aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--kubernetes/cds/Chart.yaml3
-rw-r--r--kubernetes/cds/values.yaml134
-rw-r--r--kubernetes/cps/components/cps-core/resources/config/application-helm.yml2
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml2
-rwxr-xr-xkubernetes/policy/Chart.yaml4
-rwxr-xr-xkubernetes/policy/values.yaml28
6 files changed, 44 insertions, 129 deletions
diff --git a/kubernetes/cds/Chart.yaml b/kubernetes/cds/Chart.yaml
index ede21d2edb..d8b6cc7de0 100644
--- a/kubernetes/cds/Chart.yaml
+++ b/kubernetes/cds/Chart.yaml
@@ -17,7 +17,7 @@
apiVersion: v2
description: ONAP Controller Design Studio (CDS)
name: cds
-version: 13.0.0
+version: 13.0.2
dependencies:
- name: common
@@ -26,6 +26,7 @@ dependencies:
- name: mariadb-galera
version: ~13.x-0
repository: '@local'
+ condition: global.mariadbGalera.localCluster
- name: cds-blueprints-processor
version: ~13.x-0
repository: 'file://components/cds-blueprints-processor'
diff --git a/kubernetes/cds/values.yaml b/kubernetes/cds/values.yaml
index 199c438863..ae3137c4dc 100644
--- a/kubernetes/cds/values.yaml
+++ b/kubernetes/cds/values.yaml
@@ -23,6 +23,20 @@ global:
nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
+ mariadbGalera: &mariadbGalera
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
+ #This flag allows NBI to instantiate its own mariadb-galera cluster
+ #When changing it to "true", also set "globalCluster: false"
+ #as the dependency check will not work otherwise (Chart.yaml)
+ localCluster: true
+ globalCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+ # (optional) if localCluster=false and an external secret is used set this variable
+ #userRootSecret: <secretName>
+
#################################################################
# Secrets metaconfig
@@ -87,126 +101,6 @@ mariadb-galera:
serviceAccount:
nameOverride: *dbServer
- mariadbConfiguration: |-
- [client]
- port=3306
- socket=/opt/bitnami/mariadb/tmp/mysql.sock
- plugin_dir=/opt/bitnami/mariadb/plugin
-
- [mysqld]
- lower_case_table_names = 1
- default_storage_engine=InnoDB
- basedir=/opt/bitnami/mariadb
- datadir=/bitnami/mariadb/data
- plugin_dir=/opt/bitnami/mariadb/plugin
- tmpdir=/opt/bitnami/mariadb/tmp
- socket=/opt/bitnami/mariadb/tmp/mysql.sock
- pid_file=/opt/bitnami/mariadb/tmp/mysqld.pid
- bind_address=0.0.0.0
-
- ## Character set
- collation_server=utf8_unicode_ci
- init_connect='SET NAMES utf8'
- character_set_server=utf8
-
- ## MyISAM
- key_buffer_size=32M
- myisam_recover_options=FORCE,BACKUP
-
- ## Safety
- skip_host_cache
- skip_name_resolve
- max_allowed_packet=16M
- max_connect_errors=1000000
- sql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY
- sysdate_is_now=1
-
- ## Binary Logging
- log_bin=mysql-bin
- expire_logs_days=14
- # Disabling for performance per http://severalnines.com/blog/9-tips-going-production-galera-cluster-mysql
- sync_binlog=0
- # Required for Galera
- binlog_format=row
-
- ## Caches and Limits
- tmp_table_size=32M
- max_heap_table_size=32M
- # Re-enabling as now works with Maria 10.1.2
- query_cache_type=1
- query_cache_limit=4M
- query_cache_size=256M
- max_connections=500
- thread_cache_size=50
- open_files_limit=65535
- table_definition_cache=4096
- table_open_cache=4096
-
- ## InnoDB
- innodb=FORCE
- innodb_strict_mode=1
- # Mandatory per https://github.com/codership/documentation/issues/25
- innodb_autoinc_lock_mode=2
- # Per https://www.percona.com/blog/2006/08/04/innodb-double-write/
- innodb_doublewrite=1
- innodb_flush_method=O_DIRECT
- innodb_log_files_in_group=2
- innodb_log_file_size=128M
- innodb_flush_log_at_trx_commit=1
- innodb_file_per_table=1
- # 80% Memory is default reco.
- # Need to re-evaluate when DB size grows
- innodb_buffer_pool_size=2G
- innodb_file_format=Barracuda
-
- ## Logging
- log_error=/opt/bitnami/mariadb/logs/mysqld.log
- slow_query_log_file=/opt/bitnami/mariadb/logs/mysqld.log
- log_queries_not_using_indexes=1
- slow_query_log=1
-
- ## SSL
- ## Use extraVolumes and extraVolumeMounts to mount /certs filesystem
- # ssl_ca=/certs/ca.pem
- # ssl_cert=/certs/server-cert.pem
- # ssl_key=/certs/server-key.pem
-
- [galera]
- wsrep_on=ON
- wsrep_provider=/opt/bitnami/mariadb/lib/libgalera_smm.so
- wsrep_sst_method=mariabackup
- wsrep_slave_threads=4
- wsrep_cluster_address=gcomm://
- wsrep_cluster_name=galera
- wsrep_sst_auth="root:"
- # Enabled for performance per https://mariadb.com/kb/en/innodb-system-variables/#innodb_flush_log_at_trx_commit
- innodb_flush_log_at_trx_commit=2
- # MYISAM REPLICATION SUPPORT #
- wsrep_replicate_myisam=ON
-
- [mariadb]
- plugin_load_add=auth_pam
-
- ## Data-at-Rest Encryption
- ## Use extraVolumes and extraVolumeMounts to mount /encryption filesystem
- # plugin_load_add=file_key_management
- # file_key_management_filename=/encryption/keyfile.enc
- # file_key_management_filekey=FILE:/encryption/keyfile.key
- # file_key_management_encryption_algorithm=AES_CTR
- # encrypt_binlog=ON
- # encrypt_tmp_files=ON
-
- ## InnoDB/XtraDB Encryption
- # innodb_encrypt_tables=ON
- # innodb_encrypt_temporary_tables=ON
- # innodb_encrypt_log=ON
- # innodb_encryption_threads=4
- # innodb_encryption_rotate_key_age=1
-
- ## Aria Encryption
- # aria_encrypt_tables=ON
- # encrypt_tmp_disk_tables=ON
-
cds-blueprints-processor:
enabled: true
config:
diff --git a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
index 72da92fd86..81b81341e5 100644
--- a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
+++ b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
@@ -38,7 +38,7 @@ spring:
security:
# comma-separated uri patterns which do not require authorization
- permit-uri: /actuator/**,/swagger-ui/**,/swagger-resources/**,/api-docs
+ permit-uri: /actuator/**,/swagger-ui.html,/swagger-ui/**,/swagger-resources/**,/api-docs/**,/v3/api-docs/**
auth:
username: ${CPS_USERNAME}
password: ${CPS_PASSWORD}
diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml
index 3c9261191b..2b68b6c04f 100644
--- a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml
+++ b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml
@@ -37,7 +37,7 @@ sdnc:
security:
# comma-separated uri patterns which do not require authorization
- permit-uri: /actuator/**,/swagger-ui/**,/swagger-resources/**,/v3/api-docs
+ permit-uri: /actuator/**,/swagger-ui.html,/swagger-ui/**,/swagger-resources/**,/api-docs/**,/v3/api-docs
auth:
username: ${DMI_PLUGIN_USERNAME}
password: ${DMI_PLUGIN_PASSWORD}
diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml
index 3544a8ac50..19b7a1979b 100755
--- a/kubernetes/policy/Chart.yaml
+++ b/kubernetes/policy/Chart.yaml
@@ -18,7 +18,7 @@
apiVersion: v2
description: ONAP Policy
name: policy
-version: 13.0.0
+version: 13.0.1
dependencies:
- name: common
@@ -27,7 +27,7 @@ dependencies:
- name: mariadb-galera
version: ~13.x-0
repository: '@local'
- condition: global.mariadb.localCluster
+ condition: global.mariadbGalera.localCluster
- name: policy-nexus
version: ~13.x-0
repository: 'file://components/policy-nexus'
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index 47ced8afd8..5628ade48a 100755
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -18,7 +18,12 @@
# Global configuration defaults.
#################################################################
global:
- mariadb:
+ mariadbGalera:
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
+ # if useOperator set to "true", set "enableServiceAccount to "false"
+ # as the SA is created by the Operator
+ enableServiceAccount: false
localCluster: true
# '&mariadbConfig' means we "store" the values for later use in the file
# with '*mariadbConfig' pointer.
@@ -27,6 +32,9 @@ global:
service: &mariadbService
name: &policy-mariadb policy-mariadb
internalPort: 3306
+ nameOverride: *policy-mariadb
+ # (optional) if localCluster=false and an external secret is used set this variable
+ #userRootSecret: <secretName>
prometheusEnabled: false
postgres:
localCluster: false
@@ -53,7 +61,19 @@ secrets:
- uid: db-root-password
name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
type: password
- externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}'
+ externalSecret: '{{ .Values.global.mariadbGalera.localCluster |
+ ternary (( hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
+ ternary
+ ""
+ (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .)
+ )
+ ( (not (empty (default "" .Values.global.mariadbGalera.userRootSecret))) |
+ ternary
+ .Values.global.mariadbGalera.userRootSecret
+ (include "common.mariadb.secret.rootPassSecretName"
+ (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)
+ )
+ ) }}'
password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
policy: generate
- uid: db-secret
@@ -210,7 +230,7 @@ config:
someConfig: blah
mariadb-galera:
- # mariadb-galera.config and global.mariadb.config must be equals
+ # mariadb-galera.config and global.mariadbGalera.config must be equals
db:
user: policy-user
# password:
@@ -219,7 +239,7 @@ mariadb-galera:
rootUser:
externalSecret: *dbRootPassSecretName
nameOverride: *policy-mariadb
- # mariadb-galera.service and global.mariadb.service must be equals
+ # mariadb-galera.service and global.mariadbGalera.service must be equals
service: *mariadbService
replicaCount: 1
mariadbOperator: