diff options
-rw-r--r-- | kubernetes/cds/Chart.yaml | 3 | ||||
-rw-r--r-- | kubernetes/cds/values.yaml | 134 | ||||
-rw-r--r-- | kubernetes/cps/components/cps-core/resources/config/application-helm.yml | 2 | ||||
-rw-r--r-- | kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml | 2 | ||||
-rwxr-xr-x | kubernetes/policy/Chart.yaml | 4 | ||||
-rwxr-xr-x | kubernetes/policy/values.yaml | 28 |
6 files changed, 44 insertions, 129 deletions
diff --git a/kubernetes/cds/Chart.yaml b/kubernetes/cds/Chart.yaml index ede21d2edb..d8b6cc7de0 100644 --- a/kubernetes/cds/Chart.yaml +++ b/kubernetes/cds/Chart.yaml @@ -17,7 +17,7 @@ apiVersion: v2 description: ONAP Controller Design Studio (CDS) name: cds -version: 13.0.0 +version: 13.0.2 dependencies: - name: common @@ -26,6 +26,7 @@ dependencies: - name: mariadb-galera version: ~13.x-0 repository: '@local' + condition: global.mariadbGalera.localCluster - name: cds-blueprints-processor version: ~13.x-0 repository: 'file://components/cds-blueprints-processor' diff --git a/kubernetes/cds/values.yaml b/kubernetes/cds/values.yaml index 199c438863..ae3137c4dc 100644 --- a/kubernetes/cds/values.yaml +++ b/kubernetes/cds/values.yaml @@ -23,6 +23,20 @@ global: nodePortPrefixExt: 304 persistence: mountPath: /dockerdata-nfs + mariadbGalera: &mariadbGalera + # flag to enable the DB creation via mariadb-operator + useOperator: true + #This flag allows NBI to instantiate its own mariadb-galera cluster + #When changing it to "true", also set "globalCluster: false" + #as the dependency check will not work otherwise (Chart.yaml) + localCluster: true + globalCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera + # (optional) if localCluster=false and an external secret is used set this variable + #userRootSecret: <secretName> + ################################################################# # Secrets metaconfig @@ -87,126 +101,6 @@ mariadb-galera: serviceAccount: nameOverride: *dbServer - mariadbConfiguration: |- - [client] - port=3306 - socket=/opt/bitnami/mariadb/tmp/mysql.sock - plugin_dir=/opt/bitnami/mariadb/plugin - - [mysqld] - lower_case_table_names = 1 - default_storage_engine=InnoDB - basedir=/opt/bitnami/mariadb - datadir=/bitnami/mariadb/data - plugin_dir=/opt/bitnami/mariadb/plugin - tmpdir=/opt/bitnami/mariadb/tmp - socket=/opt/bitnami/mariadb/tmp/mysql.sock - pid_file=/opt/bitnami/mariadb/tmp/mysqld.pid - bind_address=0.0.0.0 - - ## Character set - collation_server=utf8_unicode_ci - init_connect='SET NAMES utf8' - character_set_server=utf8 - - ## MyISAM - key_buffer_size=32M - myisam_recover_options=FORCE,BACKUP - - ## Safety - skip_host_cache - skip_name_resolve - max_allowed_packet=16M - max_connect_errors=1000000 - sql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY - sysdate_is_now=1 - - ## Binary Logging - log_bin=mysql-bin - expire_logs_days=14 - # Disabling for performance per http://severalnines.com/blog/9-tips-going-production-galera-cluster-mysql - sync_binlog=0 - # Required for Galera - binlog_format=row - - ## Caches and Limits - tmp_table_size=32M - max_heap_table_size=32M - # Re-enabling as now works with Maria 10.1.2 - query_cache_type=1 - query_cache_limit=4M - query_cache_size=256M - max_connections=500 - thread_cache_size=50 - open_files_limit=65535 - table_definition_cache=4096 - table_open_cache=4096 - - ## InnoDB - innodb=FORCE - innodb_strict_mode=1 - # Mandatory per https://github.com/codership/documentation/issues/25 - innodb_autoinc_lock_mode=2 - # Per https://www.percona.com/blog/2006/08/04/innodb-double-write/ - innodb_doublewrite=1 - innodb_flush_method=O_DIRECT - innodb_log_files_in_group=2 - innodb_log_file_size=128M - innodb_flush_log_at_trx_commit=1 - innodb_file_per_table=1 - # 80% Memory is default reco. - # Need to re-evaluate when DB size grows - innodb_buffer_pool_size=2G - innodb_file_format=Barracuda - - ## Logging - log_error=/opt/bitnami/mariadb/logs/mysqld.log - slow_query_log_file=/opt/bitnami/mariadb/logs/mysqld.log - log_queries_not_using_indexes=1 - slow_query_log=1 - - ## SSL - ## Use extraVolumes and extraVolumeMounts to mount /certs filesystem - # ssl_ca=/certs/ca.pem - # ssl_cert=/certs/server-cert.pem - # ssl_key=/certs/server-key.pem - - [galera] - wsrep_on=ON - wsrep_provider=/opt/bitnami/mariadb/lib/libgalera_smm.so - wsrep_sst_method=mariabackup - wsrep_slave_threads=4 - wsrep_cluster_address=gcomm:// - wsrep_cluster_name=galera - wsrep_sst_auth="root:" - # Enabled for performance per https://mariadb.com/kb/en/innodb-system-variables/#innodb_flush_log_at_trx_commit - innodb_flush_log_at_trx_commit=2 - # MYISAM REPLICATION SUPPORT # - wsrep_replicate_myisam=ON - - [mariadb] - plugin_load_add=auth_pam - - ## Data-at-Rest Encryption - ## Use extraVolumes and extraVolumeMounts to mount /encryption filesystem - # plugin_load_add=file_key_management - # file_key_management_filename=/encryption/keyfile.enc - # file_key_management_filekey=FILE:/encryption/keyfile.key - # file_key_management_encryption_algorithm=AES_CTR - # encrypt_binlog=ON - # encrypt_tmp_files=ON - - ## InnoDB/XtraDB Encryption - # innodb_encrypt_tables=ON - # innodb_encrypt_temporary_tables=ON - # innodb_encrypt_log=ON - # innodb_encryption_threads=4 - # innodb_encryption_rotate_key_age=1 - - ## Aria Encryption - # aria_encrypt_tables=ON - # encrypt_tmp_disk_tables=ON - cds-blueprints-processor: enabled: true config: diff --git a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml index 72da92fd86..81b81341e5 100644 --- a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml +++ b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml @@ -38,7 +38,7 @@ spring: security: # comma-separated uri patterns which do not require authorization - permit-uri: /actuator/**,/swagger-ui/**,/swagger-resources/**,/api-docs + permit-uri: /actuator/**,/swagger-ui.html,/swagger-ui/**,/swagger-resources/**,/api-docs/**,/v3/api-docs/** auth: username: ${CPS_USERNAME} password: ${CPS_PASSWORD} diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml index 3c9261191b..2b68b6c04f 100644 --- a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml +++ b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml @@ -37,7 +37,7 @@ sdnc: security: # comma-separated uri patterns which do not require authorization - permit-uri: /actuator/**,/swagger-ui/**,/swagger-resources/**,/v3/api-docs + permit-uri: /actuator/**,/swagger-ui.html,/swagger-ui/**,/swagger-resources/**,/api-docs/**,/v3/api-docs auth: username: ${DMI_PLUGIN_USERNAME} password: ${DMI_PLUGIN_PASSWORD} diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml index 3544a8ac50..19b7a1979b 100755 --- a/kubernetes/policy/Chart.yaml +++ b/kubernetes/policy/Chart.yaml @@ -18,7 +18,7 @@ apiVersion: v2 description: ONAP Policy name: policy -version: 13.0.0 +version: 13.0.1 dependencies: - name: common @@ -27,7 +27,7 @@ dependencies: - name: mariadb-galera version: ~13.x-0 repository: '@local' - condition: global.mariadb.localCluster + condition: global.mariadbGalera.localCluster - name: policy-nexus version: ~13.x-0 repository: 'file://components/policy-nexus' diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 47ced8afd8..5628ade48a 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -18,7 +18,12 @@ # Global configuration defaults. ################################################################# global: - mariadb: + mariadbGalera: + # flag to enable the DB creation via mariadb-operator + useOperator: true + # if useOperator set to "true", set "enableServiceAccount to "false" + # as the SA is created by the Operator + enableServiceAccount: false localCluster: true # '&mariadbConfig' means we "store" the values for later use in the file # with '*mariadbConfig' pointer. @@ -27,6 +32,9 @@ global: service: &mariadbService name: &policy-mariadb policy-mariadb internalPort: 3306 + nameOverride: *policy-mariadb + # (optional) if localCluster=false and an external secret is used set this variable + #userRootSecret: <secretName> prometheusEnabled: false postgres: localCluster: false @@ -53,7 +61,19 @@ secrets: - uid: db-root-password name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password' type: password - externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}' + externalSecret: '{{ .Values.global.mariadbGalera.localCluster | + ternary (( hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) | + ternary + "" + (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) + ) + ( (not (empty (default "" .Values.global.mariadbGalera.userRootSecret))) | + ternary + .Values.global.mariadbGalera.userRootSecret + (include "common.mariadb.secret.rootPassSecretName" + (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride) + ) + ) }}' password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}' policy: generate - uid: db-secret @@ -210,7 +230,7 @@ config: someConfig: blah mariadb-galera: - # mariadb-galera.config and global.mariadb.config must be equals + # mariadb-galera.config and global.mariadbGalera.config must be equals db: user: policy-user # password: @@ -219,7 +239,7 @@ mariadb-galera: rootUser: externalSecret: *dbRootPassSecretName nameOverride: *policy-mariadb - # mariadb-galera.service and global.mariadb.service must be equals + # mariadb-galera.service and global.mariadbGalera.service must be equals service: *mariadbService replicaCount: 1 mariadbOperator: |