diff options
37 files changed, 305 insertions, 110 deletions
diff --git a/docs/requirements-docs.txt b/docs/requirements-docs.txt index 9c104de61c..be92e5dcea 100644 --- a/docs/requirements-docs.txt +++ b/docs/requirements-docs.txt @@ -6,3 +6,4 @@ sphinxcontrib-swaggerdoc sphinxcontrib-spelling sphinxcontrib-plantuml sphinx_toolbox>=3.2.0 +six
\ No newline at end of file diff --git a/docs/sections/guides/infra_guides/oom_infra_base_config_setup.rst b/docs/sections/guides/infra_guides/oom_infra_base_config_setup.rst index 4c21217c23..f25f4e716c 100644 --- a/docs/sections/guides/infra_guides/oom_infra_base_config_setup.rst +++ b/docs/sections/guides/infra_guides/oom_infra_base_config_setup.rst @@ -358,7 +358,7 @@ Keycloak Installation - create keycloak namespace:: > kubectl create namespace keycloak - > kubectl label namespace keycloak istio-injection=enabled + > kubectl label namespace keycloak istio-injection=disabled Install Keycloak-Database ^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -388,7 +388,21 @@ Configure Keycloak - Install keycloak:: - > helm -n keycloak upgrade -i keycloak codecentric/keycloak --values ./keycloak-server-values.yaml + > helm -n keycloak upgrade -i keycloak codecentric/keycloakx --values ./keycloak-server-values.yaml The required Ingress entry and REALM will be provided by the ONAP "Platform" component. + +- Create Ingress gateway entry for the keycloak web interface + using the configured Ingress <base-url> (here "simpledemo.onap.org") + as described in :ref:`oom_customize_overrides` + + .. collapse:: keycloak-ingress.yaml + + .. include:: ../../resources/yaml/keycloak-ingress.yaml + :code: yaml + +- Add the Ingress entry for Keycloak:: + + > kubectl -n keycloak apply -f keycloak-ingress.yaml + diff --git a/docs/sections/guides/infra_guides/oom_infra_deployment_options.rst b/docs/sections/guides/infra_guides/oom_infra_deployment_options.rst index dc206e0548..3b198cf1d6 100644 --- a/docs/sections/guides/infra_guides/oom_infra_deployment_options.rst +++ b/docs/sections/guides/infra_guides/oom_infra_deployment_options.rst @@ -36,5 +36,5 @@ Internal traffic encryption will be ensured by using Istio ServiceMesh. .. figure:: ../../resources/images/servicemesh/ServiceMesh.png :align: center -For external access we start to establish Authentication via Oauth2-proxy -and Keycloak which will be completed in the coming release. +For external access we propose to establish Authentication via Oauth2-proxy +and Keycloak which is described in this document. diff --git a/docs/sections/guides/infra_guides/oom_infra_deployment_requirements.rst b/docs/sections/guides/infra_guides/oom_infra_deployment_requirements.rst index 4eefdafbf3..dbb965dd86 100644 --- a/docs/sections/guides/infra_guides/oom_infra_deployment_requirements.rst +++ b/docs/sections/guides/infra_guides/oom_infra_deployment_requirements.rst @@ -60,7 +60,7 @@ The versions of software that are supported and tested by OOM are as follows: ============== ====== ============ ============== London 1.17.2 v0.6.2 19.0.3-legacy Montreal 1.19.3 v1.0.0 19.0.3-legacy - New Delhi 1.19.3 v1.0.0 19.0.3-legacy + New Delhi 1.19.3 v1.0.0 22.0.4 ============== ====== ============ ============== .. table:: OOM Software Requirements (optional) diff --git a/docs/sections/guides/infra_guides/oom_infra_optional_addons.rst b/docs/sections/guides/infra_guides/oom_infra_optional_addons.rst index de26d11944..fb164bc5e6 100644 --- a/docs/sections/guides/infra_guides/oom_infra_optional_addons.rst +++ b/docs/sections/guides/infra_guides/oom_infra_optional_addons.rst @@ -11,6 +11,7 @@ .. _Kserve setup guide: https://kserve.github.io/website/0.10/admin/kubernetes_deployment/ .. _K8ssandra setup guide: https://docs.k8ssandra.io/install/ .. _Mariadb-Operator setup guide: https://github.com/mariadb-operator/mariadb-operator +.. _Postgres-Operator setup guide: https://github.com/CrunchyData/postgres-operator .. _oom_base_optional_addons: @@ -125,7 +126,7 @@ For setup the K8ssandra operator is used, see `K8ssandra setup guide`_ Mariadb-Operator Installation ----------------------------- -Mariadb-Operator is used to ease the installation and lifecycle management +Mariadb-Operator is used to ease the installation and lifecycle management of MariaDB Galera and Replication clusters, including monitoring and backup For setup the Mariadb-Operator is used, see `Mariadb-Operator setup guide`_ @@ -147,6 +148,13 @@ For setup the Mariadb-Operator is used, see `Mariadb-Operator setup guide`_ --set metrics.enabled=true --set webhook.certificate.certManager=true --version=<recommended-version> +Postgres-Operator Installation +------------------------------ + +Postgres-Operator is used to ease the installation and lifecycle management of +Postgres DB clusters, including monitoring and backup + +For setup the Postgres-Operator is used, see `Postgres-Operator setup guide`_ Kserve Installation ------------------- diff --git a/docs/sections/resources/yaml/keycloak-ingress.yaml b/docs/sections/resources/yaml/keycloak-ingress.yaml new file mode 100644 index 0000000000..91fc34f381 --- /dev/null +++ b/docs/sections/resources/yaml/keycloak-ingress.yaml @@ -0,0 +1,55 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + labels: + app.kubernetes.io/managed-by: Helm + name: keycloak-ui-http-route + namespace: keycloak +spec: + hostnames: + - keycloak-ui.simpledemo.onap.org + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: common-gateway + namespace: istio-ingress + sectionName: https-80 + rules: + Filters: + Request Redirect: + Port: 443 + Scheme: https + Status Code: 301 + Type: RequestRedirect + Matches: + Path: + Type: PathPrefix + Value: /auth +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + labels: + app.kubernetes.io/managed-by: Helm + name: keycloak-ui-http-route + namespace: keycloak +spec: + hostnames: + - keycloak-ui.simpledemo.onap.org + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: common-gateway + namespace: istio-ingress + sectionName: https-443 + rules: + - backendRefs: + - group: "" + kind: Service + name: keycloak-keycloakx-http + port: 80 + weight: 1 + matches: + - path: + type: PathPrefix + value: /auth diff --git a/docs/sections/resources/yaml/keycloak-server-values.yaml b/docs/sections/resources/yaml/keycloak-server-values.yaml index 7eaecbedfc..0160ce86e8 100644 --- a/docs/sections/resources/yaml/keycloak-server-values.yaml +++ b/docs/sections/resources/yaml/keycloak-server-values.yaml @@ -1,53 +1,48 @@ -image: - # The Keycloak image repository - repository: quay.io/keycloak/keycloak - # Overrides the Keycloak image tag whose default is the chart appVersion - tag: "19.0.3-legacy" - -postgresql: - # If `true`, the Postgresql dependency is enabled - enabled: false +--- +command: + - "/opt/keycloak/bin/kc.sh" + - "--verbose" + - "start" + - "--http-enabled=true" + - "--http-port=8080" + - "--hostname-strict=false" + - "--hostname-strict-https=false" + - "--spi-events-listener-jboss-logging-success-level=info" + - "--spi-events-listener-jboss-logging-error-level=warn" extraEnv: | - - name: KEYCLOAK_USER + - name: KEYCLOAK_ADMIN valueFrom: secretKeyRef: name: {{ include "keycloak.fullname" . }}-admin-creds key: user - - name: KEYCLOAK_PASSWORD + - name: KEYCLOAK_ADMIN_PASSWORD valueFrom: secretKeyRef: name: {{ include "keycloak.fullname" . }}-admin-creds key: password - - name: DB_VENDOR - value: postgres - - name: DB_ADDR - value: keycloak-db-postgresql - - name: DB_PORT - value: "5432" - - name: DB_DATABASE - value: keycloak - - name: DB_USER - value: dbusername - - name: DB_PASSWORD_FILE - value: /secrets/db-creds/password + - name: JAVA_OPTS_APPEND + value: >- + -XX:+UseContainerSupport + -XX:MaxRAMPercentage=50.0 + -Djava.awt.headless=true + -Djgroups.dns.query={{ include "keycloak.fullname" . }}-headless - name: PROXY_ADDRESS_FORWARDING value: "true" -extraVolumeMounts: | - - name: db-creds - mountPath: /secrets/db-creds - readOnly: true +dbchecker: + enabled: true -extraVolumes: | - - name: db-creds - secret: - secretName: keycloak-db-postgresql +database: + vendor: postgres + hostname: keycloak-db-postgresql + port: 5432 + username: dbusername + password: dbpassword + database: keycloak secrets: admin-creds: - annotations: - my-test-annotation: Test secret for {{ include "keycloak.fullname" . }} stringData: user: admin - password: secret
\ No newline at end of file + password: secret diff --git a/kubernetes/common/common/templates/_pod.tpl b/kubernetes/common/common/templates/_pod.tpl index b38a7f1105..810350bfa6 100644 --- a/kubernetes/common/common/templates/_pod.tpl +++ b/kubernetes/common/common/templates/_pod.tpl @@ -45,6 +45,9 @@ - containerPort: {{ default $port.plain_port $port.internal_plain_port }} name: {{ $port.name }}-plain {{- end }} +{{- if $port.l4_protocol }} + protocol: {{ $port.l4_protocol }} +{{- end }} {{- end }} {{- end -}} diff --git a/kubernetes/common/common/templates/_postgres.tpl b/kubernetes/common/common/templates/_postgres.tpl index 45d903e574..d21d8c740d 100644 --- a/kubernetes/common/common/templates/_postgres.tpl +++ b/kubernetes/common/common/templates/_postgres.tpl @@ -63,3 +63,90 @@ {{- define "common.postgres.secret.primaryPasswordSecretName" -}} {{- include "common.postgres.secret._secretName" (set . "uidTemplate" "common.postgres.secret.primaryPasswordUID") }} {{- end -}} + +{{/* + Create postgres cluster via postgres crunchydata-operator +*/}} +{{- define "common.postgresOpInstance" -}} +{{- $dot := default . .dot -}} +{{- $global := $dot.Values.global -}} +{{- $dbinst := include "common.name" $dot -}} +--- +apiVersion: postgres-operator.crunchydata.com/v1beta1 +kind: PostgresCluster +metadata: + name: {{ $dbinst }} + labels: + app: {{ $dbinst }} + version: "5.5" +spec: + metadata: + labels: + app: {{ $dbinst }} + version: "5.5" + {{- if .Values.postgresOperator.imagePostgres }} + image: {{ .Values.postgresOperator.imagePostgres | quote }} + {{- end }} + imagePullSecrets: + - name: {{ include "common.namespace" . }}-docker-registry-key + postgresVersion: {{ $dot.Values.postgresOperator.postgresVersion }} + instances: + - name: {{ default "instance1" .Values.postgresOperator.instanceName | quote }} + replicas: {{ default 2 .Values.postgresOperator.instanceReplicas }} + dataVolumeClaimSpec: + {{- if .Values.instanceStorageClassName }} + storageClassName: {{ .Values.postgresOperator.instanceStorageClassName | quote }} + {{- end }} + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: {{ default "1Gi" .Values.postgresOperator.instanceSize | quote }} + {{- if or .Values.instanceMemory .Values.postgresOperator.instanceCPU }} + resources: + limits: + cpu: {{ default "" .Values.postgresOperator.instanceCPU | quote }} + memory: {{ default "" .Values.postgresOperator.instanceMemory | quote }} + {{- end }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + postgres-operator.crunchydata.com/cluster: {{ $dbinst }} + postgres-operator.crunchydata.com/instance-set: {{ default "instance1" .Values.postgresOperator.instanceName | quote }} + proxy: + pgBouncer: + metadata: + labels: + app: {{ $dbinst }} + version: "5.5" + {{- if .Values.postgresOperator.imagePgBouncer }} + image: {{ .Values.postgresOperator.imagePgBouncer | quote }} + {{- end }} + replicas: {{ default 2 .Values.postgresOperator.bouncerReplicas }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + postgres-operator.crunchydata.com/cluster: {{ $dbinst }} + postgres-operator.crunchydata.com/role: pgbouncer + {{- if .Values.postgresOperator.monitoring }} + monitoring: + pgmonitor: + exporter: + image: {{ default "" .Values.postgresOperator.imageExporter | quote }} + {{- if .Values.postgresOperator.monitoringConfig }} +{{ toYaml .Values.monitoringConfig | indent 8 }} + {{- end }} + {{- end }} + users: + - name: postgres +{{- end -}} diff --git a/kubernetes/common/postgres-init/Chart.yaml b/kubernetes/common/postgres-init/Chart.yaml index 59008d37bb..81f566f9e1 100644 --- a/kubernetes/common/postgres-init/Chart.yaml +++ b/kubernetes/common/postgres-init/Chart.yaml @@ -16,7 +16,7 @@ apiVersion: v2 description: Chart for Postgres init job name: postgres-init -version: 13.0.0 +version: 13.0.1 dependencies: @@ -26,6 +26,9 @@ dependencies: - name: repositoryGenerator version: ~13.x-0 repository: 'file://../repositoryGenerator' + - name: readinessCheck + version: ~13.x-0 + repository: '@local' - name: serviceAccount version: ~13.x-0 repository: '@local'
\ No newline at end of file diff --git a/kubernetes/common/postgres-init/templates/job.yaml b/kubernetes/common/postgres-init/templates/job.yaml index 09c21fe9e5..7fa2e9f4e8 100644 --- a/kubernetes/common/postgres-init/templates/job.yaml +++ b/kubernetes/common/postgres-init/templates/job.yaml @@ -33,21 +33,7 @@ spec: release: {{ include "common.release" . }} name: {{ include "common.name" . }} spec: - initContainers: - - name: {{ include "common.name" . }}-readiness - command: - - /app/ready.py - args: - - --container-name - - {{ .Values.global.postgres.container.name }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }} containers: - command: - sh diff --git a/kubernetes/common/postgres-init/values.yaml b/kubernetes/common/postgres-init/values.yaml index 1b9e72b8d7..5a9f445afb 100644 --- a/kubernetes/common/postgres-init/values.yaml +++ b/kubernetes/common/postgres-init/values.yaml @@ -96,6 +96,10 @@ serviceAccount: roles: - read +readinessCheck: + wait_for: + - '{{ .Values.global.postgres.container.name }}' + wait_for_job_container: containers: - '{{ include "common.name" . }}-update-config'
\ No newline at end of file diff --git a/kubernetes/common/postgres/Chart.yaml b/kubernetes/common/postgres/Chart.yaml index e81fc3f8a3..3920d8e73d 100644 --- a/kubernetes/common/postgres/Chart.yaml +++ b/kubernetes/common/postgres/Chart.yaml @@ -17,7 +17,7 @@ apiVersion: v2 description: ONAP Postgres Server name: postgres -version: 13.0.0 +version: 13.1.0 dependencies: - name: common diff --git a/kubernetes/common/postgres/templates/configmap.yaml b/kubernetes/common/postgres/templates/configmap.yaml index e8bfd1194a..ff4f976bf0 100644 --- a/kubernetes/common/postgres/templates/configmap.yaml +++ b/kubernetes/common/postgres/templates/configmap.yaml @@ -14,6 +14,7 @@ # limitations under the License. */}} +{{- if not .Values.global.postgres.useOperator }} apiVersion: v1 kind: ConfigMap metadata: @@ -26,4 +27,4 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} - +{{- end }} diff --git a/kubernetes/common/postgres/templates/deployment-primary.yaml b/kubernetes/common/postgres/templates/deployment-primary.yaml index c8a000142e..535eefa8cf 100644 --- a/kubernetes/common/postgres/templates/deployment-primary.yaml +++ b/kubernetes/common/postgres/templates/deployment-primary.yaml @@ -13,4 +13,6 @@ # # See the License for the specific language governing permissions and # # limitations under the License. */}} +{{- if not .Values.global.postgres.useOperator }} {{ include "common.postgres.deployment" (dict "dot" . "pgMode" "primary") }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/common/postgres/templates/deployment-replica.yaml b/kubernetes/common/postgres/templates/deployment-replica.yaml index dc19c2d985..97c7e11053 100644 --- a/kubernetes/common/postgres/templates/deployment-replica.yaml +++ b/kubernetes/common/postgres/templates/deployment-replica.yaml @@ -13,4 +13,6 @@ # # See the License for the specific language governing permissions and # # limitations under the License. */}} +{{- if not .Values.global.postgres.useOperator }} {{ include "common.postgres.deployment" (dict "dot" . "pgMode" "replica") }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/common/postgres/templates/metrics-svc-primary.yaml b/kubernetes/common/postgres/templates/metrics-svc-primary.yaml index 790dd4757b..00a5182eb1 100644 --- a/kubernetes/common/postgres/templates/metrics-svc-primary.yaml +++ b/kubernetes/common/postgres/templates/metrics-svc-primary.yaml @@ -14,6 +14,7 @@ # limitations under the License. */}} +{{- if not .Values.global.postgres.useOperator }} {{- if default false .Values.metrics.enabled }} apiVersion: v1 kind: Service @@ -33,4 +34,5 @@ spec: selector: name: {{ .Values.container.name.primary }} release: {{ include "common.release" . }} +{{- end }} {{- end }}
\ No newline at end of file diff --git a/kubernetes/common/postgres/templates/metrics-svc-replica.yaml b/kubernetes/common/postgres/templates/metrics-svc-replica.yaml index 5aa8d76185..b8b9e793e8 100644 --- a/kubernetes/common/postgres/templates/metrics-svc-replica.yaml +++ b/kubernetes/common/postgres/templates/metrics-svc-replica.yaml @@ -14,6 +14,7 @@ # limitations under the License. */}} +{{- if not .Values.global.postgres.useOperator }} {{- if default false .Values.metrics.enabled }} apiVersion: v1 kind: Service @@ -33,4 +34,5 @@ spec: selector: name: {{ .Values.container.name.replica }} release: {{ include "common.release" . }} +{{- end }} {{- end }}
\ No newline at end of file diff --git a/kubernetes/common/postgres/templates/postgres.yaml b/kubernetes/common/postgres/templates/postgres.yaml new file mode 100644 index 0000000000..aca6aa260f --- /dev/null +++ b/kubernetes/common/postgres/templates/postgres.yaml @@ -0,0 +1,19 @@ +{{/* +# Copyright © 2023 Deutsche Telekom AG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.postgres.useOperator }} +{{ include "common.postgresOpInstance" . }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/common/postgres/templates/pv-primary.yaml b/kubernetes/common/postgres/templates/pv-primary.yaml index e1ff1f9f4e..8db79d665e 100644 --- a/kubernetes/common/postgres/templates/pv-primary.yaml +++ b/kubernetes/common/postgres/templates/pv-primary.yaml @@ -13,6 +13,7 @@ # # See the License for the specific language governing permissions and # # limitations under the License. */}} +{{- if not .Values.global.postgres.useOperator }} {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} {{- if include "common.needPV" . -}} kind: PersistentVolume @@ -37,3 +38,4 @@ spec: path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}/primary {{- end -}} {{- end -}} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/common/postgres/templates/pv-replica.yaml b/kubernetes/common/postgres/templates/pv-replica.yaml index d553c36680..af46f611c8 100644 --- a/kubernetes/common/postgres/templates/pv-replica.yaml +++ b/kubernetes/common/postgres/templates/pv-replica.yaml @@ -13,6 +13,7 @@ # # See the License for the specific language governing permissions and # # limitations under the License. */}} +{{- if not .Values.global.postgres.useOperator }} {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} {{- if include "common.needPV" . -}} kind: PersistentVolume @@ -35,5 +36,6 @@ spec: persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} hostPath: path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}/replica -{{- end -}} -{{- end -}} +{{- end }} +{{- end }} +{{- end }} diff --git a/kubernetes/common/postgres/templates/pvc-primary.yaml b/kubernetes/common/postgres/templates/pvc-primary.yaml index a47d3ed56e..6aaa52913e 100644 --- a/kubernetes/common/postgres/templates/pvc-primary.yaml +++ b/kubernetes/common/postgres/templates/pvc-primary.yaml @@ -14,6 +14,7 @@ # limitations under the License. */}} +{{- if not .Values.global.postgres.useOperator }} {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} kind: PersistentVolumeClaim apiVersion: v1 @@ -41,4 +42,5 @@ spec: {{- else }} storageClassName: {{ include "common.storageClass" . }} {{- end }} -{{- end -}} +{{- end }} +{{- end }} diff --git a/kubernetes/common/postgres/templates/pvc-replica.yaml b/kubernetes/common/postgres/templates/pvc-replica.yaml index 1e453fbcfd..f59adf736a 100644 --- a/kubernetes/common/postgres/templates/pvc-replica.yaml +++ b/kubernetes/common/postgres/templates/pvc-replica.yaml @@ -14,6 +14,7 @@ # limitations under the License. */}} +{{- if not .Values.global.postgres.useOperator }} {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} kind: PersistentVolumeClaim apiVersion: v1 @@ -41,4 +42,5 @@ spec: {{- else }} storageClassName: {{ include "common.storageClass" . }} {{- end }} -{{- end -}} +{{- end }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/common/postgres/templates/service-common.yaml b/kubernetes/common/postgres/templates/service-common.yaml index 6e74a06616..6ec83dc0f4 100644 --- a/kubernetes/common/postgres/templates/service-common.yaml +++ b/kubernetes/common/postgres/templates/service-common.yaml @@ -13,6 +13,7 @@ # # See the License for the specific language governing permissions and # # limitations under the License. */}} +{{- if not .Values.global.postgres.useOperator }} apiVersion: v1 kind: Service metadata: @@ -39,3 +40,4 @@ spec: selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} +{{- end }} diff --git a/kubernetes/common/postgres/templates/service-primary.yaml b/kubernetes/common/postgres/templates/service-primary.yaml index 2965b7df81..bc60d27f44 100644 --- a/kubernetes/common/postgres/templates/service-primary.yaml +++ b/kubernetes/common/postgres/templates/service-primary.yaml @@ -13,6 +13,7 @@ # # See the License for the specific language governing permissions and # # limitations under the License. */}} +{{- if not .Values.global.postgres.useOperator }} apiVersion: v1 kind: Service metadata: @@ -39,3 +40,4 @@ spec: selector: name: "{{.Values.container.name.primary}}" release: {{ include "common.release" . }} +{{- end }} diff --git a/kubernetes/common/postgres/templates/service-replica.yaml b/kubernetes/common/postgres/templates/service-replica.yaml index d92a0833af..68694561bd 100644 --- a/kubernetes/common/postgres/templates/service-replica.yaml +++ b/kubernetes/common/postgres/templates/service-replica.yaml @@ -13,6 +13,7 @@ # # See the License for the specific language governing permissions and # # limitations under the License. */}} +{{- if not .Values.global.postgres.useOperator }} apiVersion: v1 kind: Service metadata: @@ -39,3 +40,4 @@ spec: selector: name: "{{.Values.container.name.replica}}" release: {{ include "common.release" . }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/common/postgres/templates/servicemonitor.yaml b/kubernetes/common/postgres/templates/servicemonitor.yaml index 73faba61d0..522e515545 100644 --- a/kubernetes/common/postgres/templates/servicemonitor.yaml +++ b/kubernetes/common/postgres/templates/servicemonitor.yaml @@ -13,7 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} - +{{- if not .Values.global.postgres.useOperator }} {{- if .Values.metrics.serviceMonitor.enabled }} {{ include "common.serviceMonitor" . }} {{- end }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml index 51b77593aa..977e7d5c3b 100644 --- a/kubernetes/common/postgres/values.yaml +++ b/kubernetes/common/postgres/values.yaml @@ -19,6 +19,9 @@ global: nodePortPrefix: 302 persistence: {} + postgres: + # flag to enable the DB creation via mariadb-operator + useOperator: false ################################################################# # Secrets metaconfig @@ -39,6 +42,27 @@ secrets: password: '{{ .Values.config.pgPrimaryPassword }}' ################################################################# +# Postgres Operator configuration defaults. +# Example: https://github.com/CrunchyData/postgres-operator-examples/tree/main/helm/postgres +################################################################# +postgresOperator: + postgresVersion: 16 + # Possibility to override images + #imagePostgres: + #imagePgBouncer: + #imageExporter: + #imagePgBackRest: + instanceName: instance1 + instanceReplicas: 2 + #instanceStorageClassName: + instanceSize: 1Gi + #instanceCPU: + #instanceMemory: + bouncerReplicas: 2 + monitoring: true + #monitoringConfig: {} + +################################################################# # Application configuration defaults. ################################################################# diff --git a/kubernetes/dcaegen2-services/Chart.yaml b/kubernetes/dcaegen2-services/Chart.yaml index 081ff3c6ab..cd6893ea08 100644 --- a/kubernetes/dcaegen2-services/Chart.yaml +++ b/kubernetes/dcaegen2-services/Chart.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2020 J. F. Lucas. All rights reserved. +# Copyright (c) 2020, 2024 J. F. Lucas. All rights reserved. # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021 Nordix Foundation # Modifications Copyright © 2024 Deutsche Telekom Intellectual Property. @@ -22,7 +22,7 @@ apiVersion: v2 appVersion: "NewDelhi" description: DCAE Microservices name: dcaegen2-services -version: 13.0.1 +version: 13.0.2 dependencies: - name: common diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/Chart.yaml index dade6c34fb..5f2eb49546 100644 --- a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/Chart.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/Chart.yaml @@ -3,6 +3,7 @@ # Copyright (c) 2021 AT&T Intellectual Property # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021 Nordix Foundation +# Copyright (c) 2024 J. F. Lucas. All rights reserved. # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,10 +19,10 @@ # ================================= LICENSE_END ============================== apiVersion: v2 -appVersion: "Kohn" +appVersion: "NewDelhi" description: DCAE SNMPTrap Collector name: dcae-snmptrap-collector -version: 13.0.0 +version: 13.0.1 dependencies: - name: common diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml index 01d4316d46..ab768efe6a 100644 --- a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml @@ -35,7 +35,7 @@ filebeatConfig: # Application Configuration Defaults. ################################################################# # Application Image -image: onap/org.onap.dcaegen2.collectors.snmptrap:2.0.7 +image: onap/org.onap.dcaegen2.collectors.snmptrap:2.0.8 pullPolicy: Always # Log directory where logging sidecar should look for log files @@ -80,7 +80,7 @@ applicationConfig: dns_cache_ttl_seconds: 60 services_calls: {} snmptrapd: - version: '2.0.4' + version: '2.0.8' title: ONAP SNMP Trap Receiver sw_interval_in_seconds: 60 streams_publishes: @@ -88,8 +88,8 @@ applicationConfig: dmaap_info: topic_url: http://message-router:3904/events/unauthenticated.ONAP-COLLECTOR-SNMPTRAP type: message_router - aaf_password: null - aaf_username: null + aaf_password: "" + aaf_username: "" files: runtime_base_dir: "/opt/app/snmptrap" log_dir: logs diff --git a/kubernetes/platform/Chart.yaml b/kubernetes/platform/Chart.yaml index 19acda10fd..aec56cf9a1 100644 --- a/kubernetes/platform/Chart.yaml +++ b/kubernetes/platform/Chart.yaml @@ -19,7 +19,7 @@ apiVersion: v2 description: ONAP platform components name: platform -version: 13.0.0 +version: 13.0.1 dependencies: - name: oom-cert-service diff --git a/kubernetes/platform/components/keycloak-init/Chart.yaml b/kubernetes/platform/components/keycloak-init/Chart.yaml index b7bde042b2..44ac9f5213 100644 --- a/kubernetes/platform/components/keycloak-init/Chart.yaml +++ b/kubernetes/platform/components/keycloak-init/Chart.yaml @@ -16,7 +16,7 @@ # limitations under the License. # ============LICENSE_END========================================================= apiVersion: v2 -version: 13.0.0 +version: 13.0.1 description: ONAP Realm creation and configuration name: keycloak-init sources: @@ -31,5 +31,5 @@ dependencies: version: ~13.x-0 repository: '@local' - name: onap-keycloak-config-cli - version: 5.6.1 + version: 5.10.0 repository: 'file://components/keycloak-config-cli' diff --git a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/Chart.yaml b/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/Chart.yaml index e4c4619d2a..abcf889834 100644 --- a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/Chart.yaml +++ b/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/Chart.yaml @@ -20,8 +20,8 @@ apiVersion: v2 name: onap-keycloak-config-cli description: Import JSON-formatted configuration files into Keycloak - Configuration as Code for Keycloak. home: https://github.com/adorsys/keycloak-config-cli -version: 5.6.1 -appVersion: 5.6.1 +version: 5.10.0 +appVersion: 5.10.0 maintainers: - name: jkroepke email: joe@adorsys.de diff --git a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/values.yaml b/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/values.yaml index 14870e6542..46c67dd220 100644 --- a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/values.yaml +++ b/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/values.yaml @@ -23,7 +23,7 @@ nameOverride: "" image: repository: adorsys/keycloak-config-cli - tag: "{{ .Chart.AppVersion }}-19.0.3" + tag: "{{ .Chart.AppVersion }}-22.0.4" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/kubernetes/platform/components/keycloak-init/templates/ingress.yaml b/kubernetes/platform/components/keycloak-init/templates/ingress.yaml deleted file mode 100644 index 6ca7ceccd3..0000000000 --- a/kubernetes/platform/components/keycloak-init/templates/ingress.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2022 Deutsche Telekom -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} - -{{ include "common.ingress" . }}
\ No newline at end of file diff --git a/kubernetes/platform/components/keycloak-init/values.yaml b/kubernetes/platform/components/keycloak-init/values.yaml index 9fbaedcf67..a33ef2c932 100644 --- a/kubernetes/platform/components/keycloak-init/values.yaml +++ b/kubernetes/platform/components/keycloak-init/values.yaml @@ -23,26 +23,18 @@ KEYCLOAK_URL: &kc-url "https://keycloak-ui.simpledemo.onap.org/auth/" PORTAL_URL: "https://portal-ui.simpledemo.onap.org" onap-keycloak-config-cli: + image: + pullSecrets: + - name: onap-docker-registry-key #existingSecret: "keycloak-keycloakx-admin-creds" env: - KEYCLOAK_URL: http://keycloak-http.keycloak.svc.cluster.local/auth/ + KEYCLOAK_URL: http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/ KEYCLOAK_SSLVERIFY: "false" KEYCLOAK_AVAILABILITYCHECK_ENABLED: "true" secrets: KEYCLOAK_PASSWORD: secret existingConfigSecret: "keycloak-config-cli-config-realms" -ingress: - service: - - baseaddr: "keycloak-ui" - name: "keycloak-http.keycloak.svc.cluster.local" - path: "/auth" - port: 80 - # If `true`, an Ingress is created - enabled: false - config: - ssl: "redirect" - serviceAccount: nameOverride: keycloak-init roles: |