@ spec: - mountPath: {{ .Values.config.odl.binDir }}/setenv name: properties subPath: setenv + - mountPath: {{ .Values.config.odl.etcDir }}/mountpoint-registrar.properties + name: properties + subPath: mountpoint-registrar.properties + - mountPath: {{ .Values.config.odl.etcDir }}/mountpoint-state-provider.properties + name: properties + subPath: mountpoint-state-provider.properties + {{ if .Values.global.cmpv2Enabled }} + - mountPath: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }} + name: certs + {{- end }} resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -252,6 +330,14 @@ spec: - name: properties emptyDir: medium: Memory + {{ if .Values.global.cmpv2Enabled }} + - name: certs + emptyDir: + medium: Memory + - name: certservice-tls-volume + secret: + secretName: {{ .Values.global.platform.certServiceClient.secret.name }} + {{- end }} {{ if not .Values.persistence.enabled }} - name: {{ include "common.fullname" . }}-data emptyDir: {} diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index f16f3b1925..af5a6f4878 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -1,4 +1,4 @@ -# Copyright © 2020 Samsung Electronics +# Copyright © 2020 Samsung Electronics, highstreet technologies GmbH # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,8 +20,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 + readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 persistence: @@ -36,6 +35,31 @@ global: service: mariadb-galera internalPort: 3306 nameOverride: mariadb-galera + # Enabling CMPv2 + cmpv2Enabled: true + platform: + certServiceClient: + image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0 + secret: + name: oom-cert-service-client-tls-secret + mountPath: /etc/onap/oom/certservice/certs/ + envVariables: + # Certificate related + cert_path: /var/custom-certs + cmpv2Organization: "Linux-Foundation" + cmpv2OrganizationalUnit: "ONAP" + cmpv2Location: "San-Francisco" + cmpv2Country: "US" + # Client configuration related + caName: "RA" + common_name: "sdnc.simpledemo.onap.org" + requestURL: "https://oom-cert-service:8443/v1/certificate/" + requestTimeout: "30000" + keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks" + outputType: "P12" + keystorePassword: "secret" + truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks" + truststorePassword: "secret" ################################################################# # Secrets metaconfig @@ -105,15 +129,16 @@ secrets: login: '{{ .Values.config.scaleoutUser }}' password: '{{ .Values.config.scaleoutPassword }}' passwordPolicy: required - ################################################################# # Application configuration defaults. ################################################################# # application images + repository: nexus3.onap.org:10001 pullPolicy: Always -image: onap/sdnc-image:1.8.4 - +image: onap/sdnc-image:2.0.4 +busyboxRepository: docker.io +busyboxImage: busybox:1.30 # flag to enable debugging - application support required debugEnabled: false @@ -161,13 +186,14 @@ config: logstashPort: 5044 ansibleServiceName: sdnc-ansible-server ansiblePort: 8000 - javaHome: /usr/lib/jvm/java-1.8-openjdk + javaHome: /opt/java/openjdk odl: etcDir: /opt/opendaylight/etc binDir: /opt/opendaylight/bin + gcLogDir: /opt/opendaylight/data/log salConfigDir: /opt/opendaylight/system/org/opendaylight/controller/sal-clustering-config - salConfigVersion: 1.8.2 + salConfigVersion: 1.9.1 akka: seedNodeTimeout: 15s circuitBreaker: @@ -185,11 +211,30 @@ config: javaOptions: maxGCPauseMillis: 100 parallelGCThreads : 3 - numberGGLogFiles: 10 + numberGCLogFiles: 10 + minMemory: 512m + maxMemory: 2048m + gcLogOptions: "" + # Next line enables gc logging + # gcLogOptions: "-Xlog:gc=trace:file={{.Values.config.odl.gcLogDir}}/gc-%t.log}:time,level,tags:filecount={{.Values.config.odl.javaOptions.numberGCLogFiles}}" + # enables sdnr functionality + sdnr: + enabled: true + # mode: web - SDNC contains device manager only plus dedicated webserver service for ODLUX (default), + # mode: dm - SDNC contains sdnr device manager + ODLUX components + mode: dm + # sdnronly: true starts sdnc container with odl and sdnrwt features only + sdnronly: false + sdnrdbTrustAllCerts: true + mountpointRegistrarEnabled: false + mountpointStateProviderEnabled: false + + # dependency / sub-chart configuration certInitializer: nameOverride: sdnc-cert-initializer + truststoreMountpath: /opt/onap/sdnc/data/stores fqdn: "sdnc" app_ns: "org.osaaf.aaf" fqi: "sdnc@sdnc.onap.org" @@ -204,6 +249,9 @@ certInitializer: cd /opt/app/osaaf/local; /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1 +# dependency / sub-chart configuration +network-name-gen: + enabled: true mariadb-galera: &mariadbGalera nameOverride: sdnc-db config: &mariadbGaleraConfig @@ -223,6 +271,7 @@ cds: enabled: false dmaap-listener: + enabled: true nameOverride: sdnc-dmaap-listener mariadb-galera: <<: *mariadbGalera @@ -237,6 +286,7 @@ dmaap-listener: odlCredsExternalSecret: *odlCredsSecretName ueb-listener: + enabled: true mariadb-galera: <<: *mariadbGalera config: @@ -249,18 +299,8 @@ ueb-listener: configDir: /opt/onap/sdnc/data/properties odlCredsExternalSecret: *odlCredsSecretName -sdnc-portal: - mariadb-galera: - <<: *mariadbGalera - config: - <<: *mariadbGaleraConfig - mysqlDatabase: *sdncDbName - config: - sdncChartName: sdnc - configDir: /opt/onap/sdnc/data/properties - odlCredsExternalSecret: *odlCredsSecretName - sdnc-ansible-server: + enabled: true config: restCredsExternalSecret: *ansibleSecretName mariadb-galera: @@ -273,7 +313,10 @@ sdnc-ansible-server: internalPort: 8000 dgbuilder: + enabled: true nameOverride: sdnc-dgbuilder + certInitializer: + nameOverride: sdnc-dgbuilder-cert-initializer config: db: dbName: *sdncDbName @@ -294,21 +337,25 @@ dgbuilder: - baseaddr: "sdnc-dgbuilder" name: "sdnc-dgbuilder" port: 3000 + - baseaddr: "sdnc-web-service" + name: "sdnc-web-service" + port: 8443 config: ssl: "redirect" + + # local elasticsearch cluster localElasticCluster: true elasticsearch: - nameOverride: sdnrdb + nameOverride: &elasticSearchName sdnrdb name: sdnrdb-cluster certInitializer: fqdn: "sdnc" fqi_namespace: org.onap.sdnc fqi: "sdnc@sdnc.onap.org" service: - name: sdnrdb - + name: *elasticSearchName master: replicaCount: 3 # dedicatednode: "yes" @@ -316,17 +363,11 @@ elasticsearch: # dedicatednode: "no" # handles master and data node functionality dedicatednode: "no" - nameOverride: sdnrdb - - curator: - enabled: true - nameOverride: sdnrdb - data: - enabled: true - replicaCount: 1 - nameOverride: sdnrdb - - + nameOverride: *elasticSearchName + cluster_name: *elasticSearchName +# enable +sdnc-web: + enabled: true # default number of instances replicaCount: 1 @@ -398,6 +439,22 @@ persistence: mountSubPath: sdnc/mdsal mdsalPath: /opt/opendaylight/current/daexim +certpersistence: + enabled: true + + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 50Mi + mountPath: /dockerdata-nfs + mountSubPath: sdnc/certs + certPath: /opt/app/osaaf + ##storageClass: "manual" + ingress: enabled: false service: diff --git a/kubernetes/sniro-emulator/requirements.yaml b/kubernetes/sniro-emulator/requirements.yaml index e85005b9ae..a72069ff78 100644 --- a/kubernetes/sniro-emulator/requirements.yaml +++ b/kubernetes/sniro-emulator/requirements.yaml @@ -19,3 +19,6 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/sniro-emulator/templates/deployment.yaml b/kubernetes/sniro-emulator/templates/deployment.yaml index 2e76895278..0dff4eb7be 100644 --- a/kubernetes/sniro-emulator/templates/deployment.yaml +++ b/kubernetes/sniro-emulator/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,8 +12,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} @@ -24,6 +26,10 @@ metadata: heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} template: metadata: labels: @@ -32,7 +38,7 @@ spec: spec: containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} diff --git a/kubernetes/sniro-emulator/templates/service.yaml b/kubernetes/sniro-emulator/templates/service.yaml index c5954db506..9119071ab2 100644 --- a/kubernetes/sniro-emulator/templates/service.yaml +++ b/kubernetes/sniro-emulator/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/sniro-emulator/values.yaml b/kubernetes/sniro-emulator/values.yaml index e81481da2d..81ce818a8a 100644 --- a/kubernetes/sniro-emulator/values.yaml +++ b/kubernetes/sniro-emulator/values.yaml @@ -19,7 +19,6 @@ global: # global defaults nodePortPrefix: 302 # application image -repository: nexus3.onap.org:10001 image: onap/sniroemulator:1.0.0 pullPolicy: IfNotPresent diff --git a/kubernetes/so/.helmignore b/kubernetes/so/.helmignore index f0c1319444..7ddbad7ef4 100755 --- a/kubernetes/so/.helmignore +++ b/kubernetes/so/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +components/ diff --git a/kubernetes/so/Makefile b/kubernetes/so/Makefile new file mode 100644 index 0000000000..4c79718d02 --- /dev/null +++ b/kubernetes/so/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/so/charts/so-catalog-db-adapter/templates/secret.yaml b/kubernetes/so/charts/so-catalog-db-adapter/templates/secret.yaml deleted file mode 100644 index bd7eb8ea40..0000000000 --- a/kubernetes/so/charts/so-catalog-db-adapter/templates/secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-db-secrets/Chart.yaml b/kubernetes/so/charts/so-db-secrets/Chart.yaml deleted file mode 100755 index 1739d1fe36..0000000000 --- a/kubernetes/so/charts/so-db-secrets/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright © 2018 AT&T USA -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -description: A Helm chart for DB secrets -name: so-db-secrets -version: 6.0.0
\ No newline at end of file diff --git a/kubernetes/so/charts/so-db-secrets/templates/secrets.yaml b/kubernetes/so/charts/so-db-secrets/templates/secrets.yaml deleted file mode 100755 index d636fad4a7..0000000000 --- a/kubernetes/so/charts/so-db-secrets/templates/secrets.yaml +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright © 2018 AT&T USA -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.release" . }}-so-db-secrets - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: - mariadb.readwrite.host : {{ .Values.global.mariadbGalera.serviceName | b64enc | quote }} - mariadb.readwrite.port : {{ .Values.global.mariadbGalera.servicePort | b64enc | quote }} - mariadb.readwrite.rolename: {{ .Values.db_username | b64enc | quote }} - mariadb.readwrite.password: {{ .Values.db_password | b64enc | quote }} - mariadb.admin.rolename: {{ .Values.db_admin_username| b64enc | quote }} - mariadb.admin.password: {{ .Values.db_admin_password | b64enc | quote }} -type: Opaque diff --git a/kubernetes/so/charts/so-db-secrets/values.yaml b/kubernetes/so/charts/so-db-secrets/values.yaml deleted file mode 100644 index 63b6852d50..0000000000 --- a/kubernetes/so/charts/so-db-secrets/values.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2018 AT&T USA -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -db_admin_username: so_admin -db_admin_password: so_Admin123 -db_username: so_user -db_password: so_User123 - diff --git a/kubernetes/so/charts/so-monitoring/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-monitoring/resources/config/overrides/override.yaml deleted file mode 100644 index c2e6ad06f3..0000000000 --- a/kubernetes/so/charts/so-monitoring/resources/config/overrides/override.yaml +++ /dev/null @@ -1,17 +0,0 @@ -server: - port: {{ index .Values.containerPort }} - tomcat: - max-threads: 50 -ssl-enable: false -camunda: - rest: - api: - url: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine/engine/ - engine: default - auth: Basic YXBpaEJwbW46cGFzc3dvcmQxJA== -mso: - database: - rest: - api: - url: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/infraActiveRequests/ - auth: Basic YnBlbDpwYXNzd29yZDEk diff --git a/kubernetes/so/charts/so-monitoring/templates/ingress.yaml b/kubernetes/so/charts/so-monitoring/templates/ingress.yaml deleted file mode 100644 index 8f87c68f1e..0000000000 --- a/kubernetes/so/charts/so-monitoring/templates/ingress.yaml +++ /dev/null @@ -1 +0,0 @@ -{{ include "common.ingress" . }} diff --git a/kubernetes/so/charts/so-monitoring/templates/secret.yaml b/kubernetes/so/charts/so-monitoring/templates/secret.yaml deleted file mode 100644 index bd7eb8ea40..0000000000 --- a/kubernetes/so/charts/so-monitoring/templates/secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-openstack-adapter/templates/secret.yaml b/kubernetes/so/charts/so-openstack-adapter/templates/secret.yaml deleted file mode 100644 index bd7eb8ea40..0000000000 --- a/kubernetes/so/charts/so-openstack-adapter/templates/secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-request-db-adapter/templates/secret.yaml b/kubernetes/so/charts/so-request-db-adapter/templates/secret.yaml deleted file mode 100644 index bd7eb8ea40..0000000000 --- a/kubernetes/so/charts/so-request-db-adapter/templates/secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-sdc-controller/templates/secret.yaml b/kubernetes/so/charts/so-sdc-controller/templates/secret.yaml deleted file mode 100644 index bd7eb8ea40..0000000000 --- a/kubernetes/so/charts/so-sdc-controller/templates/secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-sdc-controller/templates/service.yaml b/kubernetes/so/charts/so-sdc-controller/templates/service.yaml deleted file mode 100755 index 6711c3b2e7..0000000000 --- a/kubernetes/so/charts/so-sdc-controller/templates/service.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright © 2018 AT&T USA -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/so/charts/so-sdnc-adapter/templates/secret.yaml b/kubernetes/so/charts/so-sdnc-adapter/templates/secret.yaml deleted file mode 100644 index bd7eb8ea40..0000000000 --- a/kubernetes/so/charts/so-sdnc-adapter/templates/secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-sdnc-adapter/templates/service.yaml b/kubernetes/so/charts/so-sdnc-adapter/templates/service.yaml deleted file mode 100755 index 6711c3b2e7..0000000000 --- a/kubernetes/so/charts/so-sdnc-adapter/templates/service.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright © 2018 AT&T USA -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks b/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks Binary files differdeleted file mode 100644 index 31ea6ba650..0000000000 --- a/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks +++ /dev/null diff --git a/kubernetes/so/charts/so-secrets/templates/secrets.yaml b/kubernetes/so/charts/so-secrets/templates/secrets.yaml deleted file mode 100644 index 5be2cc7c41..0000000000 --- a/kubernetes/so/charts/so-secrets/templates/secrets.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright © 2018 AT&T USA -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-so-client-certs-secret - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: - trustStorePassword: {{ .Values.global.client.certs.trustStorePassword }} - keyStorePassword: {{ .Values.global.client.certs.keyStorePassword}} -type: Opaque ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.release" . }}-so-truststore-secret - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/secret.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/secret.yaml deleted file mode 100644 index bd7eb8ea40..0000000000 --- a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-vfc-adapter/templates/secret.yaml b/kubernetes/so/charts/so-vfc-adapter/templates/secret.yaml deleted file mode 100644 index bd7eb8ea40..0000000000 --- a/kubernetes/so/charts/so-vfc-adapter/templates/secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-vfc-adapter/templates/service.yaml b/kubernetes/so/charts/so-vfc-adapter/templates/service.yaml deleted file mode 100755 index 5e29af8ab5..0000000000 --- a/kubernetes/so/charts/so-vfc-adapter/templates/service.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright © 2018 AT&T USA -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }}
\ No newline at end of file diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/ingress.yaml b/kubernetes/so/charts/so-vnfm-adapter/templates/ingress.yaml deleted file mode 100644 index 8f87c68f1e..0000000000 --- a/kubernetes/so/charts/so-vnfm-adapter/templates/ingress.yaml +++ /dev/null @@ -1 +0,0 @@ -{{ include "common.ingress" . }} diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/secret.yaml b/kubernetes/so/charts/so-vnfm-adapter/templates/secret.yaml deleted file mode 100644 index bd7eb8ea40..0000000000 --- a/kubernetes/so/charts/so-vnfm-adapter/templates/secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.secretFast" . }} diff --git a/kubernetes/so/components/Makefile b/kubernetes/so/components/Makefile new file mode 100644 index 0000000000..f2e7a1fb82 --- /dev/null +++ b/kubernetes/so/components/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := soHelpers +HELM_BIN := helm +HELM_CHARTS := soHelpers $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/so/charts/so-appc-orchestrator/Chart.yaml b/kubernetes/so/components/so-appc-orchestrator/Chart.yaml index ab2bad332a..ab2bad332a 100644 --- a/kubernetes/so/charts/so-appc-orchestrator/Chart.yaml +++ b/kubernetes/so/components/so-appc-orchestrator/Chart.yaml diff --git a/kubernetes/so/components/so-appc-orchestrator/requirements.yaml b/kubernetes/so/components/so-appc-orchestrator/requirements.yaml new file mode 100755 index 0000000000..d25c12c663 --- /dev/null +++ b/kubernetes/so/components/so-appc-orchestrator/requirements.yaml @@ -0,0 +1,26 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/charts/so-appc-orchestrator/resources/config/overrides/override.yaml b/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml index c897f48e4a..661ed64b0e 100644 --- a/kubernetes/so/charts/so-appc-orchestrator/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} server: port: {{ index .Values.containerPort }} @@ -19,11 +21,11 @@ server: ssl-enable: false mso: logPath: ./logs/soappcorch - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.auth.rest.aafEncrypted "value2" .Values.mso.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.auth.rest.aafEncrypted "value2" .Values.mso.auth )}} msoKey: {{ .Values.global.app.msoKey }} config: - {{ if eq .Values.global.security.aaf.enabled true }} - cadi: {{ include "cadi.keys" . | nindent 8}} + {{ if .Values.global.security.aaf.enabled }} + cadi: {{ include "so.cadi.keys" . | nindent 8}} {{- else }} cadi: aafId: {{ .Values.mso.basicUser }} diff --git a/kubernetes/so/charts/so-appc-orchestrator/templates/configmap.yaml b/kubernetes/so/components/so-appc-orchestrator/templates/configmap.yaml index 8c0ee290ce..6abb1673d5 100755 --- a/kubernetes/so/charts/so-appc-orchestrator/templates/configmap.yaml +++ b/kubernetes/so/components/so-appc-orchestrator/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,12 +12,13 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-appc-orchestrator/templates/deployment.yaml b/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml index b9a39fe8c3..917c067681 100644 --- a/kubernetes/so/charts/so-appc-orchestrator/templates/deployment.yaml +++ b/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -39,7 +41,7 @@ spec: env: - name: ACTUATOR_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 10 }} - image: {{ .Values.global.dockerHubRepository }}/{{ .Values.global.htpasswdImage }} + image: {{ include "repositoryGenerator.image.htpasswd" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: encoder @@ -50,18 +52,28 @@ spec: - sh args: - -c - - export ACTUATOR_PASSWORD="$(cat /tmp/app/encoded)"; ./start-app.sh - image: {{ include "common.repository" . }}/{{ .Values.image }} + - | + export ACTUATOR_PASSWORD="$(cat /tmp/app/encoded)" + {{- if .Values.global.aafEnabled }} + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" + {{- end }} + {{- end }} + /app/start-app.sh + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} resources: {{ include "common.resources" . | nindent 12 }} env: - name: ACTUATOR_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 10 }} + {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: {{- include "common.containerPorts" . | nindent 10 }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} - name: logs mountPath: /app/logs - name: encoder @@ -69,7 +81,7 @@ spec: - name: config mountPath: /app/config readOnly: true -{{ include "helpers.livenessProbe" .| indent 8 }} +{{ include "so.helpers.livenessProbe" .| indent 8 }} volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} @@ -78,6 +90,6 @@ spec: medium: Memory - name: config configMap: - name: {{ include "common.fullname" . }}-app-configmap + name: {{ include "common.fullname" . }}-app-configmap imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/components/so-appc-orchestrator/templates/secret.yaml b/kubernetes/so/components/so-appc-orchestrator/templates/secret.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/so/components/so-appc-orchestrator/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-appc-orchestrator/templates/service.yaml b/kubernetes/so/components/so-appc-orchestrator/templates/service.yaml index fc3e2879ce..7f004cc050 100644 --- a/kubernetes/so/charts/so-appc-orchestrator/templates/service.yaml +++ b/kubernetes/so/components/so-appc-orchestrator/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.service" . }} diff --git a/kubernetes/so/charts/so-appc-orchestrator/values.yaml b/kubernetes/so/components/so-appc-orchestrator/values.yaml index 1c0cd43c6f..310cb9f323 100644 --- a/kubernetes/so/charts/so-appc-orchestrator/values.yaml +++ b/kubernetes/so/components/so-appc-orchestrator/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2020 AT&T USA +# Copyright © 2020 Huawei # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,13 +19,13 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 - repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 persistence: mountPath: /dockerdata-nfs - htpasswdImage: xmartlabs/htpasswd - dockerHubRepository: docker.io + security: + aaf: + enabled: false + app: + msoKey: 07a7159d3bf51a0e53be7a8f89699be7 ################################################################# # Secrets metaconfig ################################################################# @@ -41,10 +42,6 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required - - uid: "so-onap-certs" - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' - uid: server-actuator-creds name: '{{ include "common.release" . }}-so-appc-actuator-creds' type: basicAuth @@ -60,7 +57,6 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -repository: nexus3.onap.org:10001 image: onap/so/so-appc-orchestrator:1.6.4 pullPolicy: Always @@ -77,14 +73,14 @@ server: password: password1$ replicaCount: 1 minReadySeconds: 10 -containerPort: 8080 +containerPort: &containerPort 8080 logPath: ./logs/soappcorch app: appc-orchestrator service: name: so-appc-orchestrator type: ClusterIP ports: - - port: 8080 + - port: *containerPort name: http updateStrategy: type: RollingUpdate @@ -92,6 +88,21 @@ updateStrategy: maxSurge: 1 # Resource Limit flavor -By Default using small flavor: small + + +################################################################# +# soHelper part +################################################################# + +soHelpers: + nameOverride: so-appc-cert-init + certInitializer: + nameOverride: so-appc-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.openStackAdapterPerm + containerPort: *containerPort + # Segregation for Different environment (Small and Large) resources: small: @@ -123,3 +134,27 @@ ingress: nodeSelector: {} tolerations: [] affinity: {} + +auth: + rest: + encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 + +mso: + auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4 + basicUser: poBpmn + +appc: + client: + topic: + read: + name: APPC-LCM-WRITE + timeout: 360000 + write: APPC-LCM-READ + sdnc: + read: SDNC-LCM-WRITE + write: SDNC-LCM-READ + response: + timeout: 3600000 + key: VIlbtVl6YLhNUrtU + secret: 64AG2hF4pYeG2pq7CT6XwUOT + service: ueb diff --git a/kubernetes/so/charts/so-bpmn-infra/Chart.yaml b/kubernetes/so/components/so-bpmn-infra/Chart.yaml index 17fa3459ad..faba23eb16 100755 --- a/kubernetes/so/charts/so-bpmn-infra/Chart.yaml +++ b/kubernetes/so/components/so-bpmn-infra/Chart.yaml @@ -13,6 +13,6 @@ # limitations under the License. apiVersion: v1 appVersion: "1.0" -description: A Helm chart for Kubernetes +description: A Helm chart for SO Bpmn Infra name: so-bpmn-infra -version: 6.0.0
\ No newline at end of file +version: 6.0.0 diff --git a/kubernetes/so/components/so-bpmn-infra/requirements.yaml b/kubernetes/so/components/so-bpmn-infra/requirements.yaml new file mode 100755 index 0000000000..82296bee1d --- /dev/null +++ b/kubernetes/so/components/so-bpmn-infra/requirements.yaml @@ -0,0 +1,29 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: readinessCheck + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml index e57ea34f43..11128dd68c 100755 --- a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,8 +12,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} aai: - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}} dme2: timeout: '30000' endpoint: https://aai.{{ include "common.namespace" . }}:8443 @@ -56,7 +58,7 @@ mso: timeout: 60 logPath: logs config: - cadi: {{ include "cadi.keys" . | nindent 8}} + cadi: {{ include "so.cadi.keys" . | nindent 8}} async: core-pool-size: 50 max-pool-size: 50 @@ -66,7 +68,7 @@ mso: endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/CompleteMsoProcess requestDb: endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.adapters.requestDb.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.adapters.requestDb.auth )}} db: auth: {{ .Values.mso.adapters.db.auth }} password: {{ .Values.mso.adapters.db.password }} @@ -92,7 +94,7 @@ mso: vnf: endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/VnfAdapter rest: - endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/v1/vnfs + endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/{{ .Values.vnf.api.version }}/vnfs volume-groups: rest: endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/v1/volume-groups @@ -106,6 +108,11 @@ mso: endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage nssmf: endpoint: http://so-nssmf-adapter.{{ include "common.namespace" . }}:8088 + oof: + endpoint: http://so-oof-adapter.{{ include "common.namespace" . }}:8090/so/adapters/oof/v1 + timeout: PT5M + callback: + endpoint: http://so-oof-adapter.{{ include "common.namespace" . }}:8090/so/adapters/oof/callback/v1 bpmn: process: historyTimeToLive: '30' @@ -116,7 +123,7 @@ mso: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} default: adapter: namespace: http://org.onap.mso @@ -375,7 +382,7 @@ spring: so: vnfm: adapter: - url: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1/ + url: http://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1/ auth: {{ .Values.so.vnfm.adapter.auth }} org: onap: diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml b/kubernetes/so/components/so-bpmn-infra/templates/configmap.yaml index a2e27548ba..58ac6d9ab8 100755 --- a/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml +++ b/kubernetes/so/components/so-bpmn-infra/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,11 +12,12 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml index 3fc5ab2e48..3fee225c03 100755 --- a/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml +++ b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment metadata: @@ -37,37 +39,31 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - - command: - - /root/job_complete.py - args: - - --job-name - - {{ include "common.release" . }}-so-mariadb-config-job - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness + initContainers: + {{ include "so.certificate.container_importer" . | indent 6 | trim }} + {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} - image: {{ include "common.repository" . }}/{{ .Values.image }} - resources: -{{ include "common.resources" . | indent 12 }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" + {{- end }} + /app/start-app.sh + {{- end }} env: - name: DB_HOST - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.host + value: {{ include "common.mariadbService" . }} - name: DB_PORT - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.port + value: {{ include "common.mariadbPort" . | quote }} - name: DB_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD @@ -76,27 +72,12 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} - {{- if eq .Values.global.security.aaf.enabled true }} - - name: TRUSTSTORE - value: /app/org.onap.so.trust.jks - - name: TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: trustStorePassword - - name: KEYSTORE - value: /app/org.onap.so.jks - - name: KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: keyStorePassword - {{- end }} + {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config @@ -104,14 +85,14 @@ spec: readOnly: true - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap -{{ include "helpers.livenessProbe" .| indent 8 }} +{{ include "so.helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP # Filebeat sidecar container - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf diff --git a/kubernetes/so/components/so-bpmn-infra/templates/secret.yaml b/kubernetes/so/components/so-bpmn-infra/templates/secret.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/so/components/so-bpmn-infra/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/service.yaml b/kubernetes/so/components/so-bpmn-infra/templates/service.yaml index 6711c3b2e7..6eb6f27e26 100755 --- a/kubernetes/so/charts/so-bpmn-infra/templates/service.yaml +++ b/kubernetes/so/components/so-bpmn-infra/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service metadata: diff --git a/kubernetes/so/charts/so-bpmn-infra/values.yaml b/kubernetes/so/components/so-bpmn-infra/values.yaml index 775df5ecc0..63011474bf 100755 --- a/kubernetes/so/charts/so-bpmn-infra/values.yaml +++ b/kubernetes/so/components/so-bpmn-infra/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2018 AT&T USA -# +# Copyright © 2020 Huawei # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -17,14 +17,24 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 - repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 persistence: mountPath: /dockerdata-nfs #This configuration specifies Service and port for SDNC OAM interface sdncOamService: sdnc-oam sdncOamPort: 8282 + security: + aaf: + enabled: false + aaf: + auth: + encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 + mariadbGalera: + serviceName: mariadb-galera + servicePort: '3306' + +readinessCheck: + wait_for: + - so-mariadb-config ################################################################# # Secrets metaconfig @@ -44,10 +54,6 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required - - uid: "so-onap-certs" - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' #secretsFilePaths: | # - 'my file 1' @@ -56,8 +62,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -repository: nexus3.onap.org:10001 -image: onap/so/bpmn-infra:1.6.4 +image: onap/so/bpmn-infra:1.7.10 pullPolicy: Always db: @@ -67,20 +72,67 @@ db: adminName: so_admin adminPassword: so_Admin123 # adminCredsExternalSecret: some secret + +aai: + auth: 221187EFA3AD4E33600DE0488F287099934CE65C3D0697BCECC00BB58E784E07CD74A24581DC31DBC086FF63DF116378776E9BE3D1325885 + +cds: + auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw== + +mso: + key: 07a7159d3bf51a0e53be7a8f89699be7 + adapters: + requestDb: + auth: Basic YnBlbDpwYXNzd29yZDEk + db: + auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF + password: wLg4sjrAFUS8rfVfdvTXeQ== + po: + auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF + sdnc: + password: 1D78CFC35382B6938A989066A7A7EAEF4FE933D2919BABA99EB4763737F39876C333EE5F + sniro: + auth: test:testpwd + oof: + auth: test:testpwd +so: + vnfm: + adapter: + auth: Basic dm5mbTpwYXNzd29yZDEk +sniro: + endpoint: http://replaceme:28090/optimizationInstance/V1/create + +vnf: + api: + version: v2 + replicaCount: 1 minReadySeconds: 10 -containerPort: 8081 +containerPort: &containerPort 8081 logPath: ./logs/bpmn/ app: so-bpmn-infra service: - type: ClusterIP - internalPort: 8081 - externalPort: 8081 - portName: so-bpmn-port + type: ClusterIP + internalPort: *containerPort + externalPort: 8081 + portName: so-bpmn-port updateStrategy: - type: RollingUpdate - maxUnavailable: 1 - maxSurge: 1 + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 + +################################################################# +# soHelper part +################################################################# +soHelpers: + nameOverride: so-bpmn-cert-init + certInitializer: + nameOverride: so-bpmn-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.bpmnPerm + containerPort: *containerPort + # Resource Limit flavor -By Default using small flavor: large # Segregation for Different environment (Small and Large) @@ -101,13 +153,13 @@ resources: cpu: 1000m unlimited: {} livenessProbe: - path: /manage/health - scheme: HTTP - initialDelaySeconds: 600 - periodSeconds: 60 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 3 + path: /manage/health + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 ingress: enabled: false nodeSelector: {} diff --git a/kubernetes/so/charts/so-catalog-db-adapter/Chart.yaml b/kubernetes/so/components/so-catalog-db-adapter/Chart.yaml index 8c5a846df9..8c5a846df9 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/Chart.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/Chart.yaml diff --git a/kubernetes/so/components/so-catalog-db-adapter/requirements.yaml b/kubernetes/so/components/so-catalog-db-adapter/requirements.yaml new file mode 100755 index 0000000000..82296bee1d --- /dev/null +++ b/kubernetes/so/components/so-catalog-db-adapter/requirements.yaml @@ -0,0 +1,29 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: readinessCheck + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-catalog-db-adapter/resources/config/overrides/override.yaml index fb83e4e26b..7aa5984403 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/resources/config/overrides/override.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} server: port: {{ index .Values.containerPort }} tomcat: @@ -20,13 +22,13 @@ mso: logPath: logs site-name: onapheat config: - cadi: {{ include "cadi.keys" . | nindent 8}} + cadi: {{ include "so.cadi.keys" . | nindent 8}} catalog: db: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.db.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.db.auth )}} spring: datasource: hikari: diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/configmap.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/configmap.yaml index b57205223e..6331656fce 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/templates/configmap.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,11 +12,12 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml index 8d2e9738c1..75e6b1ee62 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment metadata: @@ -37,37 +39,31 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - - command: - - /root/job_complete.py - args: - - --job-name - - {{ include "common.release" . }}-so-mariadb-config-job - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness + initContainers: + {{ include "so.certificate.container_importer" . | indent 6 | trim }} + {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} - image: {{ include "common.repository" . }}/{{ .Values.image }} - resources: -{{ include "common.resources" . | indent 12 }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" + {{- end }} + /app/start-app.sh + {{- end }} env: - name: DB_HOST - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.host + value: {{ include "common.mariadbService" . }} - name: DB_PORT - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.port + value: {{ include "common.mariadbPort" . | quote }} - name: DB_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD @@ -76,33 +72,18 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} - {{- if eq .Values.global.security.aaf.enabled true }} - - name: TRUSTSTORE - value: /app/org.onap.so.trust.jks - - name: TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: trustStorePassword - - name: KEYSTORE - value: /app/org.onap.so.jks - - name: KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: keyStorePassword - {{- end }} + {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config mountPath: /app/config readOnly: true -{{ include "helpers.livenessProbe" .| indent 8 }} +{{ include "so.helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} diff --git a/kubernetes/so/components/so-catalog-db-adapter/templates/secret.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/secret.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/so/components/so-catalog-db-adapter/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-catalog-db-adapter/templates/service.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/service.yaml index 6711c3b2e7..6eb6f27e26 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/templates/service.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service metadata: diff --git a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml b/kubernetes/so/components/so-catalog-db-adapter/values.yaml index 9aa9c98fbc..81a7c3fba1 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2018 AT&T USA -# +# Copyright © 2020 Huawei # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -17,11 +17,23 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 - repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 persistence: mountPath: /dockerdata-nfs + security: + aaf: + enabled: false + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + app: + msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + mariadbGalera: + serviceName: mariadb-galera + servicePort: '3306' + +readinessCheck: + wait_for: + - so-mariadb-config ################################################################# # Secrets metaconfig @@ -41,10 +53,6 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required - - uid: "so-onap-certs" - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' #secretsFilePaths: | # - 'my file 1' @@ -53,8 +61,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -repository: nexus3.onap.org:10001 -image: onap/so/catalog-db-adapter:1.6.4 +image: onap/so/catalog-db-adapter:1.7.10 pullPolicy: Always db: @@ -65,20 +72,38 @@ db: adminPassword: so_Admin123 # adminCredsExternalSecret: some secret +mso: + adapters: + db: + auth: Basic YnBlbDpwYXNzd29yZDEk + replicaCount: 1 minReadySeconds: 10 -containerPort: 8082 +containerPort: &containerPort 8082 logPath: ./logs/catdb/ app: catalog-db-adapter service: type: ClusterIP - internalPort: 8082 - externalPort: 8082 + internalPort: *containerPort + externalPort: *containerPort portName: so-catdb-port updateStrategy: type: RollingUpdate maxUnavailable: 1 maxSurge: 1 + +################################################################# +# soHelper part +################################################################# +soHelpers: + nameOverride: so-catalogdb-cert-init + certInitializer: + nameOverride: so-catalogdb-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.catalogDbAdapterPerm + containerPort: *containerPort + # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) diff --git a/kubernetes/so/components/so-cnf-adapter/Chart.yaml b/kubernetes/so/components/so-cnf-adapter/Chart.yaml new file mode 100755 index 0000000000..4b507c105a --- /dev/null +++ b/kubernetes/so/components/so-cnf-adapter/Chart.yaml @@ -0,0 +1,20 @@ +# Copyright © 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +appVersion: "1.7.1" +description: A Helm chart for Kubernetes +name: so-cnf-adapter +version: 6.0.0 + diff --git a/kubernetes/so/components/so-cnf-adapter/requirements.yaml b/kubernetes/so/components/so-cnf-adapter/requirements.yaml new file mode 100755 index 0000000000..ecba826c68 --- /dev/null +++ b/kubernetes/so/components/so-cnf-adapter/requirements.yaml @@ -0,0 +1,28 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' + diff --git a/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml new file mode 100755 index 0000000000..c513589100 --- /dev/null +++ b/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml @@ -0,0 +1,50 @@ +{{/* +# Copyright © 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +aai: + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.server.aai.auth ) }} + endpoint: https://aai.{{ include "common.namespace" . }}:8443 +logging: + path: logs +spring: + security: + usercredentials: + - username: ${ACTUATOR_USERNAME} + password: ${ACTUATOR_PASSWORD} + role: ACTUATOR +server: + port: {{ index .Values.containerPort }} + tomcat: + max-threads: 50 +mso: + site-name: localSite + logPath: ./logs/cnf + msb-ip: msb-iag.{{ include "common.namespace" . }} + msb-port: 80 +#Actuator +management: + endpoints: + web: + base-path: /manage + exposure: + include: "*" + metrics: + se-global-registry: false + export: + prometheus: + enabled: true # Whether exporting of metrics to Prometheus is enabled. + step: 1m # Step size (i.e. reporting frequency) to use. + diff --git a/kubernetes/so/components/so-cnf-adapter/templates/configmap.yaml b/kubernetes/so/components/so-cnf-adapter/templates/configmap.yaml new file mode 100755 index 0000000000..c5ebec0b15 --- /dev/null +++ b/kubernetes/so/components/so-cnf-adapter/templates/configmap.yaml @@ -0,0 +1,30 @@ +{{/* +# Copyright © 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "env") | nindent 2 }} +data: + LOG_PATH: {{ index .Values.logPath }} + APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +data: +{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} + diff --git a/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml new file mode 100755 index 0000000000..3c131321f3 --- /dev/null +++ b/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml @@ -0,0 +1,132 @@ +{{/* +# Copyright © 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ index .Values.replicaCount }} + minReadySeconds: {{ index .Values.minReadySeconds }} + strategy: + type: {{ index .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ index .Values.updateStrategy.maxSurge }} + template: + metadata: + labels: {{- include "common.labels" . | nindent 8 }} + spec: + initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }} + - name: {{ include "common.name" . }}-encrypter + command: + - sh + args: + - -c + - | + java Crypto "${AAI_USERNAME}:${AAI_PASSWORD}" "${MSO_KEY}" > /output/.aai_creds + env: + - name: AAI_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aai-creds" "key" "login") | indent 14 }} + - name: AAI_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aai-creds" "key" "password") | indent 14 }} + - name: MSO_KEY + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cnf-adapter-mso-key" "key" "password") | indent 14 }} + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.global.soCryptoImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: encoder + mountPath: /output + - name: {{ include "common.name" . }}-readiness + command: + - /app/ready.py + args: + - --job-name + - {{ include "common.release" . }}-so-mariadb-config-job + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + command: + - sh + args: + - -c + - | + export AAF_BASE64=$(echo -n "${AAF_USERNAME}:${AAF_PASSWORD}" | base64) + export AAF_AUTH=$(echo "Basic ${AAF_BASE64}") + export AAI_AUTH=$(cat /input/.aai_creds) + {{- if .Values.global.aafEnabled }} + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password}" + {{- end }} + {{- end }} + ./start-app.sh + resources: {{ include "common.resources" . | nindent 12 }} + ports: {{- include "common.containerPorts" . | nindent 12 }} + env: + - name: AAF_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aaf-creds" "key" "login") | indent 14 }} + - name: AAF_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aaf-creds" "key" "password") | indent 14 }} + - name: ACTUATOR_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }} + - name: ACTUATOR_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }} + {{ include "so.certificates.env" . | indent 12 | trim }} + envFrom: + - configMapRef: + name: {{ include "common.fullname" . }}-env + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }} + - name: logs + mountPath: /app/logs + - name: config + mountPath: /app/config + readOnly: true + readOnly: true + - name: encoder + mountPath: /input + livenessProbe: + httpGet: + path: {{ index .Values.livenessProbe.path}} + port: {{ index .Values.containerPort }} + scheme: {{ index .Values.livenessProbe.scheme}} + initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} + periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} + timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} + successThreshold: {{ index .Values.livenessProbe.successThreshold}} + failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} + volumes: {{ include "so.certificate.volumes" . | nindent 8 }} + - name: logs + emptyDir: {} + - name: config + configMap: + name: {{ include "common.fullname" . }} + - name: encoder + emptyDir: + medium: Memory + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" + diff --git a/kubernetes/so/components/so-cnf-adapter/templates/secret.yaml b/kubernetes/so/components/so-cnf-adapter/templates/secret.yaml new file mode 100644 index 0000000000..dfeae804be --- /dev/null +++ b/kubernetes/so/components/so-cnf-adapter/templates/secret.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} + diff --git a/kubernetes/so/components/so-cnf-adapter/templates/service.yaml b/kubernetes/so/components/so-cnf-adapter/templates/service.yaml new file mode 100755 index 0000000000..0c34660a0e --- /dev/null +++ b/kubernetes/so/components/so-cnf-adapter/templates/service.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.service" . }} + diff --git a/kubernetes/so/components/so-cnf-adapter/values.yaml b/kubernetes/so/components/so-cnf-adapter/values.yaml new file mode 100755 index 0000000000..0fdd4f2edf --- /dev/null +++ b/kubernetes/so/components/so-cnf-adapter/values.yaml @@ -0,0 +1,161 @@ +# Copyright © 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + soCryptoImage: sdesbure/so_crypto:latest + persistence: + mountPath: /dockerdata-nfs + security: + aaf: + enabled: false + aaf: + auth: + header: ${AAF_AUTH} +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + - uid: server-actuator-creds + name: '{{ include "common.release" . }}-so-cnf-actuator-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}' + login: '{{ .Values.server.actuator.username }}' + password: '{{ .Values.server.actuator.password }}' + passwordPolicy: required + - uid: so-aaf-creds + name: '{{ include "common.release" . }}-so-cnf-aaf-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.server.aafCredsExternalSecret) . }}' + login: '{{ .Values.server.aaf.username }}' + password: '{{ .Values.server.aaf.password }}' + passwordPolicy: required + - uid: so-aai-creds + name: '{{ include "common.release" . }}-so-cnf-aai-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.server.aaiCredsExternalSecret) . }}' + login: '{{ .Values.server.aai.username }}' + password: '{{ .Values.server.aai.password }}' + passwordPolicy: required + - uid: cnf-adapter-mso-key + name: '{{ include "common.release" . }}-so-cnf-mso-key' + type: password + externalSecret: '{{ tpl (default "" .Values.mso.msoKeySecret) . }}' + password: '{{ .Values.mso.msoKey }}' +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' +################################################################# +# Application configuration defaults. +################################################################# +image: onap/so/mso-cnf-adapter:1.7.1 +pullPolicy: Always +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret +server: + aaf: + username: so@so.onap.org + password: demo123456 + # aafCredsExternalSecret: some secret + aai: + username: aai@aai.onap.org + password: demo123456! + auth: ${AAI_AUTH} + # aaiCredsExternalSecret: some secret + actuator: + username: mso_admin + password: password1$ + # actuatorCredsExternalSecret: some secret +mso: + msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + # msoKeySecret: some secret + adapters: + requestDb: + auth: ${REQUEST_AUTH} +replicaCount: 1 +minReadySeconds: 10 +containerPort: &containerPort 8090 +logPath: ./logs/cnf/ +app: cnf-adapter +service: + type: ClusterIP + ports: + - name: http-api + port: *containerPort +updateStrategy: + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 +soHelpers: + nameOverride: so-cnf-cert-init + certInitializer: + nameOverride: so-cnf-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.openStackAdapterPerm + containerPort: *containerPort +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + memory: 4Gi + cpu: 2000m + requests: + memory: 1Gi + cpu: 500m + large: + limits: + memory: 8Gi + cpu: 4000m + requests: + memory: 2Gi + cpu: 1000m + unlimited: {} +livenessProbe: + path: /manage/health + port: 8090 + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +ingress: + enabled: false +nodeSelector: {} +tolerations: [] +affinity: {} + diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/Chart.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/Chart.yaml new file mode 100644 index 0000000000..c4fb9a49d5 --- /dev/null +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP SO ETSI NFVO NS LCM +name: so-etsi-nfvo-ns-lcm +version: 6.0.0 diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/requirements.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/requirements.yaml new file mode 100755 index 0000000000..d25c12c663 --- /dev/null +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/requirements.yaml @@ -0,0 +1,26 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml new file mode 100644 index 0000000000..20a4284c67 --- /dev/null +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml @@ -0,0 +1,72 @@ +{{/* +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +aai: + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}} + version: v19 + endpoint: https://aai.{{ include "common.namespace" . }}:8443 +spring: + datasource: + hikari: + camunda: + jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/camundabpmn + username: ${DB_USERNAME} + password: ${DB_PASSWORD} + driver-class-name: org.mariadb.jdbc.Driver + pool-name: bpmn-pool + registerMbeans: true + nfvo: + jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/nfvo + username: ${DB_ADMIN_USERNAME} + password: ${DB_ADMIN_PASSWORD} + driver-class-name: org.mariadb.jdbc.Driver + pool-name: nfvo-pool + registerMbeans: true + security: + usercredentials: + - username: ${ETSI_NFVO_USERNAME} + password: ${ETSI_NFVO_PASSWORD} + role: ETSI-NFVO-Client +server: + port: {{ .Values.containerPort }} + tomcat: + max-threads: 50 +mso: + key: {{ .Values.mso.key }} +so: + adapters: + sol003-adapter: + url: http://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1 + auth: {{ .Values.so.sol003.adapter.auth }} +etsi-catalog-manager: + base: + {{- if .Values.global.msbEnabled }} + endpoint: https://msb-iag:443/api + http: + client: + ssl: + trust-store: file:${TRUSTSTORE} + trust-store-password: ${TRUSTSTORE_PASSWORD} + {{- else }} + endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api + {{- end }} +camunda: + bpm: + history-level: full + job-execution: + max-pool-size: 30 + core-pool-size: 3 + deployment-aware: true diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/configmap.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/configmap.yaml new file mode 100644 index 0000000000..add9a02cf6 --- /dev/null +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/configmap.yaml @@ -0,0 +1,43 @@ +{{/* +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: + LOG_PATH: {{ index .Values.logPath }} + APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-app-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml new file mode 100644 index 0000000000..2cf23e23be --- /dev/null +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml @@ -0,0 +1,94 @@ +{{/* +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ index .Values.replicaCount }} + minReadySeconds: {{ index .Values.minReadySeconds }} + strategy: + type: {{ index .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ index .Values.updateStrategy.maxSurge }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }} + containers: + - name: {{ include "common.name" . }} + command: + - sh + args: + - -c + - | + export ETSI_NFVO_PASSWORD=`htpasswd -bnBC 10 "" $ETSI_NFVO_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'` + {{- if .Values.global.aafEnabled }} + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" + {{- end }} + {{- end }} + ./start-app.sh + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + env: + - name: ETSI_NFVO_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "login") | indent 14 }} + - name: ETSI_NFVO_PASSWORD_INPUT + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "password") | indent 14 }} + - name: DB_HOST + value: {{ include "common.mariadbService" . }} + - name: DB_PORT + value: {{ include "common.mariadbPort" . | quote }} + - name: DB_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 14 }} + - name: DB_ADMIN_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 14 }} + - name: DB_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 14 }} + {{ include "so.certificates.env" . | indent 12 | trim }} + envFrom: + - configMapRef: + name: {{ include "common.fullname" . }}-configmap + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }} + - name: logs + mountPath: /app/logs + - name: config + mountPath: /app/config + readOnly: true + livenessProbe: + tcpSocket: + port: {{ index .Values.livenessProbe.port }} + initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} + periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} + successThreshold: {{ index .Values.livenessProbe.successThreshold}} + failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} + ports: {{ include "common.containerPorts" . | nindent 12 }} + volumes: {{ include "so.certificate.volumes" . | nindent 8 }} + - name: logs + emptyDir: {} + - name: config + configMap: + name: {{ include "common.fullname" . }}-app-configmap + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/ingress.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/ingress.yaml index 0cd8cfbd36..56e02b30b0 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/templates/ingress.yaml +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/ingress.yaml @@ -1,4 +1,5 @@ -# Copyright © 2020 Samsung, Orange +{{/* +# Copyright © 2020 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.ingress" . }} diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/secret.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/secret.yaml new file mode 100644 index 0000000000..1b9306e883 --- /dev/null +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/service.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/service.yaml new file mode 100644 index 0000000000..4e6428b2ef --- /dev/null +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/service.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.service" . }} diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml new file mode 100644 index 0000000000..f5ad18faf6 --- /dev/null +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml @@ -0,0 +1,163 @@ +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefixExt: 304 + persistence: + mountPath: /dockerdata-nfs + security: + aaf: + enabled: false + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + mariadbGalera: + serviceName: mariadb-galera + servicePort: '3306' + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: etsi-nfvo-nslcm-creds + name: '{{ include "common.release" . }}-so-etsi-nfvo-nslcm-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.etsi.nfvo.nslcm.credsExternalSecret) . }}' + login: '{{ .Values.etsi.nfvo.nslcm.username }}' + password: '{{ .Values.etsi.nfvo.nslcm.password }}' + - uid: db-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + +################################################################# +# Application configuration defaults. +################################################################# +image: onap/so/so-etsi-nfvo-ns-lcm:1.7.7 +pullPolicy: Always + +aai: + auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret +etsi: + nfvo: + nslcm: + username: so-etsi-nfvo-ns-lcm +mso: + key: 07a7159d3bf51a0e53be7a8f89699be7 +so: + sol003: + adapter: + auth: Basic dm5mbTpwYXNzd29yZDEk + +replicaCount: 1 +minReadySeconds: 10 +containerPort: &containerPort 9095 +logPath: ./logs/so-etsi-nfvo-ns-lcm/ +app: so-etsi-nfvo-ns-lcm +service: + type: ClusterIP + name: so-etsi-nfvo-ns-lcm + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true' + msb.onap.org/service-info: | + {{ if .Values.global.msbEnabled -}}[ + { + "serviceName": "{{ include "common.servicename" . }}", + "version": "v1", + "url": "/so/so-etsi-nfvo-ns-lcm/v1", + "protocol": "REST", + "port": "{{ include "common.getPort" (dict "global" . "name" "http-api") }}", + "visualRange":"1" + } + ]{{ end }} + ports: + - name: http-api + port: *containerPort +updateStrategy: + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 + +################################################################# +# soHelpers part +################################################################# +soHelpers: + nameOverride: so-nfvo-cert-init + certInitializer: + nameOverride: so-nfvo-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.nfvoAdapterPerm + containerPort: *containerPort + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + memory: 4Gi + cpu: 2000m + requests: + memory: 1Gi + cpu: 500m + large: + limits: + memory: 8Gi + cpu: 4000m + requests: + memory: 2Gi + cpu: 1000m + unlimited: {} + +livenessProbe: + port: 9095 + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + +ingress: + enabled: false + service: + - baseaddr: 'soetsinfvonslcm' + name: 'so-etsi-nfvo-ns-lcm' + port: 9095 + config: + ssl: 'redirect' + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/kubernetes/so/charts/so-mariadb/Chart.yaml b/kubernetes/so/components/so-mariadb/Chart.yaml index 2c6f0278b0..2c6f0278b0 100755 --- a/kubernetes/so/charts/so-mariadb/Chart.yaml +++ b/kubernetes/so/components/so-mariadb/Chart.yaml diff --git a/kubernetes/so/components/so-mariadb/requirements.yaml b/kubernetes/so/components/so-mariadb/requirements.yaml new file mode 100755 index 0000000000..0dfef90cff --- /dev/null +++ b/kubernetes/so/components/so-mariadb/requirements.yaml @@ -0,0 +1,26 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' + - name: readinessCheck + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh index 08adb4a407..72963d9efc 100755 --- a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh +++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh @@ -1,4 +1,5 @@ #!/bin/sh +{{/* # # ============LICENSE_START========================================== # =================================================================== @@ -20,6 +21,7 @@ # ECOMP and OpenECOMP are trademarks # and service marks of AT&T Intellectual Property. # +*/}} echo "Creating camundabpmn database . . ." 1>/tmp/mariadb-camundabpmn.log 2>&1 diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/02-create-requestdb.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/02-create-requestdb.sh index 0f404466ca..4c2d668af7 100755 --- a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/02-create-requestdb.sh +++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/02-create-requestdb.sh @@ -1,4 +1,5 @@ #!/bin/sh +{{/* # # ============LICENSE_START========================================== # =================================================================== @@ -20,6 +21,7 @@ # ECOMP and OpenECOMP are trademarks # and service marks of AT&T Intellectual Property. # +*/}} echo "Creating requestdb database . . ." 1>/tmp/mariadb-requestdb.log 2>&1 diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/03-create-catalogdb.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/03-create-catalogdb.sh index 3115ec6199..dd374d440b 100755 --- a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/03-create-catalogdb.sh +++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/03-create-catalogdb.sh @@ -1,4 +1,5 @@ #!/bin/sh +{{/* # # ============LICENSE_START========================================== # =================================================================== @@ -20,6 +21,7 @@ # ECOMP and OpenECOMP are trademarks # and service marks of AT&T Intellectual Property. # +*/}} echo "Creating catalogdb database . . ." 1>/tmp/mariadb-catalogdb.log 2>&1 diff --git a/kubernetes/policy/charts/drools/resources/configmaps/status.post.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/04-create-nfvo-db.sh index e2d7381689..db6fd22eaf 100644..100755 --- a/kubernetes/policy/charts/drools/resources/configmaps/status.post.sh +++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/04-create-nfvo-db.sh @@ -1,8 +1,7 @@ -#!/bin/bash +#!/bin/sh +{{/* # ============LICENSE_START======================================================= -# ONAP -# ================================================================================ -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2020 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,6 +14,26 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +*/}} + +echo "Creating nfvo database . . ." 1>/tmp/mariadb-nfvodb.log 2>&1 + +prepare_password() +{ + echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g" +} + +NFVO_DB_PASSWORD=`prepare_password $NFVO_DB_PASSWORD` + +mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1 +CREATE DATABASE /*!32312 IF NOT EXISTS*/ nfvo /*!40100 DEFAULT CHARACTER SET latin1 */; +DROP USER IF EXISTS '${NFVO_DB_USER}'; +CREATE USER '${NFVO_DB_USER}'; +GRANT ALL on nfvo.* to '${NFVO_DB_USER}' identified by '${NFVO_DB_PASSWORD}' with GRANT OPTION; +FLUSH PRIVILEGES; +EOF -policy status +echo "Created nfvo database . . ." 1>>/tmp/mariadb-nfvodb.log 2>&1 diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/04-create-so-user.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh index c4048002cf..7b88055078 100755 --- a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/04-create-so-user.sh +++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh @@ -1,4 +1,5 @@ #!/bin/sh +{{/* # # ============LICENSE_START========================================== # =================================================================== @@ -20,9 +21,17 @@ # ECOMP and OpenECOMP are trademarks # and service marks of AT&T Intellectual Property. # +*/}} echo "Creating so user . . ." 1>/tmp/mariadb-so-user.log 2>&1 +prepare_password() +{ + echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g" +} + +DB_PASSWORD=`prepare_password $DB_PASSWORD` + mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1 DROP USER IF EXISTS '${DB_USER}'; CREATE USER '${DB_USER}'; @@ -30,6 +39,7 @@ GRANT USAGE ON *.* TO '${DB_USER}'@'%' IDENTIFIED BY '${DB_PASSWORD}'; GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON requestdb.* TO '${DB_USER}'@'%'; GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON catalogdb.* TO '${DB_USER}'@'%'; GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON camundabpmn.* TO '${DB_USER}'@'%'; +GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON nfvo.* TO '${DB_USER}'@'%'; FLUSH PRIVILEGES; EOF diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/05-create-so-admin.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh index e9d7c6fefa..5296748c50 100755 --- a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/05-create-so-admin.sh +++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh @@ -1,4 +1,5 @@ #!/bin/sh +{{/* # # ============LICENSE_START========================================== # =================================================================== @@ -20,9 +21,17 @@ # ECOMP and OpenECOMP are trademarks # and service marks of AT&T Intellectual Property. # +*/}} echo "Creating so admin user . . ." 1>/tmp/mariadb-so-admin.log 2>&1 +prepare_password() +{ + echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g" +} + +DB_ADMIN_PASSWORD=`prepare_password $DB_ADMIN_PASSWORD` + mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1 DROP USER IF EXISTS '${DB_ADMIN}'; CREATE USER '${DB_ADMIN}'; @@ -30,6 +39,7 @@ GRANT USAGE ON *.* TO '${DB_ADMIN}'@'%' IDENTIFIED BY '${DB_ADMIN_PASSWORD}'; GRANT ALL PRIVILEGES ON camundabpmn.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION; GRANT ALL PRIVILEGES ON requestdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION; GRANT ALL PRIVILEGES ON catalogdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION; +GRANT ALL PRIVILEGES ON nfvo.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION; FLUSH PRIVILEGES; EOF diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.10.0.sql b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.10.0.sql index 41377fb9eb..41377fb9eb 100644 --- a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.10.0.sql +++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.10.0.sql diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_identity_7.10.0.sql b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_identity_7.10.0.sql index 35cb979781..35cb979781 100644 --- a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_identity_7.10.0.sql +++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_identity_7.10.0.sql diff --git a/kubernetes/so/charts/so-mariadb/templates/configmap.yaml b/kubernetes/so/components/so-mariadb/templates/configmap.yaml index 842e562fd7..98fc2796f3 100644 --- a/kubernetes/so/charts/so-mariadb/templates/configmap.yaml +++ b/kubernetes/so/components/so-mariadb/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright 2018 © Samsung Electronics Co., Ltd. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/so/charts/so-mariadb/templates/job.yaml b/kubernetes/so/components/so-mariadb/templates/job.yaml index ec589ea33e..0eeba7b61a 100644 --- a/kubernetes/so/charts/so-mariadb/templates/job.yaml +++ b/kubernetes/so/components/so-mariadb/templates/job.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.global.migration.enabled }} apiVersion: batch/v1 kind: Job @@ -37,7 +39,7 @@ spec: spec: containers: - name: {{ include "common.fullname" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: DB_HOST @@ -51,7 +53,7 @@ spec: command: - /bin/bash - -c - - mysqldump -vv --user=${DB_USER} --password=${DB_PASS} --host=${DB_HOST} --port=${DB_PORT} --databases --single-transaction --quick --lock-tables=false catalogdb requestdb > /var/data/mariadb/backup-`date +%s`.sql + - mysqldump -vv --user=${DB_USER} --password=${DB_PASS} --host=${DB_HOST} --port=${DB_PORT} --databases --single-transaction --quick --lock-tables=false catalogdb requestdb nfvo > /var/data/mariadb/backup-`date +%s`.sql volumeMounts: - mountPath: /etc/localtime name: localtime @@ -93,24 +95,10 @@ spec: release: {{ include "common.release" . }} name: {{ include "common.name" . }} spec: - initContainers: - - name: {{ include "common.name" . }}-readiness - command: - - /root/ready.py - args: - - --container-name - - {{ .Values.global.mariadbGalera.nameOverride }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }} containers: - - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + - name: {{ include "common.name" . }}-config + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /bin/bash @@ -125,15 +113,9 @@ spec: {{- end }} env: - name: DB_HOST - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.host + value: {{ include "common.mariadbService" . }} - name: DB_PORT - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.port + value: {{ include "common.mariadbPort" . | quote }} - name: MYSQL_ROOT_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 10 }} - name: DB_USER @@ -156,6 +138,10 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "login") | indent 10 }} - name: CATALOG_DB_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "password") | indent 10 }} + - name: NFVO_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nfvo-db-creds" "key" "login") | indent 10 }} + - name: NFVO_DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nfvo-db-creds" "key" "password") | indent 10 }} volumeMounts: - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/so/charts/so-mariadb/templates/pv.yaml b/kubernetes/so/components/so-mariadb/templates/pv.yaml index 7d81805cda..7d81805cda 100644 --- a/kubernetes/so/charts/so-mariadb/templates/pv.yaml +++ b/kubernetes/so/components/so-mariadb/templates/pv.yaml diff --git a/kubernetes/so/charts/so-mariadb/templates/pvc.yaml b/kubernetes/so/components/so-mariadb/templates/pvc.yaml index ad10f18f16..ad10f18f16 100644 --- a/kubernetes/so/charts/so-mariadb/templates/pvc.yaml +++ b/kubernetes/so/components/so-mariadb/templates/pvc.yaml diff --git a/kubernetes/so/charts/so-mariadb/templates/secrets.yaml b/kubernetes/so/components/so-mariadb/templates/secrets.yaml index 7c7d4f9fe5..53d72faf39 100644 --- a/kubernetes/so/charts/so-mariadb/templates/secrets.yaml +++ b/kubernetes/so/components/so-mariadb/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Copyright © 2020 Samsung Electronics # @@ -12,5 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-mariadb/values.yaml b/kubernetes/so/components/so-mariadb/values.yaml index 5e7b2fef76..2dfd5b831f 100755 --- a/kubernetes/so/charts/so-mariadb/values.yaml +++ b/kubernetes/so/components/so-mariadb/values.yaml @@ -21,9 +21,22 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - ubuntuInitRepository: registry.hub.docker.com + readinessImage: onap/oom/readiness:3.0.1 + ubuntuInitRepository: docker.io + mariadbGalera: + nameOverride: &mariadbName mariadb-galera + serviceName: mariadb-galera + servicePort: "3306" + migration: + enabled: false + dbHost: mariadb-galera + dbPort: 3306 + dbUser: root + dbPassword: secretpassword + +readinessCheck: + wait_for: + - *mariadbName ################################################################# # Secrets metaconfig @@ -71,8 +84,11 @@ secrets: externalSecret: '{{ tpl (default "" .Values.db.catalog.dbCredsExternalSecret) . }}' login: '{{ .Values.db.catalog.userName }}' password: '{{ .Values.db.catalog.password }}' - - + - uid: nfvo-db-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.nfvo.dbCredsExternalSecret) . }}' + login: '{{ .Values.db.nfvo.userName }}' + password: '{{ .Values.db.nfvo.password }}' ################################################################# # Application configuration defaults. @@ -108,6 +124,9 @@ db: userName: cataloguser password: catalog123 # dbCredsExternalSecret: some secret + nfvo: + userName: nfvouser + # dbCredsExternalSecret: some secret # application configuration config: diff --git a/kubernetes/so/charts/so-monitoring/Chart.yaml b/kubernetes/so/components/so-monitoring/Chart.yaml index ede67ab54f..ede67ab54f 100644 --- a/kubernetes/so/charts/so-monitoring/Chart.yaml +++ b/kubernetes/so/components/so-monitoring/Chart.yaml diff --git a/kubernetes/so/components/so-monitoring/requirements.yaml b/kubernetes/so/components/so-monitoring/requirements.yaml new file mode 100755 index 0000000000..b9be601082 --- /dev/null +++ b/kubernetes/so/components/so-monitoring/requirements.yaml @@ -0,0 +1,27 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/components/so-monitoring/resources/config/overrides/override.yaml b/kubernetes/so/components/so-monitoring/resources/config/overrides/override.yaml new file mode 100644 index 0000000000..cf54fa43f8 --- /dev/null +++ b/kubernetes/so/components/so-monitoring/resources/config/overrides/override.yaml @@ -0,0 +1,35 @@ +server: + port: {{ index .Values.containerPort }} + {{- if .Values.global.aafEnabled }} + ssl: + keyStore: ${KEYSTORE} + keyStorePassword: ${KEYSTORE_PASSWORD} + trustStore: ${TRUSTSTORE} + trustStorePassword: ${TRUSTSTORE_PASSWORD} + {{- end }} + tomcat: + max-threads: 50 + {{- if not .Values.global.aafEnabled }} +ssl-enable: false + {{- end }} +camunda: + rest: + api: + url: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine/engine/ + engine: default + auth: Basic YXBpaEJwbW46cGFzc3dvcmQxJA== +mso: + database: + rest: + api: + url: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/infraActiveRequests/ + auth: Basic YnBlbDpwYXNzd29yZDEk +spring: + main: + allow-bean-definition-overriding: true + security: + usercredentials: + - + username: ${SO_MONITORING_USERNAME} + password: ${SO_MONITORING_PASSWORD} + role: GUI-Client diff --git a/kubernetes/so/charts/so-monitoring/templates/configmap.yaml b/kubernetes/so/components/so-monitoring/templates/configmap.yaml index a6d8b469f8..fb52e598ca 100644 --- a/kubernetes/so/charts/so-monitoring/templates/configmap.yaml +++ b/kubernetes/so/components/so-monitoring/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. # ================================================================================ @@ -16,6 +17,7 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= # @author: gareth.roper@ericsson.com +*/}} apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} diff --git a/kubernetes/so/charts/so-monitoring/templates/deployment.yaml b/kubernetes/so/components/so-monitoring/templates/deployment.yaml index 82ca53dcf8..dc80d426fc 100644 --- a/kubernetes/so/charts/so-monitoring/templates/deployment.yaml +++ b/kubernetes/so/components/so-monitoring/templates/deployment.yaml @@ -1,5 +1,7 @@ +{{/* # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 Nokia # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,6 +18,7 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= # @author: gareth.roper@ericsson.com +*/}} apiVersion: apps/v1 kind: Deployment metadata: @@ -44,7 +47,7 @@ spec: spec: initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - name: so-chown - image: alpine:3.6 + image: {{ include "repositoryGenerator.image.busybox" . }} volumeMounts: - name: logs mountPath: /app/logs @@ -53,20 +56,28 @@ spec: restartPolicy: Always containers: - name: {{ include "common.name" . }} - image: {{ include "common.repository" . }}/{{ .Values.image }} - resources: -{{ include "common.resources" . | indent 12 }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + command: + - /bin/sh + args: + - -c + - | + export SO_MONITORING_PASSWORD=`htpasswd -bnBC 10 "" $SO_MON_PASS | tr -d ':\n' | sed 's/\$2y/\$2a/'` + {{- if .Values.global.aafEnabled }} + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.cred.props | xargs -0) + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export KEYSTORE=file://$cadi_keystore + export KEYSTORE_PASSWORD=$cadi_keystore_password_p12 + export TRUSTSTORE=file://$cadi_truststore + export TRUSTSTORE_PASSWORD=$cadi_truststore_password + {{- end }} + /app/start-app.sh env: - name: DB_HOST - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.host + value: {{ include "common.mariadbService" . }} - name: DB_PORT - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.port + value: {{ include "common.mariadbPort" . | quote }} - name: DB_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD @@ -75,11 +86,16 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} + - name: SO_MONITORING_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 10 }} + - name: SO_MON_PASS + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 10 }} + envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config diff --git a/kubernetes/sdc/charts/sdc-fe/templates/ingress.yaml b/kubernetes/so/components/so-monitoring/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/sdc/charts/sdc-fe/templates/ingress.yaml +++ b/kubernetes/so/components/so-monitoring/templates/ingress.yaml diff --git a/kubernetes/so/components/so-monitoring/templates/secret.yaml b/kubernetes/so/components/so-monitoring/templates/secret.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/so/components/so-monitoring/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-monitoring/templates/service.yaml b/kubernetes/so/components/so-monitoring/templates/service.yaml index c4c2ae9d13..c4439784ca 100644 --- a/kubernetes/so/charts/so-monitoring/templates/service.yaml +++ b/kubernetes/so/components/so-monitoring/templates/service.yaml @@ -1,5 +1,7 @@ +{{/* # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications © 2020 Nokia # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,6 +18,7 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= # @author: gareth.roper@ericsson.com +*/}} apiVersion: v1 kind: Service metadata: @@ -27,9 +30,13 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: + {{if .Values.global.aafEnabled -}} type: {{ .Values.service.type }} + {{- else -}} + type: ClusterIP + {{- end }} ports: - {{if eq .Values.service.type "NodePort" -}} + {{if and (eq .Values.service.type "NodePort") (.Values.global.aafEnabled) -}} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} name: {{ .Values.service.portName }} diff --git a/kubernetes/so/charts/so-monitoring/values.yaml b/kubernetes/so/components/so-monitoring/values.yaml index 27fba13521..31ad9d072c 100644 --- a/kubernetes/so/charts/so-monitoring/values.yaml +++ b/kubernetes/so/components/so-monitoring/values.yaml @@ -1,5 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. +# Copyright (C) 2020 Huawei +# Modifications Copyright © 2020 Nokia # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,10 +25,21 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 + readinessImage: onap/oom/readiness:3.0.1 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + envsubstImage: dibi/envsubst + aafEnabled: true persistence: mountPath: /dockerdata-nfs + security: + aaf: + enabled: true + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + mariadbGalera: + serviceName: mariadb-galera + servicePort: '3306' ################################################################# # Secrets metaconfig @@ -44,10 +57,11 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required - - uid: "so-onap-certs" - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' + - uid: app-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.server.monitoring.soMonitoringCredsExternalSecret) . }}' + login: '{{ .Values.server.monitoring.username }}' + password: '{{ .Values.server.monitoring.password }}' #secretsFilePaths: | # - 'my file 1' @@ -57,7 +71,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/so-monitoring:1.6.4 +image: onap/so/so-monitoring:1.7.7 pullPolicy: Always db: @@ -70,15 +84,34 @@ db: replicaCount: 1 minReadySeconds: 10 -containerPort: 9091 +containerPort: &containerPort 9091 logPath: app/logs/ app: so-monitoring + +################################################################# +# soHelpers part +################################################################# +soHelpers: + nameOverride: so-monitoring-cert-init + certInitializer: + nameOverride: so-monitoring-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.monitoringPerm + containerPort: *containerPort + +server: + monitoring: + username: demo + # password: demo123456! + # soMonitoringCredsExternalSecret: some secret + service: #Since this is a feature for monitoring the service type is changed to internal, users can change it to NodePort on need basis... - type: ClusterIP + type: NodePort nodePort: 24 - internalPort: 9091 - externalPort: 9091 + internalPort: *containerPort + externalPort: *containerPort portName: so-monitor-port updateStrategy: type: RollingUpdate diff --git a/kubernetes/so/charts/so-nssmf-adapter/Chart.yaml b/kubernetes/so/components/so-nssmf-adapter/Chart.yaml index b3311d1c8c..b3311d1c8c 100755 --- a/kubernetes/so/charts/so-nssmf-adapter/Chart.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/Chart.yaml diff --git a/kubernetes/so/components/so-nssmf-adapter/requirements.yaml b/kubernetes/so/components/so-nssmf-adapter/requirements.yaml new file mode 100755 index 0000000000..82296bee1d --- /dev/null +++ b/kubernetes/so/components/so-nssmf-adapter/requirements.yaml @@ -0,0 +1,29 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: readinessCheck + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/charts/so-nssmf-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-nssmf-adapter/resources/config/overrides/override.yaml index 10741b75e7..eaa26637e6 100755 --- a/kubernetes/so/charts/so-nssmf-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/resources/config/overrides/override.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Huawei Technologies Co., Ltd. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,8 +12,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} aai: - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}} endpoint: https://aai.{{ include "common.namespace" . }}:8443 logging: path: logs @@ -50,7 +52,7 @@ mso: adapters: requestDb: endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083 - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} #Actuator management: endpoints: diff --git a/kubernetes/so/charts/so-nssmf-adapter/templates/configmap.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/configmap.yaml index 85d00fddf3..03a3df4163 100755 --- a/kubernetes/so/charts/so-nssmf-adapter/templates/configmap.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Huawei Technologies Co., Ltd. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,13 +12,14 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "env") | nindent 2 }} data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} --- apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/so/charts/so-nssmf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml index 8d1eaf8ea4..75d831eba6 100755 --- a/kubernetes/so/charts/so-nssmf-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Huawei Technologies Co., Ltd. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment metadata: {{- include "common.resourceMetadata" . | nindent 2 }} @@ -27,42 +29,34 @@ spec: metadata: labels: {{- include "common.labels" . | nindent 8 }} spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }} - - name: {{ include "common.name" . }}-readiness - command: - - /root/job_complete.py - args: - - --job-name - - {{ include "common.release" . }}-so-mariadb-config-job - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + initContainers: + {{ include "so.certificate.container_importer" . | indent 6 | trim }} + {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} command: - sh args: - -c - - export BPEL_PASSWORD=`htpasswd -bnBC 10 "" $BPEL_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`; export ACTUATOR_PASSWORD=`htpasswd -bnBC 10 "" $ACTUATOR_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`; ./start-app.sh - image: {{ include "common.repository" . }}/{{ .Values.image }} + - | + export BPEL_PASSWORD=`htpasswd -bnBC 10 "" $BPEL_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'` + export ACTUATOR_PASSWORD=`htpasswd -bnBC 10 "" $ACTUATOR_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'` + {{- if .Values.global.aafEnabled }} + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" + {{- end }} + {{- end }} + ./start-app.sh + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} resources: {{ include "common.resources" . | nindent 12 }} ports: {{- include "common.containerPorts" . | nindent 12 }} env: - name: DB_HOST - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.host + value: {{ include "common.mariadbService" . }} - name: DB_PORT - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.port + value: {{ include "common.mariadbPort" . | quote }} - name: DB_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }} - name: DB_PASSWORD @@ -71,13 +65,6 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 14 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 14 }} - - name: TRUSTSTORE - value: {{ .Values.global.client.certs.truststore }} - - name: TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: trustStorePassword - name: BPEL_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-bpel-creds" "key" "login") | indent 14 }} - name: BPEL_PASSWORD_INPUT @@ -86,28 +73,17 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }} - name: ACTUATOR_PASSWORD_INPUT {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }} - {{- if eq .Values.global.security.aaf.enabled true }} - - name: KEYSTORE - value: {{ .Values.global.client.certs.keystore }} - - name: KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: keyStorePassword - {{- end }} + {{ include "so.certificates.env" . | nindent 12 }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-env imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 12 }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }} - name: logs mountPath: /app/logs - name: config mountPath: /app/config readOnly: true - - name: {{ include "common.fullname" . }}-truststore - mountPath: /app/client - readOnly: true livenessProbe: httpGet: path: {{ index .Values.livenessProbe.path}} @@ -124,8 +100,5 @@ spec: - name: config configMap: name: {{ include "common.fullname" . }} - - name: {{ include "common.fullname" . }}-truststore - secret: - secretName: {{ include "common.release" . }}-so-truststore-secret imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/charts/so-nssmf-adapter/templates/secret.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/secret.yaml index a39363ffdd..cc40499c76 100644 --- a/kubernetes/so/charts/so-nssmf-adapter/templates/secret.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/templates/secret.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Huawei Technologies Co., Ltd. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-nssmf-adapter/templates/service.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/service.yaml index cf08482ad2..665601d832 100755 --- a/kubernetes/so/charts/so-nssmf-adapter/templates/service.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Huawei Technologies Co., Ltd. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.service" . }} diff --git a/kubernetes/so/charts/so-nssmf-adapter/values.yaml b/kubernetes/so/components/so-nssmf-adapter/values.yaml index 43d757ea38..b5cfe4eb41 100755 --- a/kubernetes/so/charts/so-nssmf-adapter/values.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/values.yaml @@ -17,11 +17,22 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 - repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 persistence: mountPath: /dockerdata-nfs + security: + aaf: + enabled: false + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + mariadbGalera: + serviceName: mariadb-galera + servicePort: '3306' + +readinessCheck: + wait_for: + - so-mariadb-config + ################################################################# # Secrets metaconfig @@ -41,10 +52,6 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required - - uid: "so-onap-certs" - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' - uid: server-bpel-creds name: '{{ include "common.release" . }}-so-server-bpel-creds' type: basicAuth @@ -60,7 +67,6 @@ secrets: password: '{{ .Values.server.actuator.password }}' passwordPolicy: required - #secretsFilePaths: | # - 'my file 1' # - '{{ include "templateThatGeneratesFileName" . }}' @@ -68,8 +74,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -repository: nexus3.onap.org:10001 -image: onap/so/nssmf-adapter:1.6.4 +image: onap/so/nssmf-adapter:1.7.10 pullPolicy: Always db: @@ -86,21 +91,37 @@ server: bpel: username: bpel password: password1$ +aai: + auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 +mso: + adapters: + requestDb: + auth: Basic YnBlbDpwYXNzd29yZDEk replicaCount: 1 minReadySeconds: 10 -containerPort: 8088 +containerPort: &containerPort 8088 logPath: ./logs/nssmf/ app: nssmf-adapter service: type: ClusterIP ports: - name: api - port: 8088 + port: *containerPort updateStrategy: type: RollingUpdate maxUnavailable: 1 maxSurge: 1 + +soHelpers: + nameOverride: so-nssmf-cert-init + certInitializer: + nameOverride: so-nssmf-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.nssmfAdapterPerm + containerPort: *containerPort + # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) diff --git a/kubernetes/so/components/so-oof-adapter/Chart.yaml b/kubernetes/so/components/so-oof-adapter/Chart.yaml new file mode 100755 index 0000000000..cce161a8cd --- /dev/null +++ b/kubernetes/so/components/so-oof-adapter/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: so-oof-adapter +version: 6.0.0 diff --git a/kubernetes/so/components/so-oof-adapter/requirements.yaml b/kubernetes/so/components/so-oof-adapter/requirements.yaml new file mode 100644 index 0000000000..3398a2d39d --- /dev/null +++ b/kubernetes/so/components/so-oof-adapter/requirements.yaml @@ -0,0 +1,27 @@ +# Copyright © 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml new file mode 100755 index 0000000000..9aafd4f322 --- /dev/null +++ b/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml @@ -0,0 +1,58 @@ +{{/* +# Copyright © 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +logging: + path: logs +spring: + security: + usercredentials: + - username: ${BPEL_USERNAME} + password: ${BPEL_PASSWORD} + role: BPEL-Client + - username: ${ACTUATOR_USERNAME} + password: ${ACTUATOR_PASSWORD} + role: ACTUATOR +server: + port: {{ index .Values.containerPort }} + tomcat: + max-threads: 50 + +mso: + site-name: localSite + logPath: ./logs/oof + msb-ip: msb-iag.{{ include "common.namespace" . }} + msb-port: 80 + msoKey: ${MSO_KEY} + camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081 + camundaAuth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.camundaAuth )}} + workflow: + message: + endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage + oof: + auth: ${OOF_LOGIN}:${OOF_PASSWORD} + endpoint: https://oof-osdf.{{ include "common.namespace" . }}:8698 +#Actuator +management: + endpoints: + web: + base-path: /manage + exposure: + include: "*" + metrics: + se-global-registry: false + export: + prometheus: + enabled: true # Whether exporting of metrics to Prometheus is enabled. + step: 1m # Step size (i.e. reporting frequency) to use. diff --git a/kubernetes/so/components/so-oof-adapter/templates/configmap.yaml b/kubernetes/so/components/so-oof-adapter/templates/configmap.yaml new file mode 100755 index 0000000000..da5fda9c42 --- /dev/null +++ b/kubernetes/so/components/so-oof-adapter/templates/configmap.yaml @@ -0,0 +1,50 @@ +{{/* +# Copyright © 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: + LOG_PATH: {{ index .Values.logPath }} + APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-app-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} diff --git a/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml b/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml new file mode 100755 index 0000000000..62ebfff99f --- /dev/null +++ b/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml @@ -0,0 +1,103 @@ +{{/* +# Copyright © 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ index .Values.replicaCount }} + minReadySeconds: {{ index .Values.minReadySeconds }} + strategy: + type: {{ index .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ index .Values.updateStrategy.maxSurge }} + template: + metadata: + labels: {{- include "common.labels" . | nindent 8 }} + spec: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + resources: +{{ include "common.resources" . | indent 10 }} + env: + - name: DB_HOST + value: {{ include "common.mariadbService" . }} + - name: DB_PORT + value: {{ include "common.mariadbPort" . | quote }} + - name: DB_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} + - name: DB_ADMIN_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} + - name: DB_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} + - name: MSO_KEY + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-adapter-mso-key" "key" "password") | indent 10 }} + - name: OOF_LOGIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-auth" "key" "login") | indent 10 }} + - name: OOF_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-auth" "key" "password") | indent 10 }} + {{ include "so.certificates.env" . | indent 8 | trim }} + envFrom: + - configMapRef: + name: {{ include "common.fullname" . }}-configmap + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} + - name: logs + mountPath: /app/logs + - name: config + mountPath: /app/config + readOnly: true + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap +{{ include "so.helpers.livenessProbe" .| indent 8 }} + ports: {{- include "common.containerPorts" . | nindent 12 }} + # Filebeat sidecar container + - name: {{ include "common.name" . }}-filebeat-onap + image: {{ include "repositoryGenerator.image.logging" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-data-filebeat + mountPath: /usr/share/filebeat/data + - name: logs + mountPath: /var/log/onap/so + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} + - name: logs + emptyDir: {} + - name: config + configMap: + name: {{ include "common.fullname" . }}-app-configmap + - name: {{ include "common.fullname" . }}-log-conf + configMap: + name: {{ include "common.fullname" . }}-log + - name: {{ include "common.fullname" . }}-filebeat-conf + configMap: + name: {{ .Release.Name }}-so-filebeat-configmap + - name: {{ include "common.fullname" . }}-data-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/components/so-oof-adapter/templates/secret.yaml b/kubernetes/so/components/so-oof-adapter/templates/secret.yaml new file mode 100644 index 0000000000..31e0ab6a16 --- /dev/null +++ b/kubernetes/so/components/so-oof-adapter/templates/secret.yaml @@ -0,0 +1,16 @@ +{{/* +# Copyright © 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/components/so-oof-adapter/templates/service.yaml b/kubernetes/so/components/so-oof-adapter/templates/service.yaml new file mode 100755 index 0000000000..a4df54737c --- /dev/null +++ b/kubernetes/so/components/so-oof-adapter/templates/service.yaml @@ -0,0 +1,16 @@ +{{/* +# Copyright © 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ include "common.service" . }} diff --git a/kubernetes/so/charts/so-openstack-adapter/values.yaml b/kubernetes/so/components/so-oof-adapter/values.yaml index cf86817ff8..13a0f0f05e 100755 --- a/kubernetes/so/charts/so-openstack-adapter/values.yaml +++ b/kubernetes/so/components/so-oof-adapter/values.yaml @@ -1,4 +1,4 @@ -# Copyright © 2018 AT&T USA +# Copyright © 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,21 +11,34 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. + ################################################################# # Global configuration defaults. ################################################################# global: nodePortPrefix: 302 nodePortPrefixExt: 304 - repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 persistence: mountPath: /dockerdata-nfs + security: + aaf: + enabled: false + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + mariadbGalera: + serviceName: mariadb-galera + servicePort: '3306' -################################################################# # Secrets metaconfig ################################################################# +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret secrets: - uid: db-user-creds type: basicAuth @@ -39,10 +52,17 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required - - uid: "so-onap-certs" - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' + - uid: oof-adapter-mso-key + type: password + externalSecret: '{{ tpl (default "" .Values.mso.msoKeySecret) . }}' + password: '{{ .Values.mso.msoKey }}' + - uid: oof-auth + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.mso.oof.authSecret) . }}' + login: '{{ .Values.mso.oof.login }}' + password: '{{ .Values.mso.oof.password }}' + passwordPolicy: required + #secretsFilePaths: | # - 'my file 1' @@ -51,32 +71,41 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/openstack-adapter:1.6.4 +image: onap/so/so-oof-adapter:1.7.4 pullPolicy: Always -repository: nexus3.onap.org:10001 -db: - userName: so_user - userPassword: so_User123 - # userCredsExternalSecret: some secret - adminName: so_admin - adminPassword: so_Admin123 - # adminCredsExternalSecret: some secret +mso: + msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + oof: + login: test + password: testpwd replicaCount: 1 +containerPort: &containerPort 8090 minReadySeconds: 10 -containerPort: 8087 -logPath: ./logs/openstack/ -app: openstack-adapter +containerPort: *containerPort +logPath: ./logs/oof/ +app: so-oof-adapter service: type: ClusterIP - internalPort: 8087 - externalPort: 8087 - portName: so-optack-port + ports: + - name: api + port: *containerPort updateStrategy: type: RollingUpdate maxUnavailable: 1 maxSurge: 1 + + +soHelpers: + nameOverride: so-oof-adapter-cert-init + certInitializer: + nameOverride: so-oof-adapter-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.oofadapterPerm + containerPort: *containerPort + # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) @@ -98,7 +127,7 @@ resources: unlimited: {} livenessProbe: path: /manage/health - port: 8087 + port: *containerPort scheme: HTTP initialDelaySeconds: 600 periodSeconds: 60 @@ -107,13 +136,6 @@ livenessProbe: failureThreshold: 3 ingress: enabled: false -config: - openStackUserName: "vnf_user" - openStackRegion: "RegionOne" - openStackKeyStoneUrl: "http://1.2.3.4:5000/v2.0" - openStackServiceTenantName: "service" - openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e" - openStackTenantId: "d570c718cbc545029f40e50b75eb13df" nodeSelector: {} tolerations: [] affinity: {} diff --git a/kubernetes/so/charts/so-openstack-adapter/Chart.yaml b/kubernetes/so/components/so-openstack-adapter/Chart.yaml index cf257d3239..cf257d3239 100755 --- a/kubernetes/so/charts/so-openstack-adapter/Chart.yaml +++ b/kubernetes/so/components/so-openstack-adapter/Chart.yaml diff --git a/kubernetes/so/components/so-openstack-adapter/requirements.yaml b/kubernetes/so/components/so-openstack-adapter/requirements.yaml new file mode 100755 index 0000000000..82296bee1d --- /dev/null +++ b/kubernetes/so/components/so-openstack-adapter/requirements.yaml @@ -0,0 +1,29 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: readinessCheck + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml index dde3b3ee63..15f08bccc6 100755 --- a/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,8 +12,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} aai: - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}} endpoint: https://aai.{{ include "common.namespace" . }}:8443 server: port: {{ index .Values.containerPort }} @@ -58,7 +60,7 @@ org: default_keystone_url_version: /v2.0 default_keystone_reg_ex: "/[vV][0-9]" vnf: - bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}} + bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}} checkRequiredParameters: true addGetFilesOnVolumeReq: false sockettimeout: 30 @@ -69,7 +71,7 @@ org: valet_enabled: false fail_requests_on_valet_failure: false network: - bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}} + bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}} sockettimeout: 5 connecttimeout: 5 retrycount: 5 @@ -99,8 +101,8 @@ mso: adapters: requestDb: endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}} - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}} logPath: ./logs/openstack msb-ip: msb-iag msb-port: 443 @@ -110,7 +112,7 @@ mso: msoKey: {{ .Values.mso.msoKey }} config: {{ if eq .Values.global.security.aaf.enabled true }} - cadi: {{ include "cadi.keys" . | nindent 8}} + cadi: {{ include "so.cadi.keys" . | nindent 8}} {{- else }} cadi: aafId: {{ .Values.mso.basicUser }} @@ -120,7 +122,7 @@ mso: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}} site-name: localDevEnv async: core-pool-size: 50 diff --git a/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml b/kubernetes/so/components/so-openstack-adapter/templates/configmap.yaml index 104daae051..050aab9732 100755 --- a/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml +++ b/kubernetes/so/components/so-openstack-adapter/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,11 +12,12 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml index bac21cf10b..3fee225c03 100755 --- a/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment metadata: @@ -37,37 +39,31 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - - command: - - /root/job_complete.py - args: - - --job-name - - {{ include "common.release" . }}-so-mariadb-config-job - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness + initContainers: + {{ include "so.certificate.container_importer" . | indent 6 | trim }} + {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} - image: {{ include "common.repository" . }}/{{ .Values.image }} - resources: -{{ include "common.resources" . | indent 12 }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" + {{- end }} + /app/start-app.sh + {{- end }} env: - name: DB_HOST - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.host + value: {{ include "common.mariadbService" . }} - name: DB_PORT - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.port + value: {{ include "common.mariadbPort" . | quote }} - name: DB_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD @@ -76,27 +72,12 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} - {{- if eq .Values.global.security.aaf.enabled true }} - - name: TRUSTSTORE - value: /app/org.onap.so.trust.jks - - name: TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: trustStorePassword - - name: KEYSTORE - value: /app/org.onap.so.jks - - name: KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: keyStorePassword - {{- end }} + {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config @@ -104,14 +85,14 @@ spec: readOnly: true - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap -{{ include "helpers.livenessProbe" .| indent 8 }} +{{ include "so.helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP # Filebeat sidecar container - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf diff --git a/kubernetes/so/components/so-openstack-adapter/templates/secret.yaml b/kubernetes/so/components/so-openstack-adapter/templates/secret.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/so/components/so-openstack-adapter/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-openstack-adapter/templates/service.yaml b/kubernetes/so/components/so-openstack-adapter/templates/service.yaml index 6711c3b2e7..6eb6f27e26 100755 --- a/kubernetes/so/charts/so-openstack-adapter/templates/service.yaml +++ b/kubernetes/so/components/so-openstack-adapter/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service metadata: diff --git a/kubernetes/so/components/so-openstack-adapter/values.yaml b/kubernetes/so/components/so-openstack-adapter/values.yaml new file mode 100755 index 0000000000..392f8472d4 --- /dev/null +++ b/kubernetes/so/components/so-openstack-adapter/values.yaml @@ -0,0 +1,154 @@ +# Copyright © 2018 AT&T USA +# Copyright © 2020 Huawei +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + persistence: + mountPath: /dockerdata-nfs + security: + aaf: + enabled: false + aaf: + auth: + encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 + mariadbGalera: + serviceName: mariadb-galera + servicePort: '3306' + +readinessCheck: + wait_for: + - so-mariadb-config + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' + +################################################################# +# Application configuration defaults. +################################################################# +image: onap/so/openstack-adapter:1.7.10 +pullPolicy: Always + +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret + +aai: + auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 +aaf: + auth: + encrypted: 7F182B0C05D58A23A1C4966B9CDC9E0B8BC5CD53BC8C7B4083D869F8D53E9BDC3EFD55C94B1D3F +org: + onap: + so: + adapters: + bpelauth: D1A67FA93B6A6419132D0F83CC771AF774FD3C60853C50C22C8C6FC5088CC79E9E81EDE9EA39F22B2F66A0068E +mso: + msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + basicUser: poBpmn + auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4 + db: + auth: Basic YnBlbDpwYXNzd29yZDEk + +replicaCount: 1 +minReadySeconds: 10 +containerPort: &containerPort 8087 +logPath: ./logs/openstack/ +app: openstack-adapter +service: + type: ClusterIP + internalPort: *containerPort + externalPort: *containerPort + portName: so-optack-port +updateStrategy: + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 + +################################################################# +# soHelper part +################################################################# +soHelpers: + nameOverride: so-openstack-cert-init + certInitializer: + nameOverride: so-openstack-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.openStackAdapterPerm + containerPort: *containerPort + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + memory: 4Gi + cpu: 2000m + requests: + memory: 1Gi + cpu: 500m + large: + limits: + memory: 8Gi + cpu: 4000m + requests: + memory: 2Gi + cpu: 1000m + unlimited: {} +livenessProbe: + path: /manage/health + port: 8087 + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +ingress: + enabled: false +config: + openStackUserName: "vnf_user" + openStackRegion: "RegionOne" + openStackKeyStoneUrl: "http://1.2.3.4:5000/v2.0" + openStackServiceTenantName: "service" + openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e" + openStackTenantId: "d570c718cbc545029f40e50b75eb13df" +nodeSelector: {} +tolerations: [] +affinity: {} diff --git a/kubernetes/so/charts/so-request-db-adapter/Chart.yaml b/kubernetes/so/components/so-request-db-adapter/Chart.yaml index 499a8950e6..499a8950e6 100755 --- a/kubernetes/so/charts/so-request-db-adapter/Chart.yaml +++ b/kubernetes/so/components/so-request-db-adapter/Chart.yaml diff --git a/kubernetes/so/components/so-request-db-adapter/requirements.yaml b/kubernetes/so/components/so-request-db-adapter/requirements.yaml new file mode 100755 index 0000000000..82296bee1d --- /dev/null +++ b/kubernetes/so/components/so-request-db-adapter/requirements.yaml @@ -0,0 +1,29 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: readinessCheck + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/charts/so-request-db-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-request-db-adapter/resources/config/overrides/override.yaml index 8dde3b7f99..9b70ddcb5d 100755 --- a/kubernetes/so/charts/so-request-db-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-request-db-adapter/resources/config/overrides/override.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -12,6 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # will be used as entry in DB to say SITE OFF/ON for healthcheck +*/}} server: port: {{ index .Values.containerPort }} tomcat: @@ -21,10 +23,10 @@ mso: logPath: logs site-name: localSite config: - cadi: {{- include "cadi.keys" . | nindent 8}} + cadi: {{- include "so.cadi.keys" . | nindent 8}} adapters: requestDb: - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 spring: datasource: diff --git a/kubernetes/so/charts/so-vfc-adapter/templates/configmap.yaml b/kubernetes/so/components/so-request-db-adapter/templates/configmap.yaml index b57205223e..6331656fce 100755 --- a/kubernetes/so/charts/so-vfc-adapter/templates/configmap.yaml +++ b/kubernetes/so/components/so-request-db-adapter/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,11 +12,12 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml index 8d2e9738c1..75e6b1ee62 100755 --- a/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment metadata: @@ -37,37 +39,31 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - - command: - - /root/job_complete.py - args: - - --job-name - - {{ include "common.release" . }}-so-mariadb-config-job - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness + initContainers: + {{ include "so.certificate.container_importer" . | indent 6 | trim }} + {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} - image: {{ include "common.repository" . }}/{{ .Values.image }} - resources: -{{ include "common.resources" . | indent 12 }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" + {{- end }} + /app/start-app.sh + {{- end }} env: - name: DB_HOST - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.host + value: {{ include "common.mariadbService" . }} - name: DB_PORT - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.port + value: {{ include "common.mariadbPort" . | quote }} - name: DB_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD @@ -76,33 +72,18 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} - {{- if eq .Values.global.security.aaf.enabled true }} - - name: TRUSTSTORE - value: /app/org.onap.so.trust.jks - - name: TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: trustStorePassword - - name: KEYSTORE - value: /app/org.onap.so.jks - - name: KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: keyStorePassword - {{- end }} + {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config mountPath: /app/config readOnly: true -{{ include "helpers.livenessProbe" .| indent 8 }} +{{ include "so.helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} diff --git a/kubernetes/so/components/so-request-db-adapter/templates/secret.yaml b/kubernetes/so/components/so-request-db-adapter/templates/secret.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/so/components/so-request-db-adapter/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-request-db-adapter/templates/service.yaml b/kubernetes/so/components/so-request-db-adapter/templates/service.yaml index 6711c3b2e7..6eb6f27e26 100755 --- a/kubernetes/so/charts/so-request-db-adapter/templates/service.yaml +++ b/kubernetes/so/components/so-request-db-adapter/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service metadata: diff --git a/kubernetes/so/charts/so-request-db-adapter/values.yaml b/kubernetes/so/components/so-request-db-adapter/values.yaml index 107b7cde0c..208cf64b6f 100755 --- a/kubernetes/so/charts/so-request-db-adapter/values.yaml +++ b/kubernetes/so/components/so-request-db-adapter/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2018 AT&T USA -# +# Copyright © 2020 Huawei # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -17,11 +17,21 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 - repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 persistence: mountPath: /dockerdata-nfs + security: + aaf: + enabled: false + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + mariadbGalera: + serviceName: mariadb-galera + servicePort: '3306' + +readinessCheck: + wait_for: + - so-mariadb-config ################################################################# # Secrets metaconfig @@ -39,10 +49,6 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required - - uid: "so-onap-certs" - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' #secretsFilePaths: | # - 'my file 1' @@ -51,8 +57,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -repository: nexus3.onap.org:10001 -image: onap/so/request-db-adapter:1.6.4 +image: onap/so/request-db-adapter:1.7.10 pullPolicy: Always db: @@ -63,20 +68,38 @@ db: adminPassword: so_Admin123 # adminCredsExternalSecret: some secret +mso: + adapters: + requestDb: + auth: Basic YnBlbDpwYXNzd29yZDEk + replicaCount: 1 minReadySeconds: 10 -containerPort: 8083 +containerPort: &containerPort 8083 logPath: ./logs/reqdb/ app: request-db-adapter service: type: ClusterIP - internalPort: 8083 - externalPort: 8083 + internalPort: *containerPort + externalPort: *containerPort portName: so-reqdb-port updateStrategy: type: RollingUpdate maxUnavailable: 1 maxSurge: 1 + +################################################################# +# soHelpers part +################################################################# +soHelpers: + nameOverride: so-requestdb-cert-init + certInitializer: + nameOverride: so-requestdb-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.requestDbAdapterPerm + containerPort: *containerPort + # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) diff --git a/kubernetes/so/charts/so-sdc-controller/Chart.yaml b/kubernetes/so/components/so-sdc-controller/Chart.yaml index 6151e1beae..6151e1beae 100755 --- a/kubernetes/so/charts/so-sdc-controller/Chart.yaml +++ b/kubernetes/so/components/so-sdc-controller/Chart.yaml diff --git a/kubernetes/so/components/so-sdc-controller/requirements.yaml b/kubernetes/so/components/so-sdc-controller/requirements.yaml new file mode 100755 index 0000000000..82296bee1d --- /dev/null +++ b/kubernetes/so/components/so-sdc-controller/requirements.yaml @@ -0,0 +1,29 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: readinessCheck + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml b/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml index 8d02cc1f5c..b20e33a140 100755 --- a/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} aai: auth: {{.Values.aai.auth}} server: @@ -47,19 +49,19 @@ mso: msoKey: {{ index .Values.mso.msoKey }} logPath: ./logs/sdc config: - cadi: {{ include "cadi.keys" . | nindent 8}} + cadi: {{ include "so.cadi.keys" . | nindent 8}} catalog: db: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}} site-name: onapheat camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/ adapters: requestDb: endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}} aai: endpoint: https://aai.{{ include "common.namespace" . }}:8443 asdc-connections: diff --git a/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml b/kubernetes/so/components/so-sdc-controller/templates/configmap.yaml index 104daae051..050aab9732 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml +++ b/kubernetes/so/components/so-sdc-controller/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,11 +12,12 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml index bac21cf10b..3fee225c03 100755 --- a/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml +++ b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment metadata: @@ -37,37 +39,31 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - - command: - - /root/job_complete.py - args: - - --job-name - - {{ include "common.release" . }}-so-mariadb-config-job - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness + initContainers: + {{ include "so.certificate.container_importer" . | indent 6 | trim }} + {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} - image: {{ include "common.repository" . }}/{{ .Values.image }} - resources: -{{ include "common.resources" . | indent 12 }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" + {{- end }} + /app/start-app.sh + {{- end }} env: - name: DB_HOST - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.host + value: {{ include "common.mariadbService" . }} - name: DB_PORT - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.port + value: {{ include "common.mariadbPort" . | quote }} - name: DB_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD @@ -76,27 +72,12 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} - {{- if eq .Values.global.security.aaf.enabled true }} - - name: TRUSTSTORE - value: /app/org.onap.so.trust.jks - - name: TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: trustStorePassword - - name: KEYSTORE - value: /app/org.onap.so.jks - - name: KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: keyStorePassword - {{- end }} + {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config @@ -104,14 +85,14 @@ spec: readOnly: true - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap -{{ include "helpers.livenessProbe" .| indent 8 }} +{{ include "so.helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP # Filebeat sidecar container - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf diff --git a/kubernetes/so/components/so-sdc-controller/templates/secret.yaml b/kubernetes/so/components/so-sdc-controller/templates/secret.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/so/components/so-sdc-controller/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/components/so-sdc-controller/templates/service.yaml b/kubernetes/so/components/so-sdc-controller/templates/service.yaml new file mode 100755 index 0000000000..6eb6f27e26 --- /dev/null +++ b/kubernetes/so/components/so-sdc-controller/templates/service.yaml @@ -0,0 +1,40 @@ +{{/* +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} diff --git a/kubernetes/so/charts/so-sdc-controller/values.yaml b/kubernetes/so/components/so-sdc-controller/values.yaml index a477678c1b..6dd662e9b2 100755 --- a/kubernetes/so/charts/so-sdc-controller/values.yaml +++ b/kubernetes/so/components/so-sdc-controller/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2018 AT&T USA -# +# Copyright © 2020 Huawei # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -17,11 +17,21 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 - repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 persistence: mountPath: /dockerdata-nfs + security: + aaf: + enabled: false + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + mariadbGalera: + serviceName: mariadb-galera + servicePort: '3306' + +readinessCheck: + wait_for: + - so-mariadb-config ################################################################# # Secrets metaconfig @@ -39,10 +49,6 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required - - uid: "so-onap-certs" - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' #secretsFilePaths: | # - 'my file 1' @@ -51,8 +57,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -repository: nexus3.onap.org:10001 -image: onap/so/sdc-controller:1.6.4 +image: onap/so/sdc-controller:1.7.10 pullPolicy: Always db: @@ -63,20 +68,46 @@ db: adminPassword: so_Admin123 # adminCredsExternalSecret: some secret +aai: + auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 +mso: + msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + requestDb: + auth: Basic YnBlbDpwYXNzd29yZDEk + asdc: + config: + key: 566B754875657232314F5548556D3665 + asdc-connections: + asdc-controller1: + password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F + replicaCount: 1 minReadySeconds: 10 -containerPort: 8085 +containerPort: &containerPort 8085 logPath: ./logs/sdc/ app: sdc-controller service: type: ClusterIP - internalPort: 8085 - externalPort: 8085 + internalPort: *containerPort + externalPort: *containerPort portName: so-sdc-port updateStrategy: type: RollingUpdate maxUnavailable: 1 maxSurge: 1 + +################################################################# +# soHelpers part +################################################################# +soHelpers: + nameOverride: so-sdc-cert-init + certInitializer: + nameOverride: so-sdc-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.sdcControllerPerm + containerPort: *containerPort + # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) diff --git a/kubernetes/so/charts/so-sdnc-adapter/Chart.yaml b/kubernetes/so/components/so-sdnc-adapter/Chart.yaml index 1ab7a2b0b4..1ab7a2b0b4 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/Chart.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/Chart.yaml diff --git a/kubernetes/so/components/so-sdnc-adapter/requirements.yaml b/kubernetes/so/components/so-sdnc-adapter/requirements.yaml new file mode 100755 index 0000000000..d25c12c663 --- /dev/null +++ b/kubernetes/so/components/so-sdnc-adapter/requirements.yaml @@ -0,0 +1,26 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-sdnc-adapter/resources/config/overrides/override.yaml index d363122a33..3c6e0ab305 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/resources/config/overrides/override.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} server: port: {{ index .Values.containerPort }} mso: @@ -20,13 +22,13 @@ mso: queue-capacity: 500 logPath: ./logs/sdnc config: - cadi: {{ include "cadi.keys" . | nindent 14}} + cadi: {{ include "so.cadi.keys" . | nindent 14}} catalog: db: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} site-name: onapheat org: onap: @@ -102,7 +104,7 @@ org: changedelete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf delete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf rollback: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf - bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.bpelauth )}} + bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.bpelauth )}} bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/SDNCAdapterCallbackService opticalservice: optical-service-create: @@ -146,7 +148,7 @@ org: myurl: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/rest/SDNCNotify rest: bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage - sdncauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.sdncauth )}} + sdncauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.sdncauth )}} sdncconnecttime: 5000 sdncurl10: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/GENERIC-RESOURCE-API:' sdncurl11: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/VNFTOPOLOGYAIC-API:' diff --git a/kubernetes/so/charts/so-openstack-adapter/templates/configmap.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/configmap.yaml index 21544798cf..050aab9732 100755 --- a/kubernetes/so/charts/so-openstack-adapter/templates/configmap.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,11 +12,12 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap @@ -45,4 +47,4 @@ metadata: name: {{ include "common.fullname" . }}-log namespace: {{ include "common.namespace" . }} data: -{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
\ No newline at end of file +{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} diff --git a/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml index d4bd389296..6f9d7f7b16 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment metadata: @@ -40,20 +42,26 @@ spec: initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} containers: - name: {{ include "common.name" . }} - image: {{ include "common.repository" . }}/{{ .Values.image }} - resources: -{{ include "common.resources" . | indent 12 }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" + {{- end }} + /app/start-app.sh + {{- end }} env: - name: DB_HOST - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.host + value: {{ include "common.mariadbService" . }} - name: DB_PORT - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.port + value: {{ include "common.mariadbPort" . | quote }} - name: DB_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD @@ -62,27 +70,12 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} - {{- if eq .Values.global.security.aaf.enabled true }} - - name: TRUSTSTORE - value: /app/org.onap.so.trust.jks - - name: TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: trustStorePassword - - name: KEYSTORE - value: /app/org.onap.so.jks - - name: KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: keyStorePassword - {{- end }} + {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config @@ -90,14 +83,14 @@ spec: readOnly: true - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap -{{ include "helpers.livenessProbe" .| indent 8 }} +{{ include "so.helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP # Filebeat sidecar container - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf diff --git a/kubernetes/so/components/so-sdnc-adapter/templates/secret.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/secret.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/so/components/so-sdnc-adapter/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/components/so-sdnc-adapter/templates/service.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/service.yaml new file mode 100755 index 0000000000..6eb6f27e26 --- /dev/null +++ b/kubernetes/so/components/so-sdnc-adapter/templates/service.yaml @@ -0,0 +1,40 @@ +{{/* +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} diff --git a/kubernetes/so/charts/so-sdnc-adapter/values.yaml b/kubernetes/so/components/so-sdnc-adapter/values.yaml index c4c0b3c300..be58ae6154 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/values.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2018 AT&T USA -# +# Copyright © 2020 Huawei # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -17,14 +17,20 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 - repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 persistence: mountPath: /dockerdata-nfs #This configuration specifies Service and port for SDNC OAM interface sdncOamService: sdnc-oam sdncOamPort: 8282 + security: + aaf: + enabled: false + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + mariadbGalera: + serviceName: mariadb-galera + servicePort: '3306' ################################################################# # Secrets metaconfig @@ -42,10 +48,6 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required - - uid: "so-onap-certs" - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' #secretsFilePaths: | # - 'my file 1' @@ -54,10 +56,23 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -repository: nexus3.onap.org:10001 -image: onap/so/sdnc-adapter:1.6.4 +image: onap/so/sdnc-adapter:1.7.10 pullPolicy: Always +org: + onap: + so: + adapters: + sdnc: + bpelauth: 4C18603C5AE7E3A42A6CED95CDF9C0BA9B2109B3725747662E5D34E5FDF63DA9ADEBB08185098F14699195FDE9475100 + sdncauth: ED07A7EE5F099FA53369C3DF2240AD68A00154676EEDBC6F8C16BAA83B1912941B8941ABD48683D2C1072DA7040659692DE936A59BBF42A038CF71DE67B4A375190071EC76EA657801B033C135 + network: + encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7 +mso: + adapters: + requestDb: + auth: Basic YnBlbDpwYXNzd29yZDEk + db: userName: so_user userPassword: so_User123 @@ -68,18 +83,32 @@ db: replicaCount: 1 minReadySeconds: 10 -containerPort: 8086 +containerPort: &containerPort 8086 logPath: ./logs/sdnc/ app: sdnc-adapter service: type: ClusterIP - internalPort: 8086 - externalPort: 8086 + internalPort: *containerPort + externalPort: *containerPort portName: so-sdnc-port updateStrategy: type: RollingUpdate maxUnavailable: 1 maxSurge: 1 + + +################################################################# +# soHelpers part +################################################################# +soHelpers: + nameOverride: so-sdnc-cert-init + certInitializer: + nameOverride: so-sdnc-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.sdncAdapterPerm + containerPort: *containerPort + # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/Chart.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/Chart.yaml index b78051ff14..b78051ff14 100755 --- a/kubernetes/so/charts/so-ve-vnfm-adapter/Chart.yaml +++ b/kubernetes/so/components/so-ve-vnfm-adapter/Chart.yaml diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/requirements.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/requirements.yaml new file mode 100755 index 0000000000..82296bee1d --- /dev/null +++ b/kubernetes/so/components/so-ve-vnfm-adapter/requirements.yaml @@ -0,0 +1,29 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: readinessCheck + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/resources/config/overrides/override.yaml index 88d805d81e..f46219c6c9 100755 --- a/kubernetes/so/charts/so-ve-vnfm-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-ve-vnfm-adapter/resources/config/overrides/override.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung# Copyright © 2020 Samsung # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,9 +12,10 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} server: - port: {{ (index .Values.service.ports 0).port }} + port: {{ include "common.getPort" (dict "global" . "name" "http") }} vevnfmadapter: endpoint: https://msb-iag:30283/api/{{ include "common.servicename" . }}/v1 diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/configmap.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/templates/configmap.yaml index e940811883..d53c816374 100755 --- a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/configmap.yaml +++ b/kubernetes/so/components/so-ve-vnfm-adapter/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml index 380b52fda0..ac4f574bec 100755 --- a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,43 +12,29 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ index .Values.replicaCount }} + replicas: {{ .Values.replicaCount }} template: metadata: labels: {{- include "common.labels" . | nindent 8 }} spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }} - - name: {{ include "common.name" . }}-readiness - command: - - /root/ready.py - args: - - --container-name - - aai - - --container-name - - message-router - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} + {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap - image: {{ include "common.repository" . }}/{{ .Values.image }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} resources: {{ include "common.resources" . | nindent 12 }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 12 }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }} - name: logs mountPath: /app/logs - name: config @@ -55,11 +42,11 @@ spec: readOnly: true livenessProbe: tcpSocket: - port: {{ index .Values.livenessProbe.port }} - initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} - periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} - successThreshold: {{ index .Values.livenessProbe.successThreshold}} - failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} + port: {{ .Values.livenessProbe.port }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds}} + periodSeconds: {{ .Values.livenessProbe.periodSeconds}} + successThreshold: {{ .Values.livenessProbe.successThreshold}} + failureThreshold: {{ .Values.livenessProbe.failureThreshold}} ports: {{- include "common.containerPorts" . | nindent 10 }} volumes: {{ include "so.certificate.volumes" . | nindent 8 }} - name: logs diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/templates/secret.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/templates/secret.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/so/components/so-ve-vnfm-adapter/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/service.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/templates/service.yaml index f3ef1138b8..725967e1c8 100755 --- a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/service.yaml +++ b/kubernetes/so/components/so-ve-vnfm-adapter/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.service" . }} diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml index 65e11b41c8..83ec78d857 100755 --- a/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml +++ b/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml @@ -15,24 +15,13 @@ # Global configuration defaults. ################################################################# global: - repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 persistence: mountPath: /dockerdata-nfs -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: "so-onap-certs" - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' - -#secretsFilePaths: | -# - 'my file 1' -# - '{{ include "templateThatGeneratesFileName" . }}' +readinessCheck: + wait_for: + - aai + - message-router ################################################################# # Application configuration defaults. @@ -51,13 +40,23 @@ service: "version": "v1", "url": "/", "protocol": "REST", - "port": "{{ (index .Values.service.ports 0).port }}", + "port": "{{ include "common.getPort" (dict "global" . "name" "http") }}", "visualRange": "1" } ]{{ end }} ports: - name: http port: 9098 + +################################################################# +# soHelpers part +################################################################# +soHelpers: + nameOverride: so-vevnfm-cert-init + certInitializer: + nameOverride: so-vevnfm-cert-init + credsPath: /opt/app/osaaf/local + flavor: small resources: small: diff --git a/kubernetes/so/charts/so-vfc-adapter/Chart.yaml b/kubernetes/so/components/so-vfc-adapter/Chart.yaml index 2ce175d9c1..2ce175d9c1 100755 --- a/kubernetes/so/charts/so-vfc-adapter/Chart.yaml +++ b/kubernetes/so/components/so-vfc-adapter/Chart.yaml diff --git a/kubernetes/so/components/so-vfc-adapter/requirements.yaml b/kubernetes/so/components/so-vfc-adapter/requirements.yaml new file mode 100755 index 0000000000..82296bee1d --- /dev/null +++ b/kubernetes/so/components/so-vfc-adapter/requirements.yaml @@ -0,0 +1,29 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: readinessCheck + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-vfc-adapter/resources/config/overrides/override.yaml index dec34485bc..db5caf45fc 100755 --- a/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-vfc-adapter/resources/config/overrides/override.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} logging: path: logs spring: @@ -38,13 +40,13 @@ mso: site-name: localSite logPath: ./logs/vfc config: - cadi: {{ include "cadi.keys" . | nindent 8}} + cadi: {{ include "so.cadi.keys" . | nindent 8}} msb-ip: msb-iag msb-port: 80 adapters: requestDb: endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083 - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} #Actuator management: security: diff --git a/kubernetes/so/charts/so-request-db-adapter/templates/configmap.yaml b/kubernetes/so/components/so-vfc-adapter/templates/configmap.yaml index b57205223e..6331656fce 100755 --- a/kubernetes/so/charts/so-request-db-adapter/templates/configmap.yaml +++ b/kubernetes/so/components/so-vfc-adapter/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,11 +12,12 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml b/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml index b817dcf1e9..7c10e7f8ed 100755 --- a/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment metadata: @@ -24,50 +26,44 @@ spec: selector: matchLabels: app: {{ include "common.name" . }} - replicas: {{ index .Values.replicaCount }} - minReadySeconds: {{ index .Values.minReadySeconds }} + replicas: {{ .Values.replicaCount }} + minReadySeconds: {{ .Values.minReadySeconds }} strategy: - type: {{ index .Values.updateStrategy.type }} + type: {{ .Values.updateStrategy.type }} rollingUpdate: - maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} - maxSurge: {{ index .Values.updateStrategy.maxSurge }} + maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ .Values.updateStrategy.maxSurge }} template: metadata: labels: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - - command: - - /root/job_complete.py - args: - - --job-name - - {{ include "common.release" . }}-so-mariadb-config-job - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness + initContainers: + {{ include "so.certificate.container_importer" . | indent 6 | trim }} + {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} - image: {{ include "common.repository" . }}/{{ .Values.image }} - resources: -{{ include "common.resources" . | indent 12 }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" + {{- end }} + /app/start-app.sh + {{- end }} env: - name: DB_HOST - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.host + value: {{ include "common.mariadbService" . }} - name: DB_PORT - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.port + value: {{ include "common.mariadbPort" . | quote }} - name: DB_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD @@ -76,27 +72,12 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} - {{- if eq .Values.global.security.aaf.enabled true }} - - name: TRUSTSTORE - value: /app/org.onap.so.trust.jks - - name: TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: trustStorePassword - - name: KEYSTORE - value: /app/org.onap.so.jks - - name: KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: keyStorePassword - {{- end }} + {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config @@ -104,16 +85,16 @@ spec: readOnly: true livenessProbe: httpGet: - path: {{- index .Values.livenessProbe.path|indent 2}} - port: {{ index .Values.containerPort }} - scheme: {{- index .Values.livenessProbe.scheme| indent 2}} - initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} - periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} - timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} - successThreshold: {{ index .Values.livenessProbe.successThreshold}} - failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} + path: {{- .Values.livenessProbe.path|indent 2}} + port: {{ .Values.containerPort }} + scheme: {{- .Values.livenessProbe.scheme| indent 2}} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds}} + periodSeconds: {{ .Values.livenessProbe.periodSeconds}} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds}} + successThreshold: {{ .Values.livenessProbe.successThreshold}} + failureThreshold: {{ .Values.livenessProbe.failureThreshold}} ports: - - containerPort: {{ index .Values.containerPort }} + - containerPort: {{ .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP volumes: {{ include "so.certificate.volumes" . | nindent 6 }} diff --git a/kubernetes/so/components/so-vfc-adapter/templates/secret.yaml b/kubernetes/so/components/so-vfc-adapter/templates/secret.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/so/components/so-vfc-adapter/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/components/so-vfc-adapter/templates/service.yaml b/kubernetes/so/components/so-vfc-adapter/templates/service.yaml new file mode 100755 index 0000000000..2ecc66f233 --- /dev/null +++ b/kubernetes/so/components/so-vfc-adapter/templates/service.yaml @@ -0,0 +1,40 @@ +{{/* +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }}
\ No newline at end of file diff --git a/kubernetes/so/charts/so-vfc-adapter/values.yaml b/kubernetes/so/components/so-vfc-adapter/values.yaml index 85aeef9b5c..698cbf4b63 100755 --- a/kubernetes/so/charts/so-vfc-adapter/values.yaml +++ b/kubernetes/so/components/so-vfc-adapter/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2018 AT&T USA -# +# Copyright © 2020 Huawei # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -17,11 +17,21 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 - repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 persistence: mountPath: /dockerdata-nfs + security: + aaf: + enabled: false + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + mariadbGalera: + serviceName: mariadb-galera + servicePort: '3306' + +readinessCheck: + wait_for: + - so-mariadb-config ################################################################# # Secrets metaconfig @@ -39,10 +49,6 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required - - uid: "so-onap-certs" - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' #secretsFilePaths: | # - 'my file 1' @@ -51,8 +57,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -repository: nexus3.onap.org:10001 -image: onap/so/vfc-adapter:1.6.4 +image: onap/so/vfc-adapter:1.7.10 pullPolicy: Always db: @@ -63,20 +68,39 @@ db: adminPassword: so_Admin123 # adminCredsExternalSecret: some secret +mso: + adapters: + requestDb: + auth: Basic YnBlbDpwYXNzd29yZDEk + replicaCount: 1 minReadySeconds: 10 -containerPort: 8084 +containerPort: &containerPort 8084 logPath: ./logs/vfc/ app: vfc-adapter service: type: ClusterIP - internalPort: 8084 - externalPort: 8084 + internalPort: *containerPort + externalPort: *containerPort portName: so-vfc-port updateStrategy: type: RollingUpdate maxUnavailable: 1 maxSurge: 1 + + +################################################################# +# soHelpers part +################################################################# +soHelpers: + nameOverride: so-vfc-cert-init + certInitializer: + nameOverride: so-vfc-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.vfcAdapterPerm + containerPort: *containerPort + # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) diff --git a/kubernetes/so/charts/so-vnfm-adapter/Chart.yaml b/kubernetes/so/components/so-vnfm-adapter/Chart.yaml index 3ef796acd7..3ef796acd7 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/Chart.yaml +++ b/kubernetes/so/components/so-vnfm-adapter/Chart.yaml diff --git a/kubernetes/so/components/so-vnfm-adapter/requirements.yaml b/kubernetes/so/components/so-vnfm-adapter/requirements.yaml new file mode 100755 index 0000000000..d25c12c663 --- /dev/null +++ b/kubernetes/so/components/so-vnfm-adapter/requirements.yaml @@ -0,0 +1,26 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-vnfm-adapter/resources/config/overrides/override.yaml index 4128bc36ee..d780a76876 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-vnfm-adapter/resources/config/overrides/override.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,8 +12,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} aai: - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}} version: v15 endpoint: https://aai.{{ include "common.namespace" . }}:8443 spring: @@ -27,30 +29,22 @@ spring: server: port: {{ index .Values.containerPort }} ssl: - key-alias: so@so.onap.org - key--store-password: 'ywsqCy:EEo#j}HJHM7z^Rk[L' - key-store: classpath:so-vnfm-adapter.p12 - key-store-type: PKCS12 -http: - client: - ssl: - trust-store: classpath:org.onap.so.trust.jks - trust-store-password: ',sx#.C*W)]wVgJC6ccFHI#:H' + enabled: false mso: key: {{ .Values.mso.key }} site-name: localSite logPath: ./logs/vnfm-adapter config: - cadi: {{ include "cadi.keys" . | nindent 8}} + cadi: {{ include "so.cadi.keys" . | nindent 8}} msb-ip: msb-iag msb-port: 80 sdc: - username: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.username "value2" .Values.sdc.username )}} - password: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.password "value2" .Values.sdc.password )}} + username: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.username "value2" .Values.sdc.username )}} + password: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.password "value2" .Values.sdc.password )}} key: {{ .Values.sdc.key }} endpoint: https://sdc-be.{{ include "common.namespace" . }}:8443 vnfmadapter: - endpoint: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092 + endpoint: http://so-vnfm-adapter.{{ include "common.namespace" . }}:9092 etsi-catalog-manager: vnfpkgm: {{- if .Values.global.msbEnabled }} @@ -58,7 +52,7 @@ etsi-catalog-manager: http: client: ssl: - trust-store: ${TRUSTSTORE} + trust-store: file:${TRUSTSTORE} trust-store-password: ${TRUSTSTORE_PASSWORD} {{- else }} endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api/vnfpkgm/v1 diff --git a/kubernetes/so/charts/so-catalog-db-adapter/templates/configmap.yaml b/kubernetes/so/components/so-vnfm-adapter/templates/configmap.yaml index b57205223e..6331656fce 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/templates/configmap.yaml +++ b/kubernetes/so/components/so-vnfm-adapter/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,11 +12,12 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml index 2dbfa4ea4a..8abd9a9796 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment metadata: @@ -24,13 +26,13 @@ spec: selector: matchLabels: app: {{ include "common.name" . }} - replicas: {{ index .Values.replicaCount }} - minReadySeconds: {{ index .Values.minReadySeconds }} + replicas: {{ .Values.replicaCount }} + minReadySeconds: {{ .Values.minReadySeconds }} strategy: - type: {{ index .Values.updateStrategy.type }} + type: {{ .Values.updateStrategy.type }} rollingUpdate: - maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} - maxSurge: {{ index .Values.updateStrategy.maxSurge }} + maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ .Values.updateStrategy.maxSurge }} template: metadata: labels: @@ -40,48 +42,41 @@ spec: initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} containers: - name: {{ include "common.name" . }} - image: {{ include "common.repository" . }}/{{ .Values.image }} - resources: -{{ include "common.resources" . | indent 12 }} - env: - - name: TRUSTSTORE - value: {{ .Values.global.client.certs.truststore }} - - name: TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: trustStorePassword - {{ if eq .Values.global.security.aaf.enabled true }} - - name: KEYSTORE - value: {{ .Values.global.client.certs.keystore }} - - name: KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: keyStorePassword + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" + export KEYSTORE="{{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.p12" + /app/start-app.sh {{- end }} + env: + {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config mountPath: /app/config readOnly: true - - name: {{ include "common.fullname" . }}-truststore - mountPath: /app/client - readonly: true livenessProbe: tcpSocket: - port: {{ index .Values.livenessProbe.port }} - initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} - periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} - successThreshold: {{ index .Values.livenessProbe.successThreshold}} - failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} + port: {{ .Values.livenessProbe.port }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds}} + periodSeconds: {{ .Values.livenessProbe.periodSeconds}} + successThreshold: {{ .Values.livenessProbe.successThreshold}} + failureThreshold: {{ .Values.livenessProbe.failureThreshold}} ports: - - containerPort: {{ index .Values.containerPort }} + - containerPort: {{ .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP volumes: {{ include "so.certificate.volumes" . | nindent 6 }} @@ -90,8 +85,5 @@ spec: - name: config configMap: name: {{ include "common.fullname" . }}-app-configmap - - name: {{ include "common.fullname" . }}-truststore - secret: - secretName: {{ include "common.release" . }}-so-truststore-secret imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/ingress.yaml b/kubernetes/so/components/so-vnfm-adapter/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/templates/ingress.yaml +++ b/kubernetes/so/components/so-vnfm-adapter/templates/ingress.yaml diff --git a/kubernetes/so/components/so-vnfm-adapter/templates/secret.yaml b/kubernetes/so/components/so-vnfm-adapter/templates/secret.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/so/components/so-vnfm-adapter/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/service.yaml b/kubernetes/so/components/so-vnfm-adapter/templates/service.yaml index b445f7553b..5772a89a97 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/templates/service.yaml +++ b/kubernetes/so/components/so-vnfm-adapter/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service metadata: diff --git a/kubernetes/so/charts/so-vnfm-adapter/values.yaml b/kubernetes/so/components/so-vnfm-adapter/values.yaml index 0454892119..6aebf31932 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/values.yaml +++ b/kubernetes/so/components/so-vnfm-adapter/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2019 Nordix Foundation -# +# Copyright © 2020 Huawei # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -16,48 +16,62 @@ ################################################################# global: nodePortPrefixExt: 304 - repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 persistence: mountPath: /dockerdata-nfs - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: "so-onap-certs" - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' - -#secretsFilePaths: | -# - 'my file 1' -# - '{{ include "templateThatGeneratesFileName" . }}' - + security: + aaf: + enabled: false + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= ################################################################# # Application configuration defaults. ################################################################# -repository: nexus3.onap.org:10001 -image: onap/so/vnfm-adapter:1.6.4 +image: onap/so/vnfm-adapter:1.7.10 pullPolicy: Always +aaf: + auth: + username: so@so.onap.org + password: 8DB1C939BFC6A35C3832D0E52E452D0E05AE2537AF142CECD125FF827C05A972FDD0F4700547DA +aai: + auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 +mso: + key: 07a7159d3bf51a0e53be7a8f89699be7 +sdc: + username: mso + password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F + key: 566B754875657232314F5548556D3665 + replicaCount: 1 minReadySeconds: 10 -containerPort: 9092 +containerPort: &containerPort 9092 logPath: ./logs/vnfm-adapter/ app: vnfm-adapter service: type: NodePort - internalPort: 9092 - externalPort: 9092 + internalPort: *containerPort + externalPort: *containerPort nodePort: "06" portName: so-vnfm-port updateStrategy: type: RollingUpdate maxUnavailable: 1 maxSurge: 1 + +################################################################# +# soHelpers part +################################################################# +soHelpers: + nameOverride: so-vnfm-cert-init + certInitializer: + nameOverride: so-vnfm-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.vnfmAdapterPerm + containerPort: *containerPort + # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) diff --git a/kubernetes/so/charts/so-secrets/Chart.yaml b/kubernetes/so/components/soHelpers/Chart.yaml index d96245d752..a91111a33a 100644..100755 --- a/kubernetes/so/charts/so-secrets/Chart.yaml +++ b/kubernetes/so/components/soHelpers/Chart.yaml @@ -12,6 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 -description: A Helm chart for so secrets -name: so-secrets +description: A Helm chart for SO helpers +name: soHelpers version: 6.0.0 diff --git a/kubernetes/oof/charts/oof-cmso/requirements.yaml b/kubernetes/so/components/soHelpers/requirements.yaml index d95b2e76ae..aa972a525b 100644..100755 --- a/kubernetes/oof/charts/oof-cmso/requirements.yaml +++ b/kubernetes/so/components/soHelpers/requirements.yaml @@ -1,4 +1,4 @@ -# Copyright © 2018 AT&T +# Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,7 +11,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - dependencies: - name: common version: ~6.x-0 @@ -19,6 +18,6 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' - - name: mariadb-galera + - name: certInitializer version: ~6.x-0 repository: '@local' diff --git a/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl b/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl new file mode 100644 index 0000000000..d16b4f7cf8 --- /dev/null +++ b/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl @@ -0,0 +1,21 @@ +{{- define "so.cadi.keys" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.soHelpers .initRoot -}} +cadiLoglevel: {{ $initRoot.cadi.logLevel }} +cadiKeyFile: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.aaf.keyFile }} +cadiTrustStore: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.aaf.trustore }} +cadiTruststorePassword: ${TRUSTSTORE_PASSWORD} +cadiLatitude: {{ $initRoot.cadi.latitude }} +cadiLongitude: {{ $initRoot.cadi.longitude }} +aafEnv: {{ $initRoot.cadi.aafEnv }} +aafApiVersion: {{ $initRoot.cadi.aafApiVersion }} +aafRootNs: {{ $initRoot.cadi.aafRootNs }} +aafId: {{ $initRoot.cadi.aafId }} +aafPassword: {{ $initRoot.cadi.aafPassword }} +aafLocateUrl: {{ $initRoot.cadi.aafLocateUrl }} +aafUrl: {{ $initRoot.cadi.aafUrl }} +apiEnforcement: {{ $initRoot.cadi.apiEnforcement }} +{{- if ($initRoot.cadi.noAuthn) }} +noAuthn: {{ $initRoot.cadi.noAuthn }} +{{- end }} +{{- end }} diff --git a/kubernetes/so/components/soHelpers/templates/_certificates.tpl b/kubernetes/so/components/soHelpers/templates/_certificates.tpl new file mode 100644 index 0000000000..66497e1afa --- /dev/null +++ b/kubernetes/so/components/soHelpers/templates/_certificates.tpl @@ -0,0 +1,62 @@ +{{- define "so.certificate.container_importer" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.soHelpers .initRoot -}} +{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} +{{ include "common.certInitializer.initContainer" $subchartDot }} +{{- if $dot.Values.global.aafEnabled }} +- name: {{ include "common.name" $dot }}-msb-cert-importer + image: {{ include "repositoryGenerator.repository" $subchartDot }}/{{ $dot.Values.global.aafAgentImage }} + imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }} + command: + - "/bin/sh" + args: + - "-c" + - | + export $(grep '^c' {{ $subchartDot.Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + keytool -import -trustcacerts -alias msb_root -file \ + /certificates/msb-ca.crt -keystore \ + "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \ + -storepass $cadi_truststore_password -noprompt + keytool -importkeystore -srckeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks" \ + -srcstorepass {{ $subchartDot.Values.certInitializer.trustStoreAllPass }} \ + -destkeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \ + -deststorepass $cadi_truststore_password -noprompt + volumeMounts: + {{ include "common.certInitializer.volumeMount" $subchartDot | indent 2 | trim }} + - name: {{ include "common.name" $dot }}-msb-certificate + mountPath: /certificates +{{- end }} +{{- end -}} + +{{- define "so.certificate.volumes" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.soHelpers .initRoot -}} +{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} +{{ include "common.certInitializer.volumes" $subchartDot }} +{{- if $dot.Values.global.aafEnabled }} +- name: {{ include "common.name" $dot }}-msb-certificate + secret: + secretName: {{ include "common.secret.getSecretNameFast" (dict "global" $subchartDot "uid" "so-onap-certs") }} +{{- end }} +{{- end -}} + +{{- define "so.certificate.volumeMount" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.soHelpers .initRoot -}} +{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} +{{ include "common.certInitializer.volumeMount" $subchartDot }} +{{- end -}} + +{{- define "so.certificates.env" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.soHelpers .initRoot -}} +{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} +{{- if $dot.Values.global.aafEnabled }} +- name: TRUSTSTORE + value: {{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }} +{{- if $dot.Values.global.security.aaf.enabled }} +- name: KEYSTORE + value: {{ $subchartDot.Values.certInitializer.credsPath }}/org.onap.so.p12 +{{- end }} +{{- end }} +{{- end -}} diff --git a/kubernetes/so/components/soHelpers/templates/_livenessProbe.tpl b/kubernetes/so/components/soHelpers/templates/_livenessProbe.tpl new file mode 100644 index 0000000000..cde94742c6 --- /dev/null +++ b/kubernetes/so/components/soHelpers/templates/_livenessProbe.tpl @@ -0,0 +1,20 @@ +{{- define "so.helpers.livenessProbe" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.soHelpers .initRoot -}} +{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} +livenessProbe: + httpGet: + path: {{ $subchartDot.Values.livenessProbe.path }} + port: {{ $subchartDot.Values.containerPort }} + scheme: {{ $subchartDot.Values.livenessProbe.scheme }} + {{- if $subchartDot.Values.global.security.aaf.enabled }} + httpHeaders: + - name: Authorization + value: {{ $subchartDot.Values.global.aaf.auth.header }} + {{- end }} + initialDelaySeconds: {{ $subchartDot.Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ $subchartDot.Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ $subchartDot.Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ $subchartDot.Values.livenessProbe.successThreshold }} + failureThreshold: {{ $subchartDot.Values.livenessProbe.failureThreshold }} +{{- end -}} diff --git a/kubernetes/so/components/soHelpers/templates/_profileProperty.tpl b/kubernetes/so/components/soHelpers/templates/_profileProperty.tpl new file mode 100644 index 0000000000..56910ebebd --- /dev/null +++ b/kubernetes/so/components/soHelpers/templates/_profileProperty.tpl @@ -0,0 +1,3 @@ +{{- define "so.helpers.profileProperty" -}} + {{ if .condition }}{{ .value1 }}{{ else }}{{ .value2 }}{{ end }} +{{- end -}} diff --git a/kubernetes/so/components/soHelpers/values.yaml b/kubernetes/so/components/soHelpers/values.yaml new file mode 100755 index 0000000000..a367272d9a --- /dev/null +++ b/kubernetes/so/components/soHelpers/values.yaml @@ -0,0 +1,98 @@ +# Copyright © 2018 AT&T USA +# Copyright © 2020 Huawei +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +################################################################# +# Global configuration defaults. +################################################################# +global: + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + msbEnabled: true + security: + aaf: + enabled: false + app: + msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + client: + certs: + truststore: /app/client/org.onap.so.trust.jks + keystore: /app/client/org.onap.so.jks + trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI + keyStorePassword: c280b25hcA== + certificates: + path: /etc/ssl/certs + share_path: /usr/local/share/ca-certificates/ + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: 'so-onap-certs' + name: '{{ include "common.release" . }}-so-certs' + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: + - resources/config/certificates/msb-ca.crt + +################################################################# +# AAF part +################################################################# +certInitializer: + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: so + fqi: so@so.onap.org + public_fqdn: so.onap.org + cadi_longitude: '0.0' + cadi_latitude: '0.0' + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + trustStoreAllPass: changeit + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop + +aafConfig: + permission_user: 1000 + permission_group: 999 + +aaf: + trustore: org.onap.so.trust.jks + keyFile: org.onap.so.keyfile + +################################################################# +# Application configuration defaults. +################################################################# + +livenessProbe: + path: /manage/health + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + +cadi: + logLevel: DEBUG + latitude: 38.4329 + longitude: -90.43248 + aafEnv: IST + aafApiVersion: 2.1 + aafRootNs: org.onap.so + aafLocateUrl: https://aaf-locate.onap:8095 + aafUrl: https://aaf-locate.onap:8095/locate/org.osaaf.aaf.service:2.1 + aafId: so@so.onap.org + aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 + apiEnforcement: org.onap.so.apihPerm + noAuthn: /manage/health diff --git a/kubernetes/so/requirements.yaml b/kubernetes/so/requirements.yaml index 4f4eac48cb..2b60a69589 100755 --- a/kubernetes/so/requirements.yaml +++ b/kubernetes/so/requirements.yaml @@ -18,7 +18,76 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: readinessCheck + version: ~6.x-0 + repository: '@local' - name: mariadb-galera version: ~6.x-0 repository: '@local' condition: global.mariadbGalera.localCluster + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://components/soHelpers' + - name: so-appc-orchestrator + version: ~6.x-0 + repository: 'file://components/so-appc-orchestrator' + condition: so-appc-orchestrator.enabled + - name: so-bpmn-infra + version: ~6.x-0 + repository: 'file://components/so-bpmn-infra' + - name: so-catalog-db-adapter + version: ~6.x-0 + repository: 'file://components/so-catalog-db-adapter' + condition: so-catalog-db-adapter.enabled + - name: so-cnf-adapter + version: ~6.x-0 + repository: "file://components/so-cnf-adapter" + condition: so-cnf-adapter.enabled + - name: so-etsi-nfvo-ns-lcm + version: ~6.x-0 + repository: 'file://components/so-etsi-nfvo-ns-lcm' + condition: so-etsi-nfvo-ns-lcm.enabled + - name: so-mariadb + version: ~6.x-0 + repository: 'file://components/so-mariadb' + - name: so-monitoring + version: ~6.x-0 + repository: 'file://components/so-monitoring' + condition: so-monitoring.enabled + - name: so-nssmf-adapter + version: ~6.x-0 + repository: 'file://components/so-nssmf-adapter' + condition: so-nssmf-adapter.enabled + - name: so-oof-adapter + version: ~6.x-0 + repository: 'file://components/so-oof-adapter' + condition: so-oof-adapter.enabled + - name: so-openstack-adapter + version: ~6.x-0 + repository: 'file://components/so-openstack-adapter' + condition: so-openstack-adapter.enabled + - name: so-request-db-adapter + version: ~6.x-0 + repository: 'file://components/so-request-db-adapter' + - name: so-sdc-controller + version: ~6.x-0 + repository: 'file://components/so-sdc-controller' + - name: so-sdnc-adapter + version: ~6.x-0 + repository: 'file://components/so-sdnc-adapter' + condition: so-sdnc-adapter.enabled + - name: so-ve-vnfm-adapter + version: ~6.x-0 + repository: 'file://components/so-ve-vnfm-adapter' + condition: so-ve-vnfm-adapter.enabled + - name: so-vfc-adapter + version: ~6.x-0 + repository: 'file://components/so-vfc-adapter' + condition: so-vfc-adapter.enabled + - name: so-vnfm-adapter + version: ~6.x-0 + repository: 'file://components/so-vnfm-adapter' + condition: so-vnfm-adapter.enabled diff --git a/kubernetes/so/resources/config/certificates/onap-ca.crt b/kubernetes/so/resources/config/certificates/onap-ca.crt deleted file mode 100755 index e9a50d7ea0..0000000000 --- a/kubernetes/so/resources/config/certificates/onap-ca.crt +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV -BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx -NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK -DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC -ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 -XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn -H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM -pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 -NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg -2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY -wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd -ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM -P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 -aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY -PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G -A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ -UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN -BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz -L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 -7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx -c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf -jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 -RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h -PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF -CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ -Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A -cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR -ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX -dYY= ------END CERTIFICATE----- diff --git a/kubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh b/kubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh index 3280253743..52ba27ddca 100755 --- a/kubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh +++ b/kubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh @@ -1,9 +1,11 @@ #!/bin/sh +{{/* # Copyright 2015 AT&T Intellectual Properties ############################################################################## # Script to initialize the chef-repo branch and.chef # ############################################################################## +*/}} # Copy the certificates echo 'Copying the *.crt provided in /shared folder' cp --verbose /shared/*.crt /usr/local/share/ca-certificates diff --git a/kubernetes/so/resources/config/overrides/override.yaml b/kubernetes/so/resources/config/overrides/override.yaml index 6bd930d7b1..efb3fab558 100755 --- a/kubernetes/so/resources/config/overrides/override.yaml +++ b/kubernetes/so/resources/config/overrides/override.yaml @@ -1,28 +1,28 @@ aai: endpoint: https://aai.{{ include "common.namespace" . }}:8443 - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}} server: port: {{ index .Values.containerPort }} tomcat: max-threads: 50 ssl-enable: false mso: - msoKey: {{ .Values.global.app.msoKey }} + msoKey: {{ .Values.mso.msoKey }} logPath: ./logs/apih site-name: {{ index .Values.global.app.siteName }} adapters: requestDb: endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} catalog: db: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} config: path: /src/main/resources/ - cadi: {{ include "cadi.keys" . | nindent 10}} + cadi: {{ include "so.cadi.keys" . | nindent 10}} infra: default: alacarte: @@ -34,14 +34,14 @@ mso: default: testApi: GR_API camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/ - camundaAuth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.camundaAuth )}} + camundaAuth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.camundaAuth )}} async: core-pool-size: 50 max-pool-size: 50 queue-capacity: 500 sdc: client: - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.sdc.client.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.sdc.client.auth )}} activate: instanceid: test userid: cs0008 @@ -52,7 +52,7 @@ mso: count: 3 aai: endpoint: https://aai.{{ include "common.namespace" . }}:8443 - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}} extApi: endpoint: http://nbi.onap:8080/nbi/api/v3 @@ -62,11 +62,11 @@ mso: username: testuser password: VjR5NDcxSzA= host: http://dmaap-bc.{{ include "common.namespace" . }}:8080 - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.so.operationalEnv.dmaap.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.so.operationalEnv.dmaap.auth )}} publisher: topic: com.att.ecomp.mso.operationalEnvironmentEvent health: - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.health.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.health.auth )}} endpoints: - subsystem: apih uri: http://so-bpmn-infra:8081 @@ -124,4 +124,4 @@ org: cloud-owner: CloudOwner adapters: network: - encryptionKey: {{ .Values.global.app.msoKey }} + encryptionKey: {{ .Values.mso.msoKey }} diff --git a/kubernetes/so/templates/_cadiValues.tpl b/kubernetes/so/templates/_cadiValues.tpl deleted file mode 100644 index 426facc4b1..0000000000 --- a/kubernetes/so/templates/_cadiValues.tpl +++ /dev/null @@ -1,19 +0,0 @@ -{{- define "cadi.keys" -}} -cadiLoglevel: DEBUG -cadiKeyFile: /org.onap.so.keyfile -cadiTrustStore: /app/org.onap.so.trust.jks -cadiTruststorePassword: {{ .Values.global.app.cadi.cadiTruststorePassword }} -cadiLatitude: {{ .Values.global.app.cadi.cadiLatitude }} -cadiLongitude: {{ .Values.global.app.cadi.cadiLongitude }} -aafEnv: {{ .Values.global.app.cadi.aafEnv }} -aafApiVersion: 2.0 -aafRootNs: {{ .Values.global.app.cadi.aafRootNs }} -aafId: {{ .Values.mso.config.cadi.aafId }} -aafPassword: {{ .Values.mso.config.cadi.aafPassword }} -aafLocateUrl: {{ .Values.global.app.cadi.aafLocateUrl }} -aafUrl: {{ .Values.global.app.cadi.aafUrl }} -apiEnforcement: {{ .Values.mso.config.cadi.apiEnforcement }} -{{- if (.Values.global.app.cadi.noAuthn) }} -noAuthn: {{ .Values.mso.config.cadi.noAuthn }} -{{- end }} -{{- end }} diff --git a/kubernetes/so/templates/_certificates.tpl b/kubernetes/so/templates/_certificates.tpl deleted file mode 100644 index 8bd25d27a1..0000000000 --- a/kubernetes/so/templates/_certificates.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{- define "so.certificate.container_importer" -}} -- name: {{ include "common.name" . }}-certs-importer - image: "{{ include "common.repository" . }}/{{ .Values.global.soBaseImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - "/bin/sh" - args: - - "-c" - - "update-ca-certificates --fresh && \ - cp -r {{ .Values.global.certificates.path }}/* /certificates" - volumeMounts: - - name: {{ include "common.name" . }}-certificates - mountPath: /certificates - - name: {{ include "common.name" . }}-onap-certificates - mountPath: {{ .Values.global.certificates.share_path }} -{{- end -}} - -{{- define "so.certificate.volume-mounts" -}} -- name: {{ include "common.name" . }}-certificates - mountPath: {{ .Values.global.certificates.path }} -- name: {{ include "common.name" . }}-onap-certificates - mountPath: {{ .Values.global.certificates.share_path }} -{{- end -}} - -{{- define "so.certificate.volumes" -}} -- name: {{ include "common.name" . }}-certificates - emptyDir: - medium: Memory -- name: {{ include "common.name" . }}-onap-certificates - secret: - secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "so-onap-certs") }} -{{- end -}} diff --git a/kubernetes/so/templates/_livenessProbe.tpl b/kubernetes/so/templates/_livenessProbe.tpl deleted file mode 100644 index 4181beb1f8..0000000000 --- a/kubernetes/so/templates/_livenessProbe.tpl +++ /dev/null @@ -1,17 +0,0 @@ -{{- define "helpers.livenessProbe" -}} -livenessProbe: - httpGet: - path: {{- index .Values.livenessProbe.path|indent 2}} - port: {{ index .Values.containerPort }} - scheme: {{- index .Values.livenessProbe.scheme| indent 2}} - {{- if eq .Values.global.security.aaf.enabled true }} - httpHeaders: - - name: Authorization - value: {{ index .Values.global.aaf.auth.header }} - {{- end }} - initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} - periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} - timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} - successThreshold: {{ index .Values.livenessProbe.successThreshold}} - failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} -{{- end -}} diff --git a/kubernetes/so/templates/_profileProperty.tpl b/kubernetes/so/templates/_profileProperty.tpl deleted file mode 100644 index 113bc343d0..0000000000 --- a/kubernetes/so/templates/_profileProperty.tpl +++ /dev/null @@ -1,3 +0,0 @@ -{{- define "helpers.profileProperty" -}} - {{ if eq .condition true }}{{.value1}}{{else}}{{.value2}} {{ end }} -{{- end -}} diff --git a/kubernetes/so/templates/configmap.yaml b/kubernetes/so/templates/configmap.yaml index 6aa4b5f4f0..74daf41b7f 100755 --- a/kubernetes/so/templates/configmap.yaml +++ b/kubernetes/so/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,11 +12,12 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/templates/deployment.yaml b/kubernetes/so/templates/deployment.yaml index 32f46c23ba..3fee225c03 100755 --- a/kubernetes/so/templates/deployment.yaml +++ b/kubernetes/so/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment metadata: @@ -37,38 +39,31 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - - name: {{ include "common.name" . }}-readiness - command: - - /root/job_complete.py - args: - - --job-name - - {{ include "common.release" . }}-so-mariadb-config-job - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness + initContainers: + {{ include "so.certificate.container_importer" . | indent 6 | trim }} + {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} - image: {{ include "common.repository" . }}/{{ .Values.image }} - resources: -{{ include "common.resources" . | indent 12 }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" + {{- end }} + /app/start-app.sh + {{- end }} env: - name: DB_HOST - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.host + value: {{ include "common.mariadbService" . }} - name: DB_PORT - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.port + value: {{ include "common.mariadbPort" . | quote }} - name: DB_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD @@ -77,27 +72,12 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} - {{- if eq .Values.global.security.aaf.enabled true }} - - name: TRUSTSTORE - value: /app/org.onap.so.trust.jks - - name: TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: trustStorePassword - - name: KEYSTORE - value: /app/org.onap.so.jks - - name: KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: keyStorePassword - {{- end }} + {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config @@ -105,14 +85,14 @@ spec: readOnly: true - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap -{{ include "helpers.livenessProbe" .| indent 8 }} +{{ include "so.helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP # Filebeat sidecar container - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf diff --git a/kubernetes/so/templates/secret.yaml b/kubernetes/so/templates/secret.yaml index bdcecddfa3..5aa3ea3855 100644 --- a/kubernetes/so/templates/secret.yaml +++ b/kubernetes/so/templates/secret.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung Electronics # Modifications Copyright © 2020 Orange # @@ -12,5 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/templates/service.yaml b/kubernetes/so/templates/service.yaml index 336b9f7028..2849edecc7 100755 --- a/kubernetes/so/templates/service.yaml +++ b/kubernetes/so/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service metadata: diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index bc7ff5cb92..358b104367 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2018 AT&T USA -# +# Copyright © 2020 Huawei # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -17,16 +17,13 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 - repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - soBaseImage: onap/so/base-image:1.0 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 mariadbGalera: nameOverride: mariadb-galera serviceName: mariadb-galera - servicePort: "3306" + servicePort: '3306' + service: mariadb-galera + internalPort: '3306' # mariadbRootPassword: secretpassword # rootPasswordExternalSecret: some secret #This flag allows SO to instantiate its own mariadb-galera cluster, @@ -58,19 +55,7 @@ global: siteName: onapheat auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 defaultCloudOwner: onap - cadi: - cadiLoglevel: DEBUG - cadiKeyFile: /app/client/org.onap.so.keyfile - cadiTrustStore: /app/client/org.onap.so.trust.jks - cadiTruststorePassword: enc:MFpuxKeYK6Eo6QXjDUjtOBbp0FthY7SB4mKSIJm_RWC - cadiLatitude: 38.4329 - cadiLongitude: -90.43248 - aafEnv: IST - aafApiVersion: 2.1 - aafRootNs: org.onap.so - aafLocateUrl: https://aaf-locate.onap:8095 - aafUrl: https://aaf-locate.onap:8095/locate/org.osaaf.aaf.service:2.1 - msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + client: certs: truststore: /app/client/org.onap.so.trust.jks @@ -81,6 +66,10 @@ global: path: /etc/ssl/certs share_path: /usr/local/share/ca-certificates/ +readinessCheck: + wait_for: + - so-mariadb-config + ################################################################# # Secrets metaconfig ################################################################# @@ -99,7 +88,7 @@ secrets: passwordPolicy: required annotations: helm.sh/hook: pre-upgrade,pre-install - helm.sh/hook-weight: "0" + helm.sh/hook-weight: '0' helm.sh/hook-delete-policy: before-hook-creation - uid: db-user-creds name: &dbUserCredsSecretName '{{ include "common.release" . }}-so-db-user-creds' @@ -115,13 +104,57 @@ secrets: login: '{{ .Values.dbCreds.adminName }}' password: '{{ .Values.dbCreds.adminPassword }}' passwordPolicy: generate - - uid: "so-onap-certs" + - uid: 'so-onap-certs' name: &so-certs '{{ include "common.release" . }}-so-certs' externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' type: generic filePaths: - - resources/config/certificates/onap-ca.crt - resources/config/certificates/msb-ca.crt + - uid: 'mso-key' + name: &mso-key '{{ include "common.release" . }}-mso-key' + type: password + password: '{{ .Values.mso.msoKey }}' + - uid: mso-oof-auth + name: &mso-oof-auth '{{ include "common.release" . }}-mso-oof-auth' + type: basicAuth + login: '{{ .Values.mso.oof.login }}' + password: '{{ .Values.mso.oof.password }}' + passwordPolicy: required + - uid: server-actuator-creds + name: &actuator-secrets '{{ include "common.release" . }}-so-server-actuator-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}' + login: '{{ .Values.server.actuator.username }}' + password: '{{ .Values.server.actuator.password }}' + passwordPolicy: required + - uid: server-bpel-creds + name: &bpel-secrets '{{ include "common.release" . }}-so-server-bpel-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.server.bpelCredsExternalSecret) . }}' + login: '{{ .Values.server.bpel.username }}' + password: '{{ .Values.server.bpel.password }}' + passwordPolicy: required + - uid: so-aaf-creds + name: &aaf-secrets '{{ include "common.release" . }}-so-server-aaf-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.server.aafCredsExternalSecret) . }}' + login: '{{ .Values.server.aaf.username }}' + password: '{{ .Values.server.aaf.password }}' + passwordPolicy: required + - uid: so-aai-creds + name: &aai-secrets '{{ include "common.release" . }}-so-server-aai-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.server.aaiCredsExternalSecret) . }}' + login: '{{ .Values.server.aai.username }}' + password: '{{ .Values.server.aai.password }}' + passwordPolicy: required + +aafConfig: + permission_user: 1000 + permission_group: 999 + +aaf: + trustore: org.onap.so.trust.jks ################################################################# # Application configuration defaults. @@ -136,24 +169,54 @@ dbCreds: userName: so_user adminName: so_admin -repository: nexus3.onap.org:10001 -image: onap/so/api-handler-infra:1.6.4 +image: onap/so/api-handler-infra:1.7.10 + +server: + aaf: + username: so@so.onap.org + password: demo123456 + # aafCredsExternalSecret: some secret + aai: + username: aai@aai.onap.org + password: demo123456! + # aaiCredsExternalSecret: some secret + actuator: + username: mso_admin + password: password1$ + # actuatorCredsExternalSecret: some secret + bpel: + username: bpel + password: password1$ + # bpelCredsExternalSecret: some secret + pullPolicy: Always replicaCount: 1 minReadySeconds: 10 -containerPort: 8080 +containerPort: &containerPort 8080 logPath: ./logs/apih/ app: api-handler-infra service: - type: NodePort - nodePort: 77 - internalPort: 8080 - externalPort: 8080 - portName: so-apih-port + type: NodePort + nodePort: 77 + internalPort: *containerPort + externalPort: *containerPort + portName: so-apih-port updateStrategy: - type: RollingUpdate - maxUnavailable: 1 - maxSurge: 1 + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 + +################################################################# +# soHelpers part +################################################################# +soHelpers: + nameOverride: so-apih-cert-init + certInitializer: + nameOverride: so-apih-cert-init + credsPath: /opt/app/osaaf/local + certSecret: *so-certs + containerPort: *containerPort + # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) @@ -175,14 +238,6 @@ resources: cpu: 1000m memory: 2Gi unlimited: {} -livenessProbe: - path: /manage/health - scheme: HTTP - initialDelaySeconds: 600 - periodSeconds: 60 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 3 nodeSelector: {} affinity: {} @@ -211,28 +266,26 @@ mariadb-galera: ingress: enabled: false service: - - baseaddr: "so.api" - name: "so" + - baseaddr: 'so.api' + name: 'so' port: 8080 config: - ssl: "none" + ssl: 'none' mso: adapters: requestDb: auth: Basic YnBlbDpwYXNzd29yZDEk - config: - cadi: - aafId: so@so.onap.org - aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 - apiEnforcement: org.onap.so.apihPerm - noAuthn: /manage/health camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A + msoKey: 07a7159d3bf51a0e53be7a8f89699be7 sdc: client: auth: 878785F4F31BC9CFA5AB52A172008212D8845ED2DE08AD5E56AF114720A4E49768B8F95CDA2EB971765D28EDCDAA24 aai: auth: 6E081E10B1CA43A843E303733A74D9B23B601A6E22A21C7EF2C7F15A42F81A1A4E85E65268C2661F71321052C7F3E55B96A8E1E951F8BF6F + oof: + login: test + password: testpwd so: operationalEnv: dmaap: @@ -240,252 +293,95 @@ mso: health: auth: basic bXNvX2FkbWlufHBhc3N3b3JkMSQ= +so-appc-orchestrator: + enabled: false + server: + actuatorCredsExternalSecret: *actuator-secrets + db: + <<: *dbSecrets + so-bpmn-infra: - certSecret: *so-certs db: <<: *dbSecrets - cds: - auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw== - aai: - auth: 221187EFA3AD4E33600DE0488F287099934CE65C3D0697BCECC00BB58E784E07CD74A24581DC31DBC086FF63DF116378776E9BE3D1325885 - mso: - key: 07a7159d3bf51a0e53be7a8f89699be7 - adapters: - requestDb: - auth: Basic YnBlbDpwYXNzd29yZDEk - db: - auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF - password: wLg4sjrAFUS8rfVfdvTXeQ== - po: - auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF - config: - cadi: - aafId: so@so.onap.org - aaafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 - apiEnforcement: org.onap.so.bpmnPerm - noAuthn: /manage/health - sdnc: - password: 1D78CFC35382B6938A989066A7A7EAEF4FE933D2919BABA99EB4763737F39876C333EE5F - sniro: - auth: test:testpwd - endpoint: http://replaceme:28090/optimizationInstance/V1/create - oof: - auth: test:testpwd - so: - vnfm: - adapter: - auth: Basic dm5mbTpwYXNzd29yZDEk so-catalog-db-adapter: - certSecret: *so-certs + enabled: true db: <<: *dbSecrets + +so-cnf-adapter: + enabled: true + db: + <<: *dbSecrets + server: + aafCredsExternalSecret: *aaf-secrets + aaiCredsExternalSecret: *aai-secrets + actuatorCredsExternalSecret: *actuator-secrets mso: - config: - cadi: - aafId: so@so.onap.org - aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 - apiEnforcement: org.onap.so.catalogDbAdapterPerm - noAuthn: /manage/health - adapters: - db: - auth: Basic YnBlbDpwYXNzd29yZDEk + msoKeySecret: *mso-key + +so-etsi-nfvo-ns-lcm: + enabled: true + db: + <<: *dbSecrets + +so-mariadb: + db: + rootPasswordExternalSecretLocalDb: *dbRootPassSecretName + rootPasswordExternalSecret: '{{ ternary .Values.db.rootPasswordExternalSecretLocalDb (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.localCluster }}' + backupCredsExternalSecret: *dbBackupCredsSecretName + userCredsExternalSecret: *dbUserCredsSecretName + adminCredsExternalSecret: *dbAdminCredsSecretName so-monitoring: - certSecret: *so-certs + enabled: true db: <<: *dbSecrets -so-openstack-adapter: - certSecret: *so-certs +so-nssmf-adapter: + enabled: true + server: + actuatorCredsExternalSecret: *actuator-secrets + bpelCredsExternalSecret: *bpel-secrets + db: + <<: *dbSecrets + +so-oof-adapter: + enabled: true db: <<: *dbSecrets - aaf: - auth: - encrypted: 7F182B0C05D58A23A1C4966B9CDC9E0B8BC5CD53BC8C7B4083D869F8D53E9BDC3EFD55C94B1D3F - aai: - auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 - org: - onap: - so: - adapters: - bpelauth: D1A67FA93B6A6419132D0F83CC771AF774FD3C60853C50C22C8C6FC5088CC79E9E81EDE9EA39F22B2F66A0068E - valet: - basic_auth: bXNvOkphY2tkYXdzIGxvdmUgbXkgYmlnIHNwaGlueCBvZiBxdWFydHouCg== mso: - msoKey: 07a7159d3bf51a0e53be7a8f89699be7 - auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4 - basicUser: poBpmn - config: - cadi: - aafId: so@so.onap.org - aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 - apiEnforcement: org.onap.so.openStackAdapterPerm - noAuthn: /manage/health - db: - auth: Basic YnBlbDpwYXNzd29yZDEk + msoKeySecret: *mso-key + camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A + oof: + authSecret: *mso-oof-auth + +so-openstack-adapter: + enabled: true + db: + <<: *dbSecrets so-request-db-adapter: - certSecret: *so-certs db: <<: *dbSecrets - mso: - config: - cadi: - aafId: so@so.onap.org - aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 - apiEnforcement: org.onap.so.requestDbAdapterPerm - noAuthn: /manage/health - adapters: - requestDb: - auth: Basic YnBlbDpwYXNzd29yZDEk so-sdc-controller: - certSecret: *so-certs db: <<: *dbSecrets - aai: - auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 - mso: - msoKey: 07a7159d3bf51a0e53be7a8f89699be7 - config: - cadi: - aafId: so@so.onap.org - aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 - apiEnforcement: org.onap.so.sdcControllerPerm - noAuthn: /manage/health - asdc: - config: - key: 566B754875657232314F5548556D3665 - requestDb: - auth: Basic YnBlbDpwYXNzd29yZDEk - asdc-connections: - asdc-controller1: - password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F so-sdnc-adapter: - certSecret: *so-certs + enabled: true db: <<: *dbSecrets - org: - onap: - so: - adapters: - sdnc: - bpelauth: 4C18603C5AE7E3A42A6CED95CDF9C0BA9B2109B3725747662E5D34E5FDF63DA9ADEBB08185098F14699195FDE9475100 - sdncauth: ED07A7EE5F099FA53369C3DF2240AD68A00154676EEDBC6F8C16BAA83B1912941B8941ABD48683D2C1072DA7040659692DE936A59BBF42A038CF71DE67B4A375190071EC76EA657801B033C135 - network: - encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7 - mso: - config: - cadi: - aafId: so@so.onap.org - aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 - apiEnforcement: org.onap.so.sdncAdapterPerm - noAuthn: /manage/health - adapters: - requestDb: - auth: Basic YnBlbDpwYXNzd29yZDEk - rest: - aafEncrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 so-ve-vnfm-adapter: - certSecret: *so-certs + enabled: false so-vfc-adapter: - certSecret: *so-certs - db: - <<: *dbSecrets - mso: - config: - cadi: - aafId: so@so.onap.org - aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 - apiEnforcement: org.onap.so.vfcAdapterPerm - noAuthn: /manage/health - adapters: - requestDb: - auth: Basic YnBlbDpwYXNzd29yZDEk - -so-nssmf-adapter: - certSecret: *so-certs + enabled: true db: <<: *dbSecrets - aaf: - auth: - username: so@so.onap.org - password: 8DB1C939BFC6A35C3832D0E52E452D0E05AE2537AF142CECD125FF827C05A972FDD0F4700547DA - aai: - auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 - mso: - key: 07a7159d3bf51a0e53be7a8f89699be7 - config: - cadi: - aafId: so@so.onap.org - aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 - apiEnforcement: org.onap.so.nssmfAdapterPerm - noAuthn: /manage/health - adapters: - requestDb: - auth: Basic YnBlbDpwYXNzd29yZDEk so-vnfm-adapter: - certSecret: *so-certs - aaf: - auth: - username: so@so.onap.org - password: 8DB1C939BFC6A35C3832D0E52E452D0E05AE2537AF142CECD125FF827C05A972FDD0F4700547DA - aai: - auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 - sdc: - username: mso - password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F - key: 566B754875657232314F5548556D3665 - mso: - key: 07a7159d3bf51a0e53be7a8f89699be7 - config: - cadi: - aafId: so@so.onap.org - aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 - apiEnforcement: org.onap.so.vnfmAdapterPerm - noAuthn: /manage/health + enabled: true -so-mariadb: - db: - rootPasswordExternalSecretLocalDb: *dbRootPassSecretName - rootPasswordExternalSecret: '{{ ternary .Values.db.rootPasswordExternalSecretLocalDb (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.localCluster }}' - backupCredsExternalSecret: *dbBackupCredsSecretName - userCredsExternalSecret: *dbUserCredsSecretName - adminCredsExternalSecret: *dbAdminCredsSecretName -so-appc-orchestrator: - certSecret: *so-certs - db: - <<: *dbSecrets - mso: - basicUser: poBpmn - auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4 - config: - cadi: - aafId: so@so.onap.org - aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 - apiEnforcement: org.onap.so.openStackAdapterPerm - noAuthn: /manage/health - appc: - client: - topic: - read: - name: APPC-LCM-WRITE - timeout: 360000 - write: APPC-LCM-READ - sdnc: - read: SDNC-LCM-WRITE - write: SDNC-LCM-READ - response: - timeout: 3600000 - key: VIlbtVl6YLhNUrtU - secret: 64AG2hF4pYeG2pq7CT6XwUOT - service: ueb - auth: - rest: - aaf: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= - aafEncrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 diff --git a/kubernetes/uui/charts/uui-server/templates/deployment.yaml b/kubernetes/uui/charts/uui-server/templates/deployment.yaml index 38ab6a7161..ea6f7b7a23 100644 --- a/kubernetes/uui/charts/uui-server/templates/deployment.yaml +++ b/kubernetes/uui/charts/uui-server/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 ZTE # Modifications Copyright © 2018 AT&T, Amdocs, Bell Canada # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -35,7 +37,7 @@ spec: spec: containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} diff --git a/kubernetes/uui/charts/uui-server/templates/service.yaml b/kubernetes/uui/charts/uui-server/templates/service.yaml index 9c799cffec..157dac396d 100644 --- a/kubernetes/uui/charts/uui-server/templates/service.yaml +++ b/kubernetes/uui/charts/uui-server/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/uui/charts/uui-server/values.yaml b/kubernetes/uui/charts/uui-server/values.yaml index be34e3e57f..a43ae6eff0 100644 --- a/kubernetes/uui/charts/uui-server/values.yaml +++ b/kubernetes/uui/charts/uui-server/values.yaml @@ -17,7 +17,7 @@ # Declare variables to be passed into your templates. global: uuiPortPrefix: 303 - readinessRepository: oomk8s + subChartsOnly: enabled: true @@ -25,7 +25,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/usecase-ui-server:3.0.4 +image: onap/usecase-ui-server:3.0.6 pullPolicy: Always # application configuration diff --git a/kubernetes/uui/requirements.yaml b/kubernetes/uui/requirements.yaml index cf085205ab..8f74b745d3 100644 --- a/kubernetes/uui/requirements.yaml +++ b/kubernetes/uui/requirements.yaml @@ -18,4 +18,7 @@ dependencies: # local reference to common chart, as it is # a part of this chart's package and will not # be published independently to a repo (at this point) + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 repository: '@local'
\ No newline at end of file diff --git a/kubernetes/uui/templates/deployment.yaml b/kubernetes/uui/templates/deployment.yaml index d370dfcf05..8c523b2388 100644 --- a/kubernetes/uui/templates/deployment.yaml +++ b/kubernetes/uui/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -35,7 +37,7 @@ spec: spec: containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /bin/bash diff --git a/kubernetes/uui/templates/service.yaml b/kubernetes/uui/templates/service.yaml index e11f7fb287..222100d8c8 100644 --- a/kubernetes/uui/templates/service.yaml +++ b/kubernetes/uui/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/uui/values.yaml b/kubernetes/uui/values.yaml index 79b649c63d..1adb2565a0 100644 --- a/kubernetes/uui/values.yaml +++ b/kubernetes/uui/values.yaml @@ -17,15 +17,14 @@ # Declare variables to be passed into your templates. global: uuiPortPrefix: 303 - readinessRepository: oomk8s + subChartsOnly: enabled: true flavor: small # application image -repository: nexus3.onap.org:10001 -image: onap/usecase-ui:3.0.4 +image: onap/usecase-ui:3.0.6 pullPolicy: Always # application configuration diff --git a/kubernetes/vfc/Makefile b/kubernetes/vfc/Makefile new file mode 100644 index 0000000000..4c79718d02 --- /dev/null +++ b/kubernetes/vfc/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/vfc/charts/vfc-redis/.helmignore b/kubernetes/vfc/charts/vfc-redis/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/vfc/charts/vfc-redis/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/vfc/charts/vfc-redis/templates/service.yaml b/kubernetes/vfc/charts/vfc-redis/templates/service.yaml deleted file mode 100644 index 5f73ac18ff..0000000000 --- a/kubernetes/vfc/charts/vfc-redis/templates/service.yaml +++ /dev/null @@ -1,49 +0,0 @@ -# Copyright (C) 2018 Verizon. All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}2 - - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName }}2 - - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/vfc/charts/vfc-vnflcm/.helmignore b/kubernetes/vfc/charts/vfc-vnflcm/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/vfc/charts/vfc-vnflcm/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/vfc/charts/vfc-vnflcm/templates/configmap.yaml b/kubernetes/vfc/charts/vfc-vnflcm/templates/configmap.yaml deleted file mode 100644 index 1d0751a01b..0000000000 --- a/kubernetes/vfc/charts/vfc-vnflcm/templates/configmap.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-logging-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/templates/configmap.yaml b/kubernetes/vfc/charts/vfc-vnfmgr/templates/configmap.yaml deleted file mode 100644 index 1d0751a01b..0000000000 --- a/kubernetes/vfc/charts/vfc-vnfmgr/templates/configmap.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-logging-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/vfc/charts/vfc-vnfres/templates/configmap.yaml b/kubernetes/vfc/charts/vfc-vnfres/templates/configmap.yaml deleted file mode 100644 index 1d0751a01b..0000000000 --- a/kubernetes/vfc/charts/vfc-vnfres/templates/configmap.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-logging-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/vfc/charts/vfc-vnfres/templates/secrets.yaml b/kubernetes/vfc/charts/vfc-vnfres/templates/secrets.yaml deleted file mode 100644 index b0cc27bd8d..0000000000 --- a/kubernetes/vfc/charts/vfc-vnfres/templates/secrets.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright (c) 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.secretFast" . }} diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/.helmignore b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/configmap.yaml b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/configmap.yaml deleted file mode 100644 index 1d0751a01b..0000000000 --- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/configmap.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-logging-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/vfc/components/Makefile b/kubernetes/vfc/components/Makefile new file mode 100644 index 0000000000..bf267b7720 --- /dev/null +++ b/kubernetes/vfc/components/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/.helmignore b/kubernetes/vfc/components/vfc-generic-vnfm-driver/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/.helmignore +++ b/kubernetes/vfc/components/vfc-generic-vnfm-driver/.helmignore diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/Chart.yaml b/kubernetes/vfc/components/vfc-generic-vnfm-driver/Chart.yaml index 42e4691899..42e4691899 100644 --- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/Chart.yaml +++ b/kubernetes/vfc/components/vfc-generic-vnfm-driver/Chart.yaml diff --git a/kubernetes/vfc/components/vfc-generic-vnfm-driver/requirements.yaml b/kubernetes/vfc/components/vfc-generic-vnfm-driver/requirements.yaml new file mode 100644 index 0000000000..fbe51550f0 --- /dev/null +++ b/kubernetes/vfc/components/vfc-generic-vnfm-driver/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/resources/config/logging/log.yml b/kubernetes/vfc/components/vfc-generic-vnfm-driver/resources/config/logging/log.yml index 123bb298ab..844f993df1 100644 --- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/resources/config/logging/log.yml +++ b/kubernetes/vfc/components/vfc-generic-vnfm-driver/resources/config/logging/log.yml @@ -11,6 +11,9 @@ loggers: level: "DEBUG" propagate: False handlers: + console: + class: "logging.StreamHandler" + formatter: "standard" gvnfmdriverlocal_handler: level: "DEBUG" class: diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/configmap.yaml b/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/configmap.yaml index 1d0751a01b..83f658f751 100644 --- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/configmap.yaml +++ b/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/deployment.yaml index ab4485864e..c910f4786f 100644 --- a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/templates/deployment.yaml +++ b/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -35,29 +37,12 @@ spec: annotations: sidecar.istio.io/inject: "{{.Values.istioSidecar}}" spec: - initContainers: -#Example init container for dependency checking -# - command: -# - /root/ready.py -# args: -# - --container-name -# - mariadb -# env: -# - name: NAMESPACE -# valueFrom: -# fieldRef: -# apiVersion: v1 -# fieldPath: metadata.namespace -# image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" -# imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -# name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} - - containerPort: {{ .Values.service.internalPort2 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{ if .Values.liveness.enabled }} @@ -73,12 +58,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MSB_PROTO - value: "{{ .Values.global.config.msbprotocol }}" + - name: MSB_HOST + value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: REG_TO_MSB_WHEN_START value: "{{ .Values.global.config.reg_to_msb_when_start }}" volumeMounts: @@ -88,8 +71,8 @@ spec: - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logconfig - mountPath: /opt/vfc/hwvnfmdriver/config/log4j.properties - subPath: log4j.properties + mountPath: /opt/vfc/gvnfmdriver/config/log.yml + subPath: log.yml resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -103,7 +86,7 @@ spec: # side car containers - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/service.yaml b/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/service.yaml index e5a244e9d8..df7fe3149a 100644 --- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/service.yaml +++ b/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml b/kubernetes/vfc/components/vfc-generic-vnfm-driver/values.yaml index 8bc90fc79b..df5d830bf7 100644 --- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml +++ b/kubernetes/vfc/components/vfc-generic-vnfm-driver/values.yaml @@ -17,10 +17,8 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 + config: + ssl_enabled: false ################################################################# # Application configuration defaults. @@ -28,8 +26,7 @@ global: # application image flavor: small -repository: nexus3.onap.org:10001 -image: onap/vfc/gvnfmdriver:1.3.9 +image: onap/vfc/gvnfmdriver:1.4.0 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/sdc/charts/sdc-wfd-be/.helmignore b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/.helmignore +++ b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/.helmignore diff --git a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/Chart.yaml b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/Chart.yaml index 6f5734f8f8..6f5734f8f8 100644 --- a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/Chart.yaml +++ b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/Chart.yaml diff --git a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/requirements.yaml b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/requirements.yaml new file mode 100644 index 0000000000..fbe51550f0 --- /dev/null +++ b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/resources/config/logging/log4j.properties b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/resources/config/logging/log4j.properties index 635bcc51ea..e2036398fe 100644 --- a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/resources/config/logging/log4j.properties +++ b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/resources/config/logging/log4j.properties @@ -1,3 +1,4 @@ +{{/* ############################################################################### # Copyright 2016, Huawei Technologies Co., Ltd. # @@ -13,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. ############################################################################### +*/}} log4j.rootLogger=INFO,root log4j.appender.root.Append=true diff --git a/kubernetes/vfc/charts/vfc-nslcm/templates/configmap.yaml b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/configmap.yaml index 1d0751a01b..83f658f751 100644 --- a/kubernetes/vfc/charts/vfc-nslcm/templates/configmap.yaml +++ b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/deployment.yaml index c6987f14ee..4f74d1ddd5 100644 --- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml +++ b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -37,10 +39,11 @@ spec: spec: containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} + - containerPort: {{ .Values.service.internalPort2 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{ if .Values.liveness.enabled }} @@ -71,8 +74,8 @@ spec: - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logconfig - mountPath: /opt/vfc/gvnfmdriver/config/log.yml - subPath: log.yml + mountPath: /opt/vfc/hwvnfmdriver/config/log4j.properties + subPath: log4j.properties resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -86,7 +89,7 @@ spec: # side car containers - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf diff --git a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/templates/service.yaml b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/service.yaml index b8a6b07b32..95a84cff02 100644 --- a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/templates/service.yaml +++ b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/values.yaml b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/values.yaml index 8b27d45a61..8718aff291 100644 --- a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/values.yaml +++ b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/values.yaml @@ -17,10 +17,8 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 + config: + ssl_enabled: false ################################################################# # Application configuration defaults. @@ -28,8 +26,7 @@ global: # application image flavor: small -repository: nexus3.onap.org:10001 -image: onap/vfc/nfvo/svnfm/huawei:1.3.6 +image: onap/vfc/nfvo/svnfm/huawei:1.3.8 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/.helmignore b/kubernetes/vfc/components/vfc-nslcm/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/.helmignore +++ b/kubernetes/vfc/components/vfc-nslcm/.helmignore diff --git a/kubernetes/vfc/charts/vfc-nslcm/Chart.yaml b/kubernetes/vfc/components/vfc-nslcm/Chart.yaml index a58118f3df..a58118f3df 100644 --- a/kubernetes/vfc/charts/vfc-nslcm/Chart.yaml +++ b/kubernetes/vfc/components/vfc-nslcm/Chart.yaml diff --git a/kubernetes/vfc/components/vfc-nslcm/requirements.yaml b/kubernetes/vfc/components/vfc-nslcm/requirements.yaml new file mode 100644 index 0000000000..fbe51550f0 --- /dev/null +++ b/kubernetes/vfc/components/vfc-nslcm/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/vfc/charts/vfc-nslcm/resources/config/logging/log.yml b/kubernetes/vfc/components/vfc-nslcm/resources/config/logging/log.yml index 4ae7ab16a8..c88606239e 100644 --- a/kubernetes/vfc/charts/vfc-nslcm/resources/config/logging/log.yml +++ b/kubernetes/vfc/components/vfc-nslcm/resources/config/logging/log.yml @@ -11,6 +11,9 @@ loggers: level: "DEBUG" propagate: False handlers: + console: + class: "logging.StreamHandler" + formatter: "standard" nslcmlocal_handler: level: "DEBUG" class: diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/configmap.yaml b/kubernetes/vfc/components/vfc-nslcm/templates/configmap.yaml index 1d0751a01b..83f658f751 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/configmap.yaml +++ b/kubernetes/vfc/components/vfc-nslcm/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml b/kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml index 546f5389b0..40ca646e0f 100644 --- a/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml +++ b/kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -37,7 +39,7 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - {{ .Values.config.mariadbService }} @@ -47,7 +49,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: @@ -57,7 +59,7 @@ spec: args: - -c - 'MYSQL_AUTH=${MYSQL_ROOT_USER}:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -76,20 +78,20 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MSB_PROTO - value: "{{ .Values.global.config.msbprotocol }}" + - name: MSB_HOST + value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" - name: MYSQL_ROOT_USER value: "{{ .Values.global.config.mariadb_admin }}" - name: MYSQL_ROOT_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}} - - name: REDIS_ADDR - value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}" + - name: REDIS_HOST + value: "{{ .Values.global.config.redisServiceName }}" + - name: REDIS_PORT + value: "{{ .Values.global.config.redisPort }}" - name: REG_TO_MSB_WHEN_START value: "{{ .Values.global.config.reg_to_msb_when_start }}" volumeMounts: @@ -114,7 +116,7 @@ spec: # side car containers - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf diff --git a/kubernetes/vfc/charts/vfc-nslcm/templates/secrets.yaml b/kubernetes/vfc/components/vfc-nslcm/templates/secrets.yaml index b0cc27bd8d..246928825e 100644 --- a/kubernetes/vfc/charts/vfc-nslcm/templates/secrets.yaml +++ b/kubernetes/vfc/components/vfc-nslcm/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright (c) 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/vfc/charts/vfc-nslcm/templates/service.yaml b/kubernetes/vfc/components/vfc-nslcm/templates/service.yaml index 5484b2cfa2..f46530ded9 100644 --- a/kubernetes/vfc/charts/vfc-nslcm/templates/service.yaml +++ b/kubernetes/vfc/components/vfc-nslcm/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service @@ -32,6 +34,15 @@ metadata: "port": "{{.Values.service.externalPort}}", "enable_ssl": {{ .Values.global.config.ssl_enabled }}, "visualRange":"1" + }, + { + "serviceName": "nslcm", + "version": "v2", + "url": "/api/nslcm/v2", + "protocol": "REST", + "port": "{{.Values.service.externalPort}}", + "enable_ssl": {{ .Values.global.config.ssl_enabled }}, + "visualRange":"1" } ]' spec: diff --git a/kubernetes/vfc/charts/vfc-nslcm/values.yaml b/kubernetes/vfc/components/vfc-nslcm/values.yaml index e36efee902..6b23913a51 100644 --- a/kubernetes/vfc/charts/vfc-nslcm/values.yaml +++ b/kubernetes/vfc/components/vfc-nslcm/values.yaml @@ -17,10 +17,8 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 + config: + ssl_enabled: false ################################################################# # Secrets metaconfig @@ -38,8 +36,7 @@ secrets: # application image flavor: small -repository: nexus3.onap.org:10001 -image: onap/vfc/nslcm:1.3.9 +image: onap/vfc/nslcm:1.4.1 pullPolicy: Always #Istio sidecar injection policy @@ -52,7 +49,7 @@ debugEnabled: false config: mariadbService: vfc-mariadb mariadbPort: 3306 - # mariadbRootPassword: secretpassword + mariadbRootPassword: secretpassword # mariadbRootPasswordExternalSecret: some secret diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/.helmignore b/kubernetes/vfc/components/vfc-redis/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/.helmignore +++ b/kubernetes/vfc/components/vfc-redis/.helmignore diff --git a/kubernetes/vfc/charts/vfc-redis/Chart.yaml b/kubernetes/vfc/components/vfc-redis/Chart.yaml index 59a56209a1..ede374f88b 100644 --- a/kubernetes/vfc/charts/vfc-redis/Chart.yaml +++ b/kubernetes/vfc/components/vfc-redis/Chart.yaml @@ -13,6 +13,6 @@ # limitations under the License. apiVersion: v1 -description: ONAP VFC - DB +description: ONAP VFC - REDIS name: vfc-redis version: 6.0.0 diff --git a/kubernetes/vfc/components/vfc-redis/requirements.yaml b/kubernetes/vfc/components/vfc-redis/requirements.yaml new file mode 100644 index 0000000000..fbe51550f0 --- /dev/null +++ b/kubernetes/vfc/components/vfc-redis/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml b/kubernetes/vfc/components/vfc-redis/templates/deployment.yaml index 0ed9622d99..787c62c3c5 100644 --- a/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml +++ b/kubernetes/vfc/components/vfc-redis/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright (C) 2018 Verizon. All Rights Reserved # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -35,11 +37,10 @@ spec: spec: containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} - - containerPort: {{ .Values.service.internalPort2 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{ if .Values.liveness.enabled }} @@ -54,11 +55,6 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - - name: REG_TO_MSB_WHEN_START - value: "{{ .Values.global.config.reg_to_msb_when_start }}" resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/policy/charts/drools/charts/nexus/templates/service.yaml b/kubernetes/vfc/components/vfc-redis/templates/service.yaml index 7883651a2e..b20f3f8880 100644 --- a/kubernetes/policy/charts/drools/charts/nexus/templates/service.yaml +++ b/kubernetes/vfc/components/vfc-redis/templates/service.yaml @@ -1,5 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +{{/* +# Copyright (C) 2018 Verizon. All Rights Reserved # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service @@ -28,6 +29,7 @@ spec: ports: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} name: {{ .Values.service.portName }} {{- else -}} diff --git a/kubernetes/vfc/charts/vfc-redis/values.yaml b/kubernetes/vfc/components/vfc-redis/values.yaml index 30e2b2ce9a..6ea05d72a6 100644 --- a/kubernetes/vfc/charts/vfc-redis/values.yaml +++ b/kubernetes/vfc/components/vfc-redis/values.yaml @@ -17,10 +17,6 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 ################################################################# # Application configuration defaults. @@ -28,8 +24,7 @@ global: # application image flavor: small -repository: nexus3.onap.org:10001 -image: onap/vfc/db:1.3.3 +image: onap/vfc/db:1.3.4 pullPolicy: Always # flag to enable debugging - application support required @@ -61,10 +56,8 @@ service: type: ClusterIP name: vfc-redis portName: vfc-redis - externalPort: 3306 - internalPort: 3306 - externalPort2: 6379 - internalPort2: 6379 + externalPort: 6379 + internalPort: 6379 ingress: enabled: false diff --git a/kubernetes/sdnc/charts/sdnc-portal/.helmignore b/kubernetes/vfc/components/vfc-vnflcm/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/.helmignore +++ b/kubernetes/vfc/components/vfc-vnflcm/.helmignore diff --git a/kubernetes/vfc/charts/vfc-vnflcm/Chart.yaml b/kubernetes/vfc/components/vfc-vnflcm/Chart.yaml index 5bde32a97c..5bde32a97c 100644 --- a/kubernetes/vfc/charts/vfc-vnflcm/Chart.yaml +++ b/kubernetes/vfc/components/vfc-vnflcm/Chart.yaml diff --git a/kubernetes/vfc/components/vfc-vnflcm/requirements.yaml b/kubernetes/vfc/components/vfc-vnflcm/requirements.yaml new file mode 100644 index 0000000000..fbe51550f0 --- /dev/null +++ b/kubernetes/vfc/components/vfc-vnflcm/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/vfc/charts/vfc-vnflcm/resources/config/logging/log.yml b/kubernetes/vfc/components/vfc-vnflcm/resources/config/logging/log.yml index 4af8faa40f..9dbf475beb 100644 --- a/kubernetes/vfc/charts/vfc-vnflcm/resources/config/logging/log.yml +++ b/kubernetes/vfc/components/vfc-vnflcm/resources/config/logging/log.yml @@ -11,6 +11,9 @@ loggers: level: "DEBUG" propagate: False handlers: + console: + class: "logging.StreamHandler" + formatter: "standard" vnfmgrlocal_handler: level: "DEBUG" class: diff --git a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/templates/configmap.yaml b/kubernetes/vfc/components/vfc-vnflcm/templates/configmap.yaml index 1d0751a01b..83f658f751 100644 --- a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/templates/configmap.yaml +++ b/kubernetes/vfc/components/vfc-vnflcm/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml b/kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml index d78fa3b4ef..b93d7af02b 100644 --- a/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml +++ b/kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -37,7 +39,7 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - {{ .Values.config.mariadbService }} @@ -47,7 +49,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: @@ -57,7 +59,7 @@ spec: args: - -c - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -76,20 +78,20 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MSB_PROTO - value: "{{ .Values.global.config.msbprotocol }}" + - name: MSB_HOST + value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" - name: MYSQL_ROOT_USER value: "{{ .Values.global.config.mariadb_admin }}" - name: MYSQL_ROOT_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}} - - name: REDIS_ADDR - value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}" + - name: REDIS_HOST + value: "{{ .Values.global.config.redisServiceName }}" + - name: REDIS_PORT + value: "{{ .Values.global.config.redisPort }}" - name: REG_TO_MSB_WHEN_START value: "{{ .Values.global.config.reg_to_msb_when_start }}" volumeMounts: @@ -114,7 +116,7 @@ spec: # side car containers - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml b/kubernetes/vfc/components/vfc-vnflcm/templates/secrets.yaml index b0cc27bd8d..246928825e 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml +++ b/kubernetes/vfc/components/vfc-vnflcm/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright (c) 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/vfc/charts/vfc-vnflcm/templates/service.yaml b/kubernetes/vfc/components/vfc-vnflcm/templates/service.yaml index 049e7e1ccc..b64740bbe2 100644 --- a/kubernetes/vfc/charts/vfc-vnflcm/templates/service.yaml +++ b/kubernetes/vfc/components/vfc-vnflcm/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml b/kubernetes/vfc/components/vfc-vnflcm/values.yaml index 48176a70a5..a58b4daa68 100644 --- a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml +++ b/kubernetes/vfc/components/vfc-vnflcm/values.yaml @@ -17,10 +17,8 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 + config: + ssl_enabled: false ################################################################# # Secrets metaconfig @@ -38,8 +36,7 @@ secrets: # application image flavor: small -repository: nexus3.onap.org:10001 -image: onap/vfc/vnflcm:1.3.9 +image: onap/vfc/vnflcm:1.4.0 pullPolicy: Always #Istio sidecar injection policy @@ -52,7 +49,7 @@ debugEnabled: false config: mariadbService: vfc-mariadb mariadbPort: 3306 - # mariadbRootPassword: secretpassword + mariadbRootPassword: secretpassword # mariadbRootPasswordExternalSecret: some secret diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/.helmignore b/kubernetes/vfc/components/vfc-vnfmgr/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/.helmignore +++ b/kubernetes/vfc/components/vfc-vnfmgr/.helmignore diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/Chart.yaml b/kubernetes/vfc/components/vfc-vnfmgr/Chart.yaml index 938ea5d4f1..938ea5d4f1 100644 --- a/kubernetes/vfc/charts/vfc-vnfmgr/Chart.yaml +++ b/kubernetes/vfc/components/vfc-vnfmgr/Chart.yaml diff --git a/kubernetes/vfc/components/vfc-vnfmgr/requirements.yaml b/kubernetes/vfc/components/vfc-vnfmgr/requirements.yaml new file mode 100644 index 0000000000..fbe51550f0 --- /dev/null +++ b/kubernetes/vfc/components/vfc-vnfmgr/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/resources/config/logging/log.yml b/kubernetes/vfc/components/vfc-vnfmgr/resources/config/logging/log.yml index 4af8faa40f..9dbf475beb 100644 --- a/kubernetes/vfc/charts/vfc-vnfmgr/resources/config/logging/log.yml +++ b/kubernetes/vfc/components/vfc-vnfmgr/resources/config/logging/log.yml @@ -11,6 +11,9 @@ loggers: level: "DEBUG" propagate: False handlers: + console: + class: "logging.StreamHandler" + formatter: "standard" vnfmgrlocal_handler: level: "DEBUG" class: diff --git a/kubernetes/vfc/components/vfc-vnfmgr/templates/configmap.yaml b/kubernetes/vfc/components/vfc-vnfmgr/templates/configmap.yaml new file mode 100644 index 0000000000..83f658f751 --- /dev/null +++ b/kubernetes/vfc/components/vfc-vnfmgr/templates/configmap.yaml @@ -0,0 +1,23 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-logging-configmap + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml b/kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml index d8be53bd45..9c8430c9fc 100644 --- a/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml +++ b/kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -37,7 +39,7 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - {{ .Values.config.mariadbService }} @@ -47,7 +49,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: @@ -57,7 +59,7 @@ spec: args: - -c - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -76,16 +78,16 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MSB_PROTO - value: "{{ .Values.global.config.msbprotocol }}" + - name: MSB_HOST + value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" - - name: REDIS_ADDR - value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}" + - name: REDIS_HOST + value: "{{ .Values.global.config.redisServiceName }}" + - name: REDIS_PORT + value: "{{ .Values.global.config.redisPort }}" - name: MYSQL_ROOT_USER value: "{{ .Values.global.config.mariadb_admin }}" - name: MYSQL_ROOT_PASSWORD @@ -114,7 +116,7 @@ spec: # side car containers - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf diff --git a/kubernetes/vfc/charts/vfc-vnflcm/templates/secrets.yaml b/kubernetes/vfc/components/vfc-vnfmgr/templates/secrets.yaml index b0cc27bd8d..246928825e 100644 --- a/kubernetes/vfc/charts/vfc-vnflcm/templates/secrets.yaml +++ b/kubernetes/vfc/components/vfc-vnfmgr/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright (c) 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/templates/service.yaml b/kubernetes/vfc/components/vfc-vnfmgr/templates/service.yaml index d87ad801ba..97ef463977 100644 --- a/kubernetes/vfc/charts/vfc-vnfmgr/templates/service.yaml +++ b/kubernetes/vfc/components/vfc-vnfmgr/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml b/kubernetes/vfc/components/vfc-vnfmgr/values.yaml index 20af3bb5ef..85de68ea47 100644 --- a/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml +++ b/kubernetes/vfc/components/vfc-vnfmgr/values.yaml @@ -17,10 +17,8 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 + config: + ssl_enabled: false ################################################################# # Secrets metaconfig @@ -38,8 +36,7 @@ secrets: # application image flavor: small -repository: nexus3.onap.org:10001 -image: onap/vfc/vnfmgr:1.3.8 +image: onap/vfc/vnfmgr:1.3.9 pullPolicy: Always #Istio sidecar injection policy @@ -52,7 +49,7 @@ debugEnabled: false config: mariadbService: vfc-mariadb mariadbPort: 3306 - # mariadbRootPassword: secretpassword + mariadbRootPassword: secretpassword # mariadbRootPasswordExternalSecret: some secret # default number of instances diff --git a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/.helmignore b/kubernetes/vfc/components/vfc-vnfres/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/.helmignore +++ b/kubernetes/vfc/components/vfc-vnfres/.helmignore diff --git a/kubernetes/vfc/charts/vfc-vnfres/Chart.yaml b/kubernetes/vfc/components/vfc-vnfres/Chart.yaml index 3002bce3e8..3002bce3e8 100644 --- a/kubernetes/vfc/charts/vfc-vnfres/Chart.yaml +++ b/kubernetes/vfc/components/vfc-vnfres/Chart.yaml diff --git a/kubernetes/vfc/components/vfc-vnfres/requirements.yaml b/kubernetes/vfc/components/vfc-vnfres/requirements.yaml new file mode 100644 index 0000000000..fbe51550f0 --- /dev/null +++ b/kubernetes/vfc/components/vfc-vnfres/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/vfc/charts/vfc-vnfres/resources/config/logging/log.yml b/kubernetes/vfc/components/vfc-vnfres/resources/config/logging/log.yml index c4cc1e3072..7644af1e1b 100644 --- a/kubernetes/vfc/charts/vfc-vnfres/resources/config/logging/log.yml +++ b/kubernetes/vfc/components/vfc-vnfres/resources/config/logging/log.yml @@ -11,6 +11,9 @@ loggers: level: "DEBUG" propagate: False handlers: + console: + class: "logging.StreamHandler" + formatter: "standard" vnflcmlocal_handler: level: "DEBUG" class: diff --git a/kubernetes/vfc/components/vfc-vnfres/templates/configmap.yaml b/kubernetes/vfc/components/vfc-vnfres/templates/configmap.yaml new file mode 100644 index 0000000000..83f658f751 --- /dev/null +++ b/kubernetes/vfc/components/vfc-vnfres/templates/configmap.yaml @@ -0,0 +1,23 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-logging-configmap + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml b/kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml index a39eb68af4..2577887523 100644 --- a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml +++ b/kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -37,7 +39,7 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - {{ .Values.config.mariadbService }} @@ -47,7 +49,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: @@ -57,7 +59,7 @@ spec: args: - -c - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -76,16 +78,16 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MSB_PROTO - value: "{{ .Values.global.config.msbprotocol }}" + - name: MSB_HOST + value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" - - name: REDIS_ADDR - value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}" + - name: REDIS_HOST + value: "{{ .Values.global.config.redisServiceName }}" + - name: REDIS_PORT + value: "{{ .Values.global.config.redisPort }}" - name: MYSQL_ROOT_USER value: "{{ .Values.global.config.mariadb_admin }}" - name: MYSQL_ROOT_PASSWORD @@ -114,7 +116,7 @@ spec: # side car containers - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/templates/secrets.yaml b/kubernetes/vfc/components/vfc-vnfres/templates/secrets.yaml index b0cc27bd8d..246928825e 100644 --- a/kubernetes/vfc/charts/vfc-vnfmgr/templates/secrets.yaml +++ b/kubernetes/vfc/components/vfc-vnfres/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright (c) 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/vfc/charts/vfc-vnfres/templates/service.yaml b/kubernetes/vfc/components/vfc-vnfres/templates/service.yaml index 902b4ed481..c043913b70 100644 --- a/kubernetes/vfc/charts/vfc-vnfres/templates/service.yaml +++ b/kubernetes/vfc/components/vfc-vnfres/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/vfc/charts/vfc-vnfres/values.yaml b/kubernetes/vfc/components/vfc-vnfres/values.yaml index 078554d5d6..fd8b26f387 100644 --- a/kubernetes/vfc/charts/vfc-vnfres/values.yaml +++ b/kubernetes/vfc/components/vfc-vnfres/values.yaml @@ -17,10 +17,8 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 + config: + ssl_enabled: false ################################################################# # Secrets metaconfig @@ -38,8 +36,7 @@ secrets: # application image flavor: small -repository: nexus3.onap.org:10001 -image: onap/vfc/vnfres:1.3.7 +image: onap/vfc/vnfres:1.3.8 pullPolicy: Always #Istio sidecar injection policy @@ -52,7 +49,7 @@ debugEnabled: false config: mariadbService: vfc-mariadb mariadbPort: 3306 - # mariadbRootPassword: secretpassword + mariadbRootPassword: secretpassword # mariadbRootPasswordExternalSecret: some secret diff --git a/kubernetes/vfc/charts/vfc-nslcm/.helmignore b/kubernetes/vfc/components/vfc-zte-vnfm-driver/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/vfc/charts/vfc-nslcm/.helmignore +++ b/kubernetes/vfc/components/vfc-zte-vnfm-driver/.helmignore diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/Chart.yaml b/kubernetes/vfc/components/vfc-zte-vnfm-driver/Chart.yaml index d8cd37921e..d8cd37921e 100644 --- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/Chart.yaml +++ b/kubernetes/vfc/components/vfc-zte-vnfm-driver/Chart.yaml diff --git a/kubernetes/vfc/components/vfc-zte-vnfm-driver/requirements.yaml b/kubernetes/vfc/components/vfc-zte-vnfm-driver/requirements.yaml new file mode 100644 index 0000000000..fbe51550f0 --- /dev/null +++ b/kubernetes/vfc/components/vfc-zte-vnfm-driver/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/resources/config/logging/log.yml b/kubernetes/vfc/components/vfc-zte-vnfm-driver/resources/config/logging/log.yml index a0bf170fe6..6c00048ff7 100644 --- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/resources/config/logging/log.yml +++ b/kubernetes/vfc/components/vfc-zte-vnfm-driver/resources/config/logging/log.yml @@ -11,6 +11,9 @@ loggers: level: "DEBUG" propagate: False handlers: + console: + class: "logging.StreamHandler" + formatter: "standard" ztevnfmdriverlocal_handler: level: "DEBUG" class: diff --git a/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/configmap.yaml b/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/configmap.yaml new file mode 100644 index 0000000000..83f658f751 --- /dev/null +++ b/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/configmap.yaml @@ -0,0 +1,23 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-logging-configmap + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/deployment.yaml index 4dd801ac14..8c24dd6c45 100644 --- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml +++ b/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -35,25 +37,9 @@ spec: annotations: sidecar.istio.io/inject: "{{.Values.istioSidecar}}" spec: - initContainers: -#Example init container for dependency checking -# - command: -# - /root/ready.py -# args: -# - --container-name -# - mariadb -# env: -# - name: NAMESPACE -# valueFrom: -# fieldRef: -# apiVersion: v1 -# fieldPath: metadata.namespace -# image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" -# imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -# name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -72,12 +58,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MSB_PROTO - value: "{{ .Values.global.config.msbprotocol }}" + - name: MSB_HOST + value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: SSL_ENABLED value: "{{ .Values.global.config.ssl_enabled }}" - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: REG_TO_MSB_WHEN_START value: "{{ .Values.global.config.reg_to_msb_when_start }}" volumeMounts: @@ -102,7 +86,7 @@ spec: # side car containers - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/service.yaml b/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/service.yaml index 5b22914f38..826b6904f9 100644 --- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/service.yaml +++ b/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml b/kubernetes/vfc/components/vfc-zte-vnfm-driver/values.yaml index 6c0f829c80..4dbdfe9e33 100644 --- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml +++ b/kubernetes/vfc/components/vfc-zte-vnfm-driver/values.yaml @@ -17,10 +17,8 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 + config: + ssl_enabled: false ################################################################# # Application configuration defaults. @@ -28,8 +26,7 @@ global: # application image flavor: small -repository: nexus3.onap.org:10001 -image: onap/vfc/ztevnfmdriver:1.3.6 +image: onap/vfc/ztevnfmdriver:1.3.8 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/requirements.yaml b/kubernetes/vfc/requirements.yaml index 8d6c55931d..1ac82cbecb 100644 --- a/kubernetes/vfc/requirements.yaml +++ b/kubernetes/vfc/requirements.yaml @@ -19,3 +19,38 @@ dependencies: - name: mariadb-galera version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' + - name: vfc-generic-vnfm-driver + version: ~6.x-0 + repository: 'file://components/vfc-generic-vnfm-driver' + condition: vfc-generic-vnfm-driver.enabled + - name: vfc-huawei-vnfm-driver + version: ~6.x-0 + repository: 'file://components/vfc-huawei-vnfm-driver' + condition: vfc-huawei-vnfm-driver.enabled + - name: vfc-nslcm + version: ~6.x-0 + repository: 'file://components/vfc-nslcm' + condition: vfc-nslcm.enabled + - name: vfc-redis + version: ~6.x-0 + repository: 'file://components/vfc-redis' + condition: vfc-redis.enabled + - name: vfc-vnflcm + version: ~6.x-0 + repository: 'file://components/vfc-vnflcm' + condition: vfc-vnflcm.enabled + - name: vfc-vnfmgr + version: ~6.x-0 + repository: 'file://components/vfc-vnfmgr' + condition: vfc-vnfmgr.enabled + - name: vfc-vnfres + version: ~6.x-0 + repository: 'file://components/vfc-vnfres' + condition: vfc-vnfres.enabled + - name: vfc-zte-vnfm-driver + version: ~6.x-0 + repository: 'file://components/vfc-zte-vnfm-driver' + condition: vfc-zte-vnfm-driver.enabled diff --git a/kubernetes/vfc/templates/configmap.yaml b/kubernetes/vfc/templates/configmap.yaml index 22a9844fa9..88fda224ee 100644 --- a/kubernetes/vfc/templates/configmap.yaml +++ b/kubernetes/vfc/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/vfc/templates/secrets.yaml b/kubernetes/vfc/templates/secrets.yaml index b0cc27bd8d..246928825e 100644 --- a/kubernetes/vfc/templates/secrets.yaml +++ b/kubernetes/vfc/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright (c) 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/vfc/values.yaml b/kubernetes/vfc/values.yaml index 05e8c64974..28cee56904 100644 --- a/kubernetes/vfc/values.yaml +++ b/kubernetes/vfc/values.yaml @@ -62,19 +62,32 @@ db: &dbConfig mariadbPort: 3306 mariadbRootPasswordExternalSecret: *dbRootPassSecret +vfc-generic-vnfm-driver: + enabled: true + +vfc-huawei-vnfm-driver: + enabled: true + vfc-nslcm: + enabled: true config: << : *dbConfig +vfc-redis: + enabled: true + vfc-vnflcm: + enabled: true config: << : *dbConfig vfc-vnfmgr: + enabled: true config: << : *dbConfig vfc-vnfres: + enabled: true config: << : *dbConfig @@ -86,3 +99,6 @@ vfc-workflow: vfc-workflow-engine: config: workflowPort: 10550 + +vfc-zte-vnfm-driver: + enabled: true
\ No newline at end of file diff --git a/kubernetes/vid/requirements.yaml b/kubernetes/vid/requirements.yaml index e7764e08e8..ed8b8057d9 100644 --- a/kubernetes/vid/requirements.yaml +++ b/kubernetes/vid/requirements.yaml @@ -22,3 +22,9 @@ dependencies: - name: mariadb-galera version: ~6.x-0 repository: '@local' + condition: global.mariadbGalera.localCluster + - name: mariadb-init + version: ~6.x-0 + repository: '@local' + condition: not global.mariadbGalera.localCluster + diff --git a/kubernetes/vid/resources/config/db_cmd.sh b/kubernetes/vid/resources/config/db_cmd.sh index 95b83d4b59..efd92b223f 100644..100755 --- a/kubernetes/vid/resources/config/db_cmd.sh +++ b/kubernetes/vid/resources/config/db_cmd.sh @@ -1,5 +1,7 @@ #!/bin/sh +{{/* # Copyright © 2018 AT&T +# Copyright © 2020 Aarna Networks # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,11 +14,31 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} + +DB={{index .Values "mariadb-galera" "config" "mysqlDatabase" | upper }} +eval "MYSQL_USER=\$MYSQL_USER_${DB}" +eval "MYSQL_PASSWORD=\$MYSQL_PASSWORD_${DB}" + +#echo "Going to run mysql ${DB} -u${MYSQL_USER} -p${MYSQL_PASSWORD} -h${DB_HOST} -P${DB_PORT} ..." +mysql -u${MYSQL_USER} -p${MYSQL_PASSWORD} -h${DB_HOST} -P${DB_PORT} <<'EOD' +CREATE TABLE IF NOT EXISTS `{{index .Values "mariadb-galera" "config" "mysqlDatabase" }}`.`schema_info` ( +`SCHEMA_ID` VARCHAR(25) NOT NULL, +`SCHEMA_DESC` VARCHAR(75) NOT NULL, +`DATASOURCE_TYPE` VARCHAR(100) NULL DEFAULT NULL, +`CONNECTION_URL` VARCHAR(200) NOT NULL, +`USER_NAME` VARCHAR(45) NOT NULL, +`PASSWORD` VARCHAR(45) NULL DEFAULT NULL, +`DRIVER_CLASS` VARCHAR(100) NOT NULL, +`MIN_POOL_SIZE` INT(11) NOT NULL, +`MAX_POOL_SIZE` INT(11) NOT NULL, +`IDLE_CONNECTION_TEST_PERIOD` INT(11) NOT NULL) +ENGINE = InnoDB +DEFAULT CHARACTER SET = utf8; +EOD -echo "Going to run mysql -u${MYSQL_USER} -p${MYSQL_PASSWORD} -h${MYSQL_HOST} -P${MYSQL_PORT} ..." -mysql -u${MYSQL_USER} -p${MYSQL_PASSWORD} -h${MYSQL_HOST} -P${MYSQL_PORT} < /db-config/vid-pre-init.sql if [ $? -ne 0 ];then - echo "ERROR: Failed to run ${cmd} vid-pre-init.sql" + echo "ERROR: Failed to run cmd vid-pre-init.sql" exit 1 else echo "INFO: Database initialized successfully" diff --git a/kubernetes/vid/resources/config/log/filebeat/filebeat.yml b/kubernetes/vid/resources/config/log/filebeat/filebeat.yml index 1854263feb..9a721a885e 100644 --- a/kubernetes/vid/resources/config/log/filebeat/filebeat.yml +++ b/kubernetes/vid/resources/config/log/filebeat/filebeat.yml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} filebeat.prospectors: #it is mandatory, in our case it's log diff --git a/kubernetes/vid/resources/config/vid-pre-init.sql b/kubernetes/vid/resources/config/vid-pre-init.sql deleted file mode 100644 index 2dbbbcce6d..0000000000 --- a/kubernetes/vid/resources/config/vid-pre-init.sql +++ /dev/null @@ -1,29 +0,0 @@ -/* -# Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/ - -CREATE TABLE IF NOT EXISTS `vid_openecomp_epsdk`.`schema_info` ( -`SCHEMA_ID` VARCHAR(25) NOT NULL, -`SCHEMA_DESC` VARCHAR(75) NOT NULL, -`DATASOURCE_TYPE` VARCHAR(100) NULL DEFAULT NULL, -`CONNECTION_URL` VARCHAR(200) NOT NULL, -`USER_NAME` VARCHAR(45) NOT NULL, -`PASSWORD` VARCHAR(45) NULL DEFAULT NULL, -`DRIVER_CLASS` VARCHAR(100) NOT NULL, -`MIN_POOL_SIZE` INT(11) NOT NULL, -`MAX_POOL_SIZE` INT(11) NOT NULL, -`IDLE_CONNECTION_TEST_PERIOD` INT(11) NOT NULL) -ENGINE = InnoDB -DEFAULT CHARACTER SET = utf8;
\ No newline at end of file diff --git a/kubernetes/vid/templates/configmap.yaml b/kubernetes/vid/templates/configmap.yaml index 42f2099836..0ba466dfb9 100644 --- a/kubernetes/vid/templates/configmap.yaml +++ b/kubernetes/vid/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap @@ -41,7 +43,7 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }} + name: {{ include "common.fullname" . }}-db-init namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -49,4 +51,4 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
\ No newline at end of file +{{ tpl (.Files.Glob "resources/config/db_cmd.sh").AsConfig . | indent 2 }} diff --git a/kubernetes/vid/templates/deployment.yaml b/kubernetes/vid/templates/deployment.yaml index a031dbcede..41b0019cbe 100644 --- a/kubernetes/vid/templates/deployment.yaml +++ b/kubernetes/vid/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Copyright © 2020 Samsung Electronics # @@ -12,8 +13,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} @@ -24,6 +26,9 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: + selector: + matchLabels: + app: {{ include "common.name" . }} replicas: {{ .Values.replicaCount }} template: metadata: @@ -33,17 +38,17 @@ spec: spec: initContainers: - command: - - /root/job_complete.py + - /app/ready.py args: - --job-name - - {{ include "common.fullname" . }}-galera-config + - {{ include "common.fullname" . }}-mariadb-init-config-job env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: @@ -100,9 +105,9 @@ spec: - name: VID_UEB_URL_LIST value: message-router.{{ include "common.namespace" . }} - name: VID_MYSQL_HOST - value: {{ index .Values "mariadb-galera" "service" "name" }} + value: {{ include "common.mariadbService" . }} - name: VID_MYSQL_PORT - value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}" + value: "{{ include "common.mariadbPort" . }}" - name: VID_MYSQL_DBNAME value: {{ index .Values "mariadb-galera" "config" "mysqlDatabase" }} - name: VID_MYSQL_USER diff --git a/kubernetes/vid/templates/job.yaml b/kubernetes/vid/templates/job.yaml deleted file mode 100644 index 724b4e11a6..0000000000 --- a/kubernetes/vid/templates/job.yaml +++ /dev/null @@ -1,80 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "common.fullname" . }}-galera-config - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-job - release: {{ include "common.release" . }} -spec: - template: - metadata: - labels: - app: {{ include "common.name" . }}-job - release: {{ include "common.release" . }} - spec: - initContainers: -#This container checks that all galera instances are up before initializing it. - - name: {{ include "common.name" . }}-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /root/ready.py - - --container-name - - {{ index .Values "mariadb-galera" "service" "name" }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - containers: - - name: {{ include "common.name" . }}-job - image: {{ .Values.mariadb_image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /dbcmd-config/db_cmd.sh - name: {{ include "common.fullname" . }}-config - subPath: db_cmd.sh - - mountPath: /db-config/vid-pre-init.sql - name: {{ include "common.fullname" . }}-config - subPath: vid-pre-init.sql - command: - - /bin/sh - args: - - -x - - /dbcmd-config/db_cmd.sh - env: - - name: MYSQL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 10 }} - - name: MYSQL_HOST - value: {{ index .Values "mariadb-galera" "service" "name" }} - - name: MYSQL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 10 }} - - name: MYSQL_PORT - value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}" - restartPolicy: Never - volumes: - - name: {{ include "common.fullname" . }}-config - configMap: - name: {{ include "common.fullname" . }} - items: - - key: db_cmd.sh - path: db_cmd.sh - - key: vid-pre-init.sql - path: vid-pre-init.sql diff --git a/kubernetes/vid/templates/secrets.yaml b/kubernetes/vid/templates/secrets.yaml index 9be979bba5..72934fffd8 100644 --- a/kubernetes/vid/templates/secrets.yaml +++ b/kubernetes/vid/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # Copyright © 2020 Samsung Electronics # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} --- diff --git a/kubernetes/vid/templates/service.yaml b/kubernetes/vid/templates/service.yaml index b5973ef6ea..e62f64d366 100644 --- a/kubernetes/vid/templates/service.yaml +++ b/kubernetes/vid/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml index 63c6307f06..93de57e4b3 100644 --- a/kubernetes/vid/values.yaml +++ b/kubernetes/vid/values.yaml @@ -18,10 +18,15 @@ # Declare variables to be passed into your templates. global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 + readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + mariadbGalera: &mariadbGalera + #This flag allows VID to instantiate its own mariadb-galera cluster + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera ################################################################# # Secrets metaconfig @@ -39,12 +44,9 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/vid:6.0.4 +image: onap/vid:7.0.0 pullPolicy: Always -# mariadb image for initializing -mariadb_image: library/mariadb:10 - # application configuration config: db: @@ -68,7 +70,9 @@ config: roleaccesscentralized: remote mariadb-galera: - config: + # '&mariadbConfig' means we "store" the values for later use in the file + # with '*mariadbConfig' pointer. + config: &mariadbConfig userCredentialsExternalSecret: '{{ include "common.release" . }}-vid-db-user-secret' mysqlDatabase: vid_openecomp_epsdk nameOverride: vid-galera @@ -84,6 +88,13 @@ mariadb-galera: [mysqld] lower_case_table_names = 1 +mariadb-init: + config: *mariadbConfig + nameOverride: vid-mariadb-init + # A configMap of same name is created. It points to file that will be run after + # The DB has been created. + dbScriptConfigMap: '{{ include "common.release" . }}-vid-db-init' + # default number of instances replicaCount: 1 diff --git a/kubernetes/vnfsdk/requirements.yaml b/kubernetes/vnfsdk/requirements.yaml index a287d9c928..1b01fddcd9 100644 --- a/kubernetes/vnfsdk/requirements.yaml +++ b/kubernetes/vnfsdk/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: postgres version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/vnfsdk/resources/config/configuration.xml b/kubernetes/vnfsdk/resources/config/configuration.xml index 6bd4e1c8eb..09b6551c00 100644 --- a/kubernetes/vnfsdk/resources/config/configuration.xml +++ b/kubernetes/vnfsdk/resources/config/configuration.xml @@ -23,7 +23,7 @@ PUBLIC "//mybatis.org//DTD Config 3.0//EN" <transactionManager type="JDBC" /> <dataSource type="UNPOOLED"> <property name="driver" value="org.postgresql.Driver" /> - <property name="url" value="jdbc:postgresql://{{ .Values.postgres.service.name }}:{{ .Values.postgres.service.externalPort }}/marketplaceDB" /> + <property name="url" value="jdbc:postgresql://{{.Values.postgres.service.name2}}:{{.Values.postgres.service.externalPort}}/marketplaceDB" /> <property name="username" value="${PG_USER}" /> <property name="password" value="${PG_PASSWORD}" /> </dataSource> diff --git a/kubernetes/vnfsdk/templates/configmap.yaml b/kubernetes/vnfsdk/templates/configmap.yaml index 0c39e6e685..c41c3ef0d6 100644 --- a/kubernetes/vnfsdk/templates/configmap.yaml +++ b/kubernetes/vnfsdk/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/vnfsdk/templates/deployment.yaml b/kubernetes/vnfsdk/templates/deployment.yaml index 95f68018af..7e4ad5bd92 100644 --- a/kubernetes/vnfsdk/templates/deployment.yaml +++ b/kubernetes/vnfsdk/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -49,12 +51,12 @@ spec: name: init-data-input - mountPath: /config name: init-data - image: "{{ .Values.global.envsubstImage }}" + image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config - command: - - /root/ready.py + - /app/ready.py args: - --container-name - "{{ .Values.postgres.nameOverride }}" @@ -64,16 +66,16 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: - - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }} resources: {{ include "common.resources" . | indent 12 }} - volumes: + volumeMounts: - mountPath: /service/webapps/ROOT/WEB-INF/classes/mybatis/configuration/configuration.xml name: init-data subPath: configuration.xml diff --git a/kubernetes/vnfsdk/templates/job.yaml b/kubernetes/vnfsdk/templates/job.yaml index 1d0dd29f59..7c320fc86f 100644 --- a/kubernetes/vnfsdk/templates/job.yaml +++ b/kubernetes/vnfsdk/templates/job.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: batch/v1 kind: Job @@ -33,7 +35,7 @@ spec: restartPolicy: Never initContainers: - command: - - /root/ready.py + - /app/ready.py args: - --container-name - "{{ .Values.postgres.nameOverride }}" @@ -43,12 +45,12 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy}} name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }}-job - image: "{{ .Values.postgresRepository }}/{{ .Values.postgresImage }}" + image: {{ include "repositoryGenerator.image.postgres" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: PGUSER diff --git a/kubernetes/vnfsdk/templates/service.yaml b/kubernetes/vnfsdk/templates/service.yaml index 3f2ea9c2f8..25786bd7ad 100644 --- a/kubernetes/vnfsdk/templates/service.yaml +++ b/kubernetes/vnfsdk/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml index e6a489b3e3..55eea0fa60 100644 --- a/kubernetes/vnfsdk/values.yaml +++ b/kubernetes/vnfsdk/values.yaml @@ -17,12 +17,6 @@ ################################################################# global: nodePortPrefix: 302 - repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - envsubstImage: dibi/envsubst secrets: - uid: pg-root-pass @@ -43,10 +37,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/vnfsdk/refrepo:1.5.2 -postgresRepository: crunchydata -postgresImage: crunchy-postgres:centos7-10.3-1.8.2 +image: onap/vnfsdk/refrepo:1.6.2 pullPolicy: Always # application configuration override for postgres |