diff options
Diffstat (limited to 'kubernetes/aaf/charts')
45 files changed, 1549 insertions, 178 deletions
diff --git a/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml index 39544258fd..f78dfdc541 100644 --- a/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml @@ -31,20 +31,27 @@ spec: release: {{ .Release.Name }} spec: initContainers: - - name: {{ include "common.name" . }}-job-complete - command: - - /root/job_complete.py - args: - - --job-name - - {{ .Release.Name }}-create-config - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + - name: {{ include "common.name" . }}-config-container + image: "{{ include "common.repository" . }}/{{ .Values.global.configImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: "/opt/app/osaaf" + name: {{ include "common.name" . }}-config-vol + env: + - name: HOSTNAME + value: "{{ .Values.global.cadi.hostname }}" + - name: AAF_ENV + value: "{{ .Values.global.cadi.aaf_env }}" + - name: AAF_REGISTER_AS + value: "{{ .Values.aaf_register_as }}" + - name: LATITUDE + value: "{{ .Values.global.cadi.cadi_latitude }}" + - name: LONGITUDE + value: "{{ .Values.global.cadi.cadi_longitude }}" + - name: CASS_HOST + value: "{{ .Values.global.cadi.cass_host }}" + - name: AAF_LOCATOR_AS + value: "{{ .Values.global.cadi.cadi_locator_as }}" - name: {{ include "common.name" . }}-readiness command: - /root/ready.py @@ -61,12 +68,12 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} containers: - name: {{ include "common.name" . }} - command: ["/bin/bash","/opt/app/aaf/bin/cm"] + command: ["/bin/bash","/opt/app/aaf/pod/pod_wait.sh","aaf_cm","sleep","0","cd /opt/app/aaf;bin/cm"] image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: "/opt/app/osaaf" - name: shared-config-volume + name: {{ include "common.name" . }}-config-vol - mountPath: /etc/localtime name: localtime readOnly: true @@ -96,12 +103,7 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: shared-config-volume - {{- if .Values.global.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Release.Name }}-config - {{- else }} + - name: {{ include "common.name" . }}-config-vol emptyDir: {} - {{- end }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-cm/values.yaml b/kubernetes/aaf/charts/aaf-cm/values.yaml index 9ddb366064..6bd03cf6bd 100644 --- a/kubernetes/aaf/charts/aaf-cm/values.yaml +++ b/kubernetes/aaf/charts/aaf-cm/values.yaml @@ -25,7 +25,8 @@ flavor: small ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/aaf/aaf_cm:2.1.2-SNAPSHOT +image: onap/aaf/aaf_cm:2.1.7-SNAPSHOT +aaf_register_as: "aaf-cm.onap" pullPolicy: Always @@ -76,4 +77,4 @@ resources: requests: cpu: 40m memory: 600Mi - unlimited: {}
\ No newline at end of file + unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml index e0d500c420..3abdcb3c7f 100644 --- a/kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml @@ -63,8 +63,8 @@ spec: periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: - exec: - command: ["/bin/bash","/opt/app/aaf/cass_init/cmd.sh","wait"] + tcpSocket: + port: {{ .Values.service.internalPort3 }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} resources: @@ -89,4 +89,4 @@ spec: emptyDir: {} {{- end }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-cs/values.yaml b/kubernetes/aaf/charts/aaf-cs/values.yaml index a914b542f4..a81bfed3ef 100644 --- a/kubernetes/aaf/charts/aaf-cs/values.yaml +++ b/kubernetes/aaf/charts/aaf-cs/values.yaml @@ -24,7 +24,7 @@ flavor: small ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/aaf/aaf_cass:2.1.2-SNAPSHOT +image: onap/aaf/aaf_cass:2.1.7-SNAPSHOT pullPolicy: Always # application configuration @@ -94,4 +94,4 @@ persistence: volumeReclaimPolicy: Retain accessMode: ReadWriteOnce size: 10Gi - storageClass: "manual"
\ No newline at end of file + storageClass: "manual" diff --git a/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml index 5125eb161e..b93844849e 100644 --- a/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml @@ -31,20 +31,27 @@ spec: release: {{ .Release.Name }} spec: initContainers: - - name: {{ include "common.name" . }}-job-complete - command: - - /root/job_complete.py - args: - - --job-name - - {{ .Release.Name }}-create-config - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + - name: {{ include "common.name" . }}-config-container + image: "{{ include "common.repository" . }}/{{ .Values.global.configImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: "/opt/app/osaaf" + name: {{ include "common.name" . }}-config-vol + env: + - name: HOSTNAME + value: "{{ .Values.global.cadi.hostname }}" + - name: AAF_ENV + value: "{{ .Values.global.cadi.aaf_env }}" + - name: AAF_REGISTER_AS + value: "{{ .Values.aaf_register_as }}" + - name: LATITUDE + value: "{{ .Values.global.cadi.cadi_latitude }}" + - name: LONGITUDE + value: "{{ .Values.global.cadi.cadi_longitude }}" + - name: CASS_HOST + value: "{{ .Values.global.cadi.cass_host }}" + - name: AAF_LOCATOR_AS + value: "{{ .Values.global.cadi.cadi_locator_as }}" - name: {{ include "common.name" . }}-readiness command: - /root/ready.py @@ -61,12 +68,12 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} containers: - name: {{ include "common.name" . }} - command: ["/bin/bash","/opt/app/aaf/bin/fs"] + command: ["/bin/bash","/opt/app/aaf/pod/pod_wait.sh","aaf_fs","sleep","0","cd /opt/app/aaf;bin/fs"] image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: "/opt/app/osaaf" - name: shared-config-volume + name: {{ include "common.name" . }}-config-vol - mountPath: /etc/localtime name: localtime readOnly: true @@ -96,12 +103,7 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: shared-config-volume - {{- if .Values.global.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Release.Name }}-config - {{- else }} + - name: {{ include "common.name" . }}-config-vol emptyDir: {} - {{- end }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-fs/values.yaml b/kubernetes/aaf/charts/aaf-fs/values.yaml index 0f0d7c47e7..07e832b48f 100644 --- a/kubernetes/aaf/charts/aaf-fs/values.yaml +++ b/kubernetes/aaf/charts/aaf-fs/values.yaml @@ -25,7 +25,8 @@ flavor: small ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/aaf/aaf_fs:2.1.2-SNAPSHOT +image: onap/aaf/aaf_fs:2.1.7-SNAPSHOT +aaf_register_as: "aaf-fs.onap" pullPolicy: Always @@ -76,4 +77,4 @@ resources: requests: cpu: 100m memory: 400Mi - unlimited: {}
\ No newline at end of file + unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml index 24c8e68cec..9dd87948eb 100644 --- a/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml @@ -31,20 +31,27 @@ spec: release: {{ .Release.Name }} spec: initContainers: - - name: {{ include "common.name" . }}-job-complete - command: - - /root/job_complete.py - args: - - --job-name - - {{ .Release.Name }}-create-config - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + - name: {{ include "common.name" . }}-config-container + image: "{{ include "common.repository" . }}/{{ .Values.global.configImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: "/opt/app/osaaf" + name: {{ include "common.name" . }}-config-vol + env: + - name: HOSTNAME + value: "{{ .Values.global.cadi.hostname }}" + - name: AAF_ENV + value: "{{ .Values.global.cadi.aaf_env }}" + - name: AAF_REGISTER_AS + value: "{{ .Values.aaf_register_as }}" + - name: LATITUDE + value: "{{ .Values.global.cadi.cadi_latitude }}" + - name: LONGITUDE + value: "{{ .Values.global.cadi.cadi_longitude }}" + - name: CASS_HOST + value: "{{ .Values.global.cadi.cass_host }}" + - name: AAF_LOCATOR_AS + value: "{{ .Values.global.cadi.cadi_locator_as }}" - name: {{ include "common.name" . }}-readiness command: - /root/ready.py @@ -61,12 +68,12 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} containers: - name: {{ include "common.name" . }} - command: ["/bin/bash","/opt/app/aaf/bin/gui"] + command: ["/bin/bash","/opt/app/aaf/pod/pod_wait.sh","aaf_gui","sleep","0","cd /opt/app/aaf;bin/gui"] image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: "/opt/app/osaaf" - name: shared-config-volume + name: {{ include "common.name" . }}-config-vol - mountPath: /etc/localtime name: localtime readOnly: true @@ -96,12 +103,7 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: shared-config-volume - {{- if .Values.global.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Release.Name }}-config - {{- else }} + - name: {{ include "common.name" . }}-config-vol emptyDir: {} - {{- end }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-gui/values.yaml b/kubernetes/aaf/charts/aaf-gui/values.yaml index d44ac5ed46..dd8162b660 100644 --- a/kubernetes/aaf/charts/aaf-gui/values.yaml +++ b/kubernetes/aaf/charts/aaf-gui/values.yaml @@ -1,3 +1,4 @@ + # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -25,7 +26,8 @@ flavor: small ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/aaf/aaf_gui:2.1.2-SNAPSHOT +image: onap/aaf/aaf_gui:2.1.7-SNAPSHOT +aaf_register_as: "aaf-gui.onap" pullPolicy: Always @@ -77,4 +79,4 @@ resources: requests: cpu: 100m memory: 500Mi - unlimited: {}
\ No newline at end of file + unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml index f932228cd9..c57e57f017 100644 --- a/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml @@ -31,20 +31,27 @@ spec: release: {{ .Release.Name }} spec: initContainers: - - name: {{ include "common.name" . }}-job-complete - command: - - /root/job_complete.py - args: - - --job-name - - {{ .Release.Name }}-create-config - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + - name: {{ include "common.name" . }}-config-container + image: "{{ include "common.repository" . }}/{{ .Values.global.configImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: "/opt/app/osaaf" + name: {{ include "common.name" . }}-config-vol + env: + - name: HOSTNAME + value: "{{ .Values.global.cadi.hostname }}" + - name: AAF_ENV + value: "{{ .Values.global.cadi.aaf_env }}" + - name: AAF_REGISTER_AS + value: "{{ .Values.aaf_register_as }}" + - name: LATITUDE + value: "{{ .Values.global.cadi.cadi_latitude }}" + - name: LONGITUDE + value: "{{ .Values.global.cadi.cadi_longitude }}" + - name: CASS_HOST + value: "{{ .Values.global.cadi.cass_host }}" + - name: AAF_LOCATOR_AS + value: "{{ .Values.global.cadi.cadi_locator_as }}" - name: {{ include "common.name" . }}-readiness command: - /root/ready.py @@ -61,12 +68,12 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} containers: - name: {{ include "common.name" . }} - command: ["/bin/bash","/opt/app/aaf/bin/hello"] + command: ["/bin/bash","/opt/app/aaf/pod/pod_wait.sh","aaf_hello","sleep","0","cd /opt/app/aaf;bin/hello"] image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: "/opt/app/osaaf" - name: shared-config-volume + name: {{ include "common.name" . }}-config-vol - mountPath: /etc/localtime name: localtime readOnly: true @@ -96,12 +103,7 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: shared-config-volume - {{- if .Values.global.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Release.Name }}-config - {{- else }} + - name: {{ include "common.name" . }}-config-vol emptyDir: {} - {{- end }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-hello/values.yaml b/kubernetes/aaf/charts/aaf-hello/values.yaml index 9f694be8b8..fb5914d51b 100644 --- a/kubernetes/aaf/charts/aaf-hello/values.yaml +++ b/kubernetes/aaf/charts/aaf-hello/values.yaml @@ -25,7 +25,8 @@ flavor: small ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/aaf/aaf_hello:2.1.2-SNAPSHOT +image: onap/aaf/aaf_hello:2.1.7-SNAPSHOT +aaf_register_as: "aaf-hello.onap" pullPolicy: Always @@ -76,4 +77,4 @@ resources: requests: cpu: 20m memory: 500Mi - unlimited: {}
\ No newline at end of file + unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml index a3a9e285cf..a2f9f55c56 100644 --- a/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml @@ -31,20 +31,27 @@ spec: release: {{ .Release.Name }} spec: initContainers: - - name: {{ include "common.name" . }}-job-complete - command: - - /root/job_complete.py - args: - - --job-name - - {{ .Release.Name }}-create-config - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + - name: {{ include "common.name" . }}-config-container + image: "{{ include "common.repository" . }}/{{ .Values.global.configImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: "/opt/app/osaaf" + name: {{ include "common.name" . }}-config-vol + env: + - name: HOSTNAME + value: "{{ .Values.global.cadi.hostname }}" + - name: AAF_ENV + value: "{{ .Values.global.cadi.aaf_env }}" + - name: AAF_REGISTER_AS + value: "{{ .Values.aaf_register_as }}" + - name: LATITUDE + value: "{{ .Values.global.cadi.cadi_latitude }}" + - name: LONGITUDE + value: "{{ .Values.global.cadi.cadi_longitude }}" + - name: CASS_HOST + value: "{{ .Values.global.cadi.cass_host }}" + - name: AAF_LOCATOR_AS + value: "{{ .Values.global.cadi.cadi_locator_as }}" - name: {{ include "common.name" . }}-readiness command: - /root/ready.py @@ -61,12 +68,12 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} containers: - name: {{ include "common.name" . }} - command: ["/bin/bash","/opt/app/aaf/bin/locate"] + command: ["/bin/bash","/opt/app/aaf/pod/pod_wait.sh","aaf_locate","sleep","0","cd /opt/app/aaf;bin/locate"] image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: "/opt/app/osaaf" - name: shared-config-volume + name: {{ include "common.name" . }}-config-vol - mountPath: /etc/localtime name: localtime readOnly: true @@ -96,12 +103,7 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: shared-config-volume - {{- if .Values.global.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Release.Name }}-config - {{- else }} + - name: {{ include "common.name" . }}-config-vol emptyDir: {} - {{- end }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-locate/values.yaml b/kubernetes/aaf/charts/aaf-locate/values.yaml index ba1e56373c..e65d6e3381 100644 --- a/kubernetes/aaf/charts/aaf-locate/values.yaml +++ b/kubernetes/aaf/charts/aaf-locate/values.yaml @@ -25,7 +25,8 @@ flavor: small ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/aaf/aaf_locate:2.1.2-SNAPSHOT +image: onap/aaf/aaf_locate:2.1.7-SNAPSHOT +aaf_register_as: "aaf-locate.onap" pullPolicy: Always @@ -76,4 +77,4 @@ resources: requests: cpu: 40m memory: 500Mi - unlimited: {}
\ No newline at end of file + unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml index 06cf2736ef..f7a34f440c 100644 --- a/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml @@ -31,23 +31,30 @@ spec: release: {{ .Release.Name }} spec: initContainers: - - name: {{ include "common.name" . }}-job-complete - command: - - /root/job_complete.py - args: - - --job-name - - {{ .Release.Name }}-create-config - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + - name: {{ include "common.name" . }}-config-container + image: "{{ include "common.repository" . }}/{{ .Values.global.configImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: "/opt/app/osaaf" + name: {{ include "common.name" . }}-config-vol + env: + - name: HOSTNAME + value: "{{ .Values.global.cadi.hostname }}" + - name: AAF_ENV + value: "{{ .Values.global.cadi.aaf_env }}" + - name: AAF_REGISTER_AS + value: "{{ .Values.aaf_register_as }}" + - name: LATITUDE + value: "{{ .Values.global.cadi.cadi_latitude }}" + - name: LONGITUDE + value: "{{ .Values.global.cadi.cadi_longitude }}" + - name: CASS_HOST + value: "{{ .Values.global.cadi.cass_host }}" + - name: AAF_LOCATOR_AS + value: "{{ .Values.global.cadi.cadi_locator_as }}" - name: {{ include "common.name" . }}-readiness command: - - /root/ready.py + - /root/ready.py args: - --container-name - aaf-locate @@ -61,12 +68,12 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} containers: - name: {{ include "common.name" . }} - command: ["/bin/bash","/opt/app/aaf/bin/oauth"] + command: ["/bin/bash","/opt/app/aaf/pod/pod_wait.sh","aaf_oauth","sleep","0","cd /opt/app/aaf;bin/oauth"] image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: "/opt/app/osaaf" - name: shared-config-volume + name: {{ include "common.name" . }}-config-vol - mountPath: /etc/localtime name: localtime readOnly: true @@ -96,12 +103,7 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: shared-config-volume - {{- if .Values.global.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Release.Name }}-config - {{- else }} + - name: {{ include "common.name" . }}-config-vol emptyDir: {} - {{- end }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-oauth/values.yaml b/kubernetes/aaf/charts/aaf-oauth/values.yaml index e52075a447..99de329a29 100644 --- a/kubernetes/aaf/charts/aaf-oauth/values.yaml +++ b/kubernetes/aaf/charts/aaf-oauth/values.yaml @@ -25,7 +25,8 @@ flavor: small ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/aaf/aaf_oauth:2.1.2-SNAPSHOT +image: onap/aaf/aaf_oauth:2.1.7-SNAPSHOT +aaf_register_as: "aaf-oauth.onap" pullPolicy: Always @@ -76,4 +77,4 @@ resources: requests: cpu: 40m memory: 200Mi - unlimited: {}
\ No newline at end of file + unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml index c3c140a35d..92d23126f4 100644 --- a/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml @@ -31,20 +31,27 @@ spec: release: {{ .Release.Name }} spec: initContainers: - - name: {{ include "common.name" . }}-job-complete - command: - - /root/job_complete.py - args: - - --job-name - - {{ .Release.Name }}-create-config - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + - name: {{ include "common.name" . }}-config-container + image: "{{ include "common.repository" . }}/{{ .Values.global.configImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: "/opt/app/osaaf" + name: {{ include "common.name" . }}-config-vol + env: + - name: HOSTNAME + value: "{{ .Values.global.cadi.hostname }}" + - name: AAF_ENV + value: "{{ .Values.global.cadi.aaf_env }}" + - name: AAF_REGISTER_AS + value: "{{ .Values.aaf_register_as }}" + - name: LATITUDE + value: "{{ .Values.global.cadi.cadi_latitude }}" + - name: LONGITUDE + value: "{{ .Values.global.cadi.cadi_longitude }}" + - name: CASS_HOST + value: "{{ .Values.global.cadi.cass_host }}" + - name: AAF_LOCATOR_AS + value: "{{ .Values.global.cadi.cadi_locator_as }}" - name: {{ include "common.name" . }}-readiness command: - /root/ready.py @@ -61,12 +68,12 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} containers: - name: {{ include "common.name" . }} - command: ["/bin/bash","/opt/app/aaf/bin/service"] + command: ["/bin/bash","/opt/app/aaf/pod/pod_wait.sh","aaf_service","sleep","0","cd /opt/app/aaf;bin/service"] image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: "/opt/app/osaaf" - name: shared-config-volume + name: {{ include "common.name" . }}-config-vol - mountPath: /etc/localtime name: localtime readOnly: true @@ -96,12 +103,7 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: shared-config-volume - {{- if .Values.global.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Release.Name }}-config - {{- else }} + - name: {{ include "common.name" . }}-config-vol emptyDir: {} - {{- end }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-service/values.yaml b/kubernetes/aaf/charts/aaf-service/values.yaml index 7ec6364f3c..a3f154519b 100644 --- a/kubernetes/aaf/charts/aaf-service/values.yaml +++ b/kubernetes/aaf/charts/aaf-service/values.yaml @@ -25,7 +25,8 @@ flavor: small ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/aaf/aaf_service:2.1.2-SNAPSHOT +image: onap/aaf/aaf_service:2.1.7-SNAPSHOT +aaf_register_as: "aaf-service.onap" pullPolicy: Always @@ -77,4 +78,4 @@ resources: requests: cpu: 40m memory: 300Mi - unlimited: {}
\ No newline at end of file + unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml index d6ac1cb881..7cd5938a62 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml +++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/aaf/smsquorumclient:latest +image: onap/aaf/smsquorumclient:3.0.1 pullPolicy: Always # flag to enable debugging - application support required @@ -72,4 +72,4 @@ resources: requests: cpu: 10m memory: 100Mi - unlimited: {}
\ No newline at end of file + unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-sms/resources/config/has.json b/kubernetes/aaf/charts/aaf-sms/resources/config/has.json new file mode 100644 index 0000000000..4f48771275 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sms/resources/config/has.json @@ -0,0 +1,44 @@ +{ + "domain": { + "name": "has", + "secrets": [ + { + "name": "aai", + "values": { + "username": "oof@oof.onap.org", + "password": "demo123456!" + } + }, + { + "name": "conductor_api", + "values": { + "username": "admin1", + "password": "plan.15" + } + }, + { + "name": "sdnc", + "values": { + "username": "admin", + "password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U" + } + }, + { + "name": "music_api", + "values": { + "aafuser": "conductor", + "aafpass": "c0nduct0r", + "aafns": "conductor" + } + }, + { + "name": "aaf_api", + "values": { + "username": "aaf_admin@people.osaaf.org", + "password": "demo123456!", + "aaf_conductor_user": "oof@oof.onap.org" + } + } + ] + } +} diff --git a/kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json b/kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json new file mode 100644 index 0000000000..0950957b11 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json @@ -0,0 +1,98 @@ +{ + "domain": { + "name": "osdf", + "secrets": [ + { + "name": "so", + "values": { + "UserName": "", + "Password": "" + } + }, + { + "name": "conductor", + "values": { + "UserName": "admin1", + "Password": "plan.15" + } + }, + { + "name": "policyPlatform", + "values": { + "UserName": "testpdp", + "Password": "alpha123" + } + }, + { + "name": "policyClient", + "values": { + "UserName": "python", + "Password": "test" + } + }, + { + "name": "dmaap", + "values": { + "UserName": "NA", + "Password": "NA" + } + }, + { + "name": "sdc", + "values": { + "UserName": "NA", + "Password": "NA" + } + }, + { + "name": "osdfPlacement", + "values": { + "UserName": "test", + "Password": "testpwd" + } + }, + { + "name": "osdfPlacementSO", + "values": { + "UserName": "so_test", + "Password": "so_testpwd" + } + }, + { + "name": "osdfPlacementVFC", + "values": { + "UserName": "vfc_test", + "Password": "vfc_testpwd" + } + }, + { + "name": "osdfCMScheduler", + "values": { + "UserName": "test1", + "Password": "testpwd1" + } + }, + { + "name": "configDb", + "values": { + "UserName": "osdf", + "Password": "passwd" + } + }, + { + "name": "pciHMS", + "values": { + "UserName": "", + "Password": "" + } + }, + { + "name": "osdfPCIOpt", + "values": { + "UserName": "pci_test", + "Password": "pci_testpwd" + } + } + ] + } +}
\ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-sms/templates/configmap.yaml b/kubernetes/aaf/charts/aaf-sms/templates/configmap.yaml index 72ce6fbadb..b513d992ef 100644 --- a/kubernetes/aaf/charts/aaf-sms/templates/configmap.yaml +++ b/kubernetes/aaf/charts/aaf-sms/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright 2018 Intel Corporation, Inc # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap @@ -25,3 +27,16 @@ metadata: data: smsconfig.json: | {{ .Values.config | toJson }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-preload + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-preload + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/aaf/charts/aaf-sms/templates/job.yaml b/kubernetes/aaf/charts/aaf-sms/templates/job.yaml new file mode 100644 index 0000000000..2cee8d5e90 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sms/templates/job.yaml @@ -0,0 +1,92 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-preload + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + initContainers: + - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + command: + - /root/ready.py + args: + - --container-name + - "aaf-sms" + - --container-name + - "aaf-sms-quorumclient" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + containers: + - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.pullPolicy }} + name: {{ include "common.name" . }}-preload + command: + - "/sms/bin/preload" + - "-cacert" + - "/sms/certs/aaf_root_ca.cer" + - "-jsondir" + - "/preload/config" + - "-serviceport" + - "{{ .Values.service.internalPort }}" + - "-serviceurl" + - "https://aaf-sms.{{ include "common.namespace" . }}" + workingDir: /sms + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /preload/config + name: {{ include "common.name" . }}-preload + resources: +{{ include "common.resources" . | indent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name : {{ include "common.name" . }}-preload + configMap: + name: {{ include "common.fullname" . }}-preload + restartPolicy: OnFailure + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-sms/values.yaml b/kubernetes/aaf/charts/aaf-sms/values.yaml index 7a25581908..8e7ea29300 100644 --- a/kubernetes/aaf/charts/aaf-sms/values.yaml +++ b/kubernetes/aaf/charts/aaf-sms/values.yaml @@ -28,7 +28,7 @@ flavor: small ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/aaf/sms:latest +image: onap/aaf/sms:3.0.1 pullPolicy: Always # flag to enable debugging - application support required @@ -100,4 +100,4 @@ resources: requests: cpu: 10m memory: 100Mi - unlimited: {}
\ No newline at end of file + unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-sshsm/Chart.yaml b/kubernetes/aaf/charts/aaf-sshsm/Chart.yaml new file mode 100644 index 0000000000..78b10c5764 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sshsm/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Hardware Security Components +name: aaf-sshsm +version: 3.0.0 diff --git a/kubernetes/aaf/charts/aaf-sshsm/README.md b/kubernetes/aaf/charts/aaf-sshsm/README.md new file mode 100644 index 0000000000..a6f2e62cb9 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sshsm/README.md @@ -0,0 +1,24 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Helm Chart for ONAP Hardware Security Components + +This includes the following Kubernetes services: + +1. dist-center - A service that is used to create and distribute private keys +2. abrmd - A service that manages access to the TPM device + +# Service Dependencies + +All services depend on AAF
\ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml new file mode 100644 index 0000000000..9e8b16af04 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Trusted Platform Module Resource Manager +name: aaf-sshsm-abrmd +version: 3.0.0 diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml new file mode 100644 index 0000000000..61aa095e3b --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml @@ -0,0 +1,32 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} + +{{- end -}}
\ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml new file mode 100644 index 0000000000..8b2e0b8162 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml @@ -0,0 +1,87 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}} + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-init + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-job + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + backoffLimit: 2 + template: + metadata: + labels: + app: {{ include "common.name" . }}-job + release: {{ .Release.Name }} + spec: + restartPolicy: Never + containers: + - name: {{ include "common.name" . }}-job + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.pullPolicy }} + command: ["/abrmd/bin/initialize_tpm.sh"] + workingDir: /abrmd/bin + securityContext: + privileged: true + env: + - name: TPM_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: ABRMD_DATA + value: /abrmd/data + volumeMounts: + - name: {{ include "common.fullname" . }}-data + mountPath: /abrmd/data + - name: {{ include "common.fullname" . }}-tpm-device + mountPath: /dev/tpm0 + - name: {{ include "common.fullname" . }}-tpmconfig + mountPath: "/abrmd/cred/" + readOnly: true + resources: +{{ toYaml .Values.resources | indent 10 }} + nodeSelector: + {{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.global.tpm.enabled }} + {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + volumes: + - name: {{ include "common.fullname" . }}-data + persistentVolumeClaim: + claimName: {{ .Release.Name }}-aaf-sshsm-data + - name: {{ include "common.fullname" . }}-tpm-device + hostPath: + path: /dev/tpm0 + - name: {{ include "common.fullname" . }}-tpmconfig + secret: + secretName: {{ .Release.Name }}-aaf-sshsm + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" + +{{- end -}} diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml new file mode 100644 index 0000000000..a3a2004216 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml @@ -0,0 +1,93 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}} + +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + serviceName: + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + initContainers: + - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-job-complete + command: + - /root/job_complete.py + args: + - -j + - "{{ include "common.fullname" . }}-init" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + containers: + - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + name: {{ include "common.name" . }} + imagePullPolicy: {{ .Values.pullPolicy }} + command: ["/abrmd/bin/run_abrmd.sh"] + workingDir: /abrmd/bin + securityContext: + privileged: true + volumeMounts: + - name: {{ include "common.fullname" . }}-dbus + mountPath: /var/run/dbus + - name: {{ include "common.fullname" . }}-tpm-device + mountPath: /dev/tpm0 + - mountPath: /etc/localtime + name: localtime + readOnly: true + resources: +{{ toYaml .Values.resources | indent 10 }} + nodeSelector: + {{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.global.tpm.enabled }} + {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-dbus + persistentVolumeClaim: + claimName: {{ .Release.Name }}-aaf-sshsm-dbus + - name: {{ include "common.fullname" . }}-tpm-device + hostPath: + path: /dev/tpm0 + +{{- end -}} diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml new file mode 100644 index 0000000000..bf64c6d120 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml @@ -0,0 +1,60 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/aaf/abrmd:3.0.0 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +# Example: +# default number of instances +replicaCount: 1 + +# TPM specific node selection is done at parent chart aaf-sshsm +nodeSelector: {} + +affinity: {} + +ingress: + enabled: false + +# Configure resource requests and limits +flavor: small +resources: + small: + limits: + cpu: 200m + memory: 500Mi + requests: + cpu: 10m + memory: 10Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 10m + memory: 100Mi + unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml new file mode 100644 index 0000000000..3bb88466ef --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Trusted Platform Module Distribution Center +name: aaf-sshsm-distcenter +version: 3.0.0 diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml new file mode 100644 index 0000000000..ea0ea6062d --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml @@ -0,0 +1,32 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.distcenter.enabled -}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} + +{{- end -}}
\ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml new file mode 100644 index 0000000000..69a9956611 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml @@ -0,0 +1,105 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.distcenter.enabled -}} + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + serviceName: + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + restartPolicy: Never + initContainers: +{{- if .Values.global.tpm.enabled }} + - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + command: + - /root/job_complete.py + args: + - -j + - "{{ .Release.Name }}-aaf-sshsm-abrmd-init" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace +{{ else }} + - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-gen-passphrase + command: ["sh", "-c", "/usr/bin/openssl rand -base64 12 >/distcenter/data/passphrase"] + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: {{ include "common.fullname" . }}-data + mountPath: /distcenter/data +{{- end }} + containers: + - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + name: {{ include "common.name" . }} + imagePullPolicy: {{ .Values.pullPolicy }} + command: ["/entrypoint.sh"] + workingDir: /distcenter + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: {{ include "common.fullname" . }}-data + mountPath: /distcenter/data + resources: +{{ toYaml .Values.resources | indent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-data + persistentVolumeClaim: + claimName: {{ .Release.Name }}-aaf-sshsm-data + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" + +{{- end -}}
\ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml new file mode 100644 index 0000000000..fa5fd16c7f --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml @@ -0,0 +1,41 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.distcenter.enabled -}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} +spec: + capacity: + storage: {{ .Values.persistence.size}} + accessModes: + - {{ .Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }} +{{- end -}} + +{{- end -}}
\ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml new file mode 100644 index 0000000000..6497639a77 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml @@ -0,0 +1,51 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.distcenter.enabled -}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + name: {{ include "common.fullname" . }} + accessModes: + - {{ .Values.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.size }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} +{{- end -}}
\ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml new file mode 100644 index 0000000000..3993cfc281 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml @@ -0,0 +1,69 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/aaf/distcenter:3.0.0 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +# Example: +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +persistence: + enabled: true + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 10Mi + mountPath: /dockerdata-nfs + mountSubPath: sshsm/distcenter/data + +ingress: + enabled: false + +# Configure resource requests and limits +flavor: small +resources: + small: + limits: + cpu: 200m + memory: 500Mi + requests: + cpu: 10m + memory: 10Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 10m + memory: 100Mi + unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml new file mode 100644 index 0000000000..3855b04f2c --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Trusted Platform Module Test CA Service +name: aaf-sshsm-testca +version: 3.0.0 diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml new file mode 100644 index 0000000000..304f974d9d --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml @@ -0,0 +1,130 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.testca.enabled -}} + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + serviceName: + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + restartPolicy: Never + initContainers: + - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-distcenter-ready + command: + - /root/job_complete.py + args: + - -j + - "{{ .Release.Name }}-aaf-sshsm-distcenter" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace +{{- if .Values.global.tpm.enabled }} + - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-abrmd-ready + command: ["sh", "/sshsm/bin/abrmd_ready.sh", "300"] + workingDir: /testca/bin + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + volumeMounts: + - name: {{ include "common.fullname" . }}-dbus + mountPath: /var/run/dbus +{{- end }} + containers: + - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + name: {{ include "common.name" . }} + imagePullPolicy: {{ .Values.pullPolicy }} + command: ["./import.sh"] + workingDir: /testca/bin + env: +{{- if .Values.global.tpm.enabled }} + - name: TPM_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: DATA_FOLDER + value: /testca/data/host_$(TPM_NODE_NAME) +{{ else }} + - name: DATA_FOLDER + value: /testca/data +{{- end }} + - name: SECRETS_FOLDER + value: /testca/secrets + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: {{ include "common.fullname" . }}-data + mountPath: /testca/data + - name: {{ include "common.fullname" . }}-dbus + mountPath: /var/run/dbus + - name: {{ include "common.fullname" . }}-secrets + mountPath: /testca/secrets + readOnly: true + resources: +{{ toYaml .Values.resources | indent 10 }} + nodeSelector: + {{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.global.tpm.enabled }} + {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-data + persistentVolumeClaim: + claimName: {{ .Release.Name }}-aaf-sshsm-data + - name: {{ include "common.fullname" . }}-dbus + persistentVolumeClaim: + claimName: {{ .Release.Name }}-aaf-sshsm-dbus + - name: {{ include "common.fullname" . }}-secrets + secret: + secretName: {{ .Release.Name }}-aaf-sshsm + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" + +{{- end -}} diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml new file mode 100644 index 0000000000..3fd53d28cb --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml @@ -0,0 +1,61 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# + +enabled: true + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/aaf/testcaservice:3.0.0 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +# Example: +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +ingress: + enabled: false + +# Configure resource requests and limits +flavor: small +resources: + small: + limits: + cpu: 200m + memory: 500Mi + requests: + cpu: 10m + memory: 10Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 10m + memory: 100Mi + unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-sshsm/requirements.yaml b/kubernetes/aaf/charts/aaf-sshsm/requirements.yaml new file mode 100644 index 0000000000..3192c43776 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sshsm/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~3.0.0 + repository: '@local' diff --git a/kubernetes/aaf/charts/aaf-sshsm/resources/config/prk_passwd b/kubernetes/aaf/charts/aaf-sshsm/resources/config/prk_passwd new file mode 100644 index 0000000000..640b325898 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sshsm/resources/config/prk_passwd @@ -0,0 +1 @@ +cHJpbWFyeXBhc3N3b3JkCg== diff --git a/kubernetes/aaf/charts/aaf-sshsm/resources/config/srk_handle b/kubernetes/aaf/charts/aaf-sshsm/resources/config/srk_handle new file mode 100644 index 0000000000..b8b9d8ddb0 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sshsm/resources/config/srk_handle @@ -0,0 +1 @@ +MHg4MTAwMDAyMwo= diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pv.yaml b/kubernetes/aaf/charts/aaf-sshsm/templates/pv.yaml new file mode 100644 index 0000000000..b4d283f1c7 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sshsm/templates/pv.yaml @@ -0,0 +1,57 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-data + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }}-data +spec: + capacity: + storage: {{ .Values.persistence.size}} + accessModes: + - {{ .Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.dataMountSubPath }} +--- +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-dbus + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }}-dbus +spec: + capacity: + storage: {{ .Values.persistence.size}} + accessModes: + - {{ .Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.dbusMountSubPath }} +{{- end -}} diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc.yaml b/kubernetes/aaf/charts/aaf-sshsm/templates/pvc.yaml new file mode 100644 index 0000000000..c50a0bc587 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sshsm/templates/pvc.yaml @@ -0,0 +1,79 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-data + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + name: {{ include "common.fullname" . }}-data + accessModes: + - {{ .Values.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.size }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-dbus + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + name: {{ include "common.fullname" . }}-dbus + accessModes: + - {{ .Values.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.size }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/secret.yaml b/kubernetes/aaf/charts/aaf-sshsm/templates/secret.yaml new file mode 100644 index 0000000000..50b6f36cd3 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sshsm/templates/secret.yaml @@ -0,0 +1,22 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ (.Files.Glob "resources/config/*").AsSecrets | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-sshsm/values.yaml b/kubernetes/aaf/charts/aaf-sshsm/values.yaml new file mode 100644 index 0000000000..d06884652d --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sshsm/values.yaml @@ -0,0 +1,65 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + ubuntuInitRepository: oomk8s + ubuntuInitImage: ubuntu-init:1.0.0 + tpm: + enabled: false + # if enabled, nodeselector will use the below + # values in the nodeselector section of the pod + nodeLabel: "tpm-node" + nodeLabelValue: "true" + abrmd: + enabled: true + distcenter: + enabled: true + testca: + enabled: true + persistence: {} + +persistence: + enabled: true + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 10Mi + mountPath: /dockerdata-nfs + dataMountSubPath: sshsm/data + dbusMountSubPath: sshsm/dbus + +# Configure resource requests and limits +resources: + small: + limits: + cpu: 200m + memory: 500Mi + requests: + cpu: 10m + memory: 10Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 10m + memory: 100Mi + unlimited: {}
\ No newline at end of file |