diff options
29 files changed, 73 insertions, 47 deletions
diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml index b1e85c00cc..1312d98009 100644 --- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml +++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml @@ -47,6 +47,8 @@ - name: {{ include "common.name" $dot }}-aaf-config image: {{ include "repositoryGenerator.repository" $subchartDot }}/{{ $subchartDot.Values.global.aafAgentImage }} imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }} + securityContext: + runAsUser: 0 volumeMounts: - mountPath: {{ $initRoot.mountPath }} name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }} diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml index bb3af76115..22832c936d 100644 --- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml +++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml @@ -78,7 +78,7 @@ spec: - -ec - | {{- if (not (empty (.Values.galera.bootstrap.bootstrapFromNode | quote)))}} - {{- $fullname := include "common.names.fullname" . }} + {{- $fullname := include "common.fullname" . }} {{- $bootstrapFromNode := int .Values.galera.bootstrap.bootstrapFromNode }} # Bootstrap from the indicated node NODE_ID="${MY_POD_NAME#"{{ $fullname }}-"}" diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl index ef49f8c5d4..ef846034d0 100644 --- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl @@ -1,7 +1,7 @@ {{/* #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved. # Copyright (c) 2021 AT&T Intellectual Property. All rights reserved. # Copyright (c) 2021 Nokia. All rights reserved. # Copyright (c) 2021 Nordix Foundation. @@ -176,7 +176,7 @@ The Deployment always includes a single Pod, with a container that uses the DCAE microservice image. The Deployment Pod may also include a logging sidecar container. -The sidecar is included if .Values.logDirectory is set. The +The sidecar is included if .Values.log.path is set. The logging sidecar and the DCAE microservice container share a volume where the microservice logs are written. @@ -222,7 +222,8 @@ policies: */}} {{- define "dcaegen2-services-common.microserviceDeployment" -}} -{{- $logDir := default "" .Values.log.path -}} +{{- $log := default dict .Values.log -}} +{{- $logDir := default "" $log.path -}} {{- $certDir := default "" .Values.certDirectory . -}} {{- $tlsServer := default "" .Values.tlsServer -}} {{- $commonRelease := print (include "common.release" .) -}} diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml index 2ce6c89775..d53a83daa4 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml @@ -1,6 +1,7 @@ # ================================ LICENSE_START ========================== # ========================================================================= # Copyright (c) 2021 Nordix Foundation. +# Copyright (c) 2022 Nokia. All rights reserved. # ========================================================================= # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -51,7 +52,7 @@ certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice- # Application Configuration Defaults. ################################################################# # Application Image -image: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.6.1 +image: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.7.1 pullPolicy: Always # Log directory where logging sidecar should look for log files @@ -96,7 +97,6 @@ certificates: readinessCheck: wait_for: containers: - - dcae-config-binding-service - aaf-cm - dmaap-bc - dmaap-provisioning-job @@ -120,12 +120,6 @@ service: plain_port: 8100 port_protocol: http -# Environment variables -applicationEnv: -# Empty path forces DFC to use Consul configuration, which allows app runtime reconfiguration. -# It's a workaround because DMAAP specific env variables are not available in main container. - CBS_CLIENT_CONFIG_PATH: '' - # Data Router Publisher Credentials drPubscriberCreds: username: username diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml index 07306e1286..ec320ebef8 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml @@ -79,7 +79,6 @@ tlsServer: true # Dependencies readinessCheck: wait_for: - - dcae-config-binding-service - aaf-cm - &postgresName dcae-datalake-postgres diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml index 4ed0a83677..c325569de5 100644 --- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml @@ -79,7 +79,6 @@ tlsServer: true # Dependencies readinessCheck: wait_for: - - dcae-config-binding-service - aaf-cm - &postgresName dcae-heartbeat-postgres diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml index 65a5d04d80..a8a30f4d12 100644 --- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml @@ -93,7 +93,6 @@ certificates: # dependencies readinessCheck: wait_for: - - dcae-config-binding-service - aaf-cm # probe configuration diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml index 037dd0aec0..8425024ba6 100644 --- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml @@ -78,7 +78,6 @@ policies: # Dependencies readinessCheck: wait_for: - - dcae-config-binding-service - aaf-cm # Probe Configuration diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml index 39c4a8ed50..0d28683feb 100644 --- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml @@ -1,6 +1,7 @@ # ================================ LICENSE_START ========================== # ========================================================================= # Copyright (C) 2021 Nordix Foundation. +# Copyright (c) 2022 Nokia. All rights reserved. # ========================================================================= # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -55,7 +56,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1. # Application Configuration Defaults. ################################################################# # Application Image -image: onap/org.onap.dcaegen2.services.pm-mapper:1.7.2 +image: onap/org.onap.dcaegen2.services.pm-mapper:1.8.0 pullPolicy: Always # Log directory where logging sidecar should look for log files @@ -78,7 +79,6 @@ tlsServer: true readinessCheck: wait_for: containers: - - dcae-config-binding-service - aaf-cm - dmaap-bc - dmaap-provisioning-job @@ -131,14 +131,14 @@ credentials: # Initial Application Configuration applicationConfig: enable_tls: true - enable_http: false - aaf_identity: ${AAF_IDENTITY} - aaf_password: ${AAF_PASSWORD} + enable_http: true + aaf_identity: "" + aaf_password: "" pm-mapper-filter: "{ \"filters\":[] }" - key_store_path: /opt/app/pm-mapper/etc/cert/cert.jks - key_store_pass_path: /opt/app/pm-mapper/etc/cert/jks.pass - trust_store_path: /opt/app/pm-mapper/etc/cert/trust.jks - trust_store_pass_path: /opt/app/pm-mapper/etc/cert/trust.pass + key_store_path: "" + key_store_pass_path: "" + trust_store_path: "" + trust_store_pass_path: "" dmaap_dr_delete_endpoint: https://dmaap-dr-node:8443/delete streams_publishes: dmaap_publisher: @@ -147,7 +147,7 @@ applicationConfig: client_id: ${MR_FILES_PUBLISHER_CLIENT_ID_0} location: san-francisco client_role: org.onap.dcae.pmPublisher - topic_url: http://message-router:3904/events/org.onap.dmaap.mr.PERFORMANCE_MEASUREMENTS + topic_url: http://message-router:3904/events/unauthenticated.PERFORMANCE_MEASUREMENTS streams_subscribes: dmaap_subscriber: type: data_router diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml index 4bdd2b8088..80014e7528 100644 --- a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml @@ -57,7 +57,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1. # Application Configuration Defaults. ################################################################# # Application Image -image: onap/org.onap.dcaegen2.services.pmsh:1.3.2 +image: onap/org.onap.dcaegen2.services.pmsh:2.0.0 pullPolicy: Always # Log directory where logging sidecar should look for log files @@ -79,7 +79,6 @@ tlsServer: true # Dependencies readinessCheck: wait_for: - - dcae-config-binding-service - aaf-cm - &postgresName dcae-pmsh-postgres diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml index a4ed6994f7..7886ed75a8 100644 --- a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml @@ -1,6 +1,7 @@ #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2021 J. F. Lucas. All rights reserved. +# Copyright (c) 2022 Nokia. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -40,7 +41,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1. # Application configuration defaults. ################################################################# # application image -image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.7.1 +image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.8.0 pullPolicy: Always # log directory where logging sidecar should look for log files @@ -69,7 +70,6 @@ secrets: # dependencies readinessCheck: wait_for: - - dcae-config-binding-service - aaf-cm # probe configuration diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml index 543b79b9c0..4c736c49f0 100644 --- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml @@ -51,7 +51,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1. # Application Configuration Defaults. ################################################################# # Application Image -image: onap/org.onap.dcaegen2.collectors.restconfcollector:1.2.7 +image: onap/org.onap.dcaegen2.collectors.restconfcollector:1.3.2 pullPolicy: Always # Log directory where logging sidecar should look for log files @@ -73,7 +73,6 @@ tlsServer: true # Dependencies readinessCheck: wait_for: - - dcae-config-binding-service - aaf-cm # Probe Configuration diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml index 6cebca6412..cf9e84bfe2 100644 --- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml @@ -78,7 +78,6 @@ tlsServer: true # Dependencies readinessCheck: wait_for: - - dcae-config-binding-service - aaf-cm - &postgresName dcae-sliceanalysisms-postgres diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml index 51ec337724..25f0c3b730 100644 --- a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml @@ -57,10 +57,11 @@ logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # and key from AAF and mount them in certDirectory. tlsServer: true + # Dependencies readinessCheck: wait_for: - - dcae-config-binding-service + - message-router # Probe Configuration readiness: diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml index 94c4d880dd..a99623bc07 100644 --- a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml @@ -91,7 +91,6 @@ policies: # Dependencies readinessCheck: wait_for: - - dcae-config-binding-service - aaf-cm - &postgresName dcae-sonhms-postgres diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml index a65fa7c347..cb03d89d25 100644 --- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml @@ -71,7 +71,6 @@ secrets: # dependencies readinessCheck: wait_for: - - dcae-config-binding-service - aaf-cm # probe configuration diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml index 508cea4766..13b71ec44d 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml @@ -1,7 +1,7 @@ #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2021 J. F. Lucas. All rights reserved. -# Copyright (c) 2021 Nokia. All rights reserved. +# Copyright (c) 2021-2022 Nokia. All rights reserved. # Copyright (c) 2022 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -43,7 +43,7 @@ certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice- # Application configuration defaults. ################################################################# # application image -image: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.3 +image: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.11.0 pullPolicy: Always # log directory where logging sidecar should look for log files @@ -87,7 +87,6 @@ certificates: # dependencies readinessCheck: wait_for: - - dcae-config-binding-service - aaf-cm # probe configuration diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml index d11f167acf..c9ee185984 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml @@ -40,7 +40,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1. # Application Configuration Defaults. ################################################################# # Application Image -image: onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:1.3.2 +image: onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:1.3.3 pullPolicy: Always # Log directory where logging sidecar should look for log files @@ -62,7 +62,6 @@ logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # Dependencies readinessCheck: wait_for: - - dcae-config-binding-service - aaf-cm # Service Configuration @@ -77,6 +76,9 @@ service: # application environments applicationEnv: LOG4J_FORMAT_MSG_NO_LOOKUPS: 'true' + CONFIG_BINDING_SERVICE_SERVICE_PORT: '10000' # Workaround until DCAEGEN2-3098 is addressed + CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml' + # Initial Application Configuration applicationConfig: diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index b1671f00f5..417d968ac9 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -98,8 +98,8 @@ default_k8s_location: central # Use to override default setting in blueprints componentImages: tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.3.1 - ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.1 - prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.7.1 + ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.11.0 + prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.8.0 hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.10.0 # Resource Limit flavor -By Default using small diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml index 2c276a7827..d4452480a0 100644 --- a/kubernetes/dcaegen2/values.yaml +++ b/kubernetes/dcaegen2/values.yaml @@ -48,7 +48,7 @@ dcae-cloudify-manager: config: cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-config-binding-service: - enabled: true + enabled: false dcae-dashboard: enabled: false config: @@ -58,7 +58,7 @@ dcae-deployment-handler: config: cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-healthcheck: - enabled: true + enabled: false dcae-inventory-api: enabled: false dcae-policy-handler: diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml index a0b6fdad8d..c9b6800ffd 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml @@ -23,6 +23,7 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim}} {{- if or .Values.global.aafEnabled .Values.PG.enabled }} initContainers: - command: @@ -45,6 +46,8 @@ spec: name: {{ include "common.name" . }}-update-config {{ include "common.certInitializer.initContainer" . | nindent 6 }} - name: {{ include "common.name" . }}-permission-fixer + securityContext: + runAsUser: 0 image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} @@ -60,6 +63,9 @@ spec: command: ["/bin/sh"] args: [ "-c", "sed -i -e '/cadi_keystore_password=/d' -e '/cadi_keystore_password_jks/p' -e 's/cadi_keystore_password_jks/cadi_keystore_password/' -e 's/dmaap-bc.p12/dmaap-bc.jks/' /opt/app/osaaf/local/org.onap.dmaap-bc.cred.props" ] - name: {{ include "common.name" . }}-postgres-readiness + securityContext: + runAsUser: 100 + runAsGroup: 65533 command: - /app/ready.py args: diff --git a/kubernetes/dmaap/components/dmaap-bc/values.yaml b/kubernetes/dmaap/components/dmaap-bc/values.yaml index a8e7cf91c7..cc860823f9 100644 --- a/kubernetes/dmaap/components/dmaap-bc/values.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/values.yaml @@ -146,6 +146,11 @@ ingress: # Resource Limit flavor -By Default using small flavor: small + +securityContext: + user_id: 1000 + group_id: 101 + # Segregation for Different environment (Small and Large) resources: small: diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml index 2bfa496bcd..69f6fc1d6e 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml @@ -23,8 +23,12 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim}} initContainers: {{ include "common.certInitializer.initContainer" . | nindent 8 }} - name: {{ include "common.name" . }}-readiness + securityContext: + runAsUser: 100 + runAsGroup: 65533 image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: @@ -39,6 +43,8 @@ spec: apiVersion: v1 fieldPath: metadata.namespace - name: {{ include "common.name" . }}-permission-fixer + securityContext: + runAsUser: 0 image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml index e34bc0068d..6ad3e454d7 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml @@ -113,6 +113,11 @@ ingress: # Resource Limit flavor -By Default using small flavor: small + +securityContext: + user_id: 1000 + group_id: 1000 + # Segregation for Different environment (Small and Large) resources: small: diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml index b7acbc9d8d..325ca9f2a7 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml @@ -34,9 +34,13 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim}} hostname: {{ .Values.global.dmaapDrProvName }} initContainers: - name: {{ include "common.name" . }}-readiness + securityContext: + runAsUser: 100 + runAsGroup: 65533 image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: @@ -55,6 +59,8 @@ spec: {{ include "common.certInitializer.initContainer" . | nindent 8 }} - name: {{ include "common.name" . }}-permission-fixer + securityContext: + runAsUser: 0 image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml index 1d9432afa2..9e6effac8b 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml @@ -142,6 +142,11 @@ certInitializer: # Resource Limit flavor -By Default using small flavor: small + +securityContext: + user_id: 1000 + group_id: 1000 + # Segregation for Different environment (Small and Large) resources: small: diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml index f92bfa78bc..9306985d33 100644 --- a/kubernetes/onap/resources/overrides/onap-all.yaml +++ b/kubernetes/onap/resources/overrides/onap-all.yaml @@ -87,7 +87,7 @@ uui: vfc: enabled: true vid: - enabled: true + enabled: false vnfsdk: enabled: true modeling: diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 73f96d3eb8..f5b5c8ed7d 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -135,7 +135,7 @@ global: # default password complexity # available options: phrase, name, pin, basic, short, medium, long, maximum security - # More datails: https://masterpassword.app/masterpassword-algorithm.pdf + # More datails: https://www.masterpasswordapp.com/masterpassword-algorithm.pdf passwordStrength: long # configuration to set log level to all components (the one that are using diff --git a/kubernetes/oof/components/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml index 248d3afd57..bc129beb3e 100755 --- a/kubernetes/oof/components/oof-has/values.yaml +++ b/kubernetes/oof/components/oof-has/values.yaml @@ -155,3 +155,6 @@ etcd-init: keyPrefix: conductor flavor: *etcd-flavor resources: *etcd-resources + +# Python doesn't support well dollar sign in password +passwordStrengthOverride: basic
\ No newline at end of file |