diff options
Diffstat (limited to 'kubernetes/clamp')
20 files changed, 218 insertions, 151 deletions
diff --git a/kubernetes/clamp/charts/clamp-backend/templates/configmap.yaml b/kubernetes/clamp/charts/clamp-backend/templates/configmap.yaml index 0011c6a6d4..f66312c741 100644 --- a/kubernetes/clamp/charts/clamp-backend/templates/configmap.yaml +++ b/kubernetes/clamp/charts/clamp-backend/templates/configmap.yaml @@ -26,16 +26,5 @@ metadata: data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} spring_application_json: {{ tpl .Values.config.springApplicationJson . | quote }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.release" . }}-clamp-filebeat-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }} + +{{ include "common.log.configMap" . }} diff --git a/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml b/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml index bdae07a261..5e473bc12e 100644 --- a/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml +++ b/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml @@ -48,17 +48,8 @@ spec: name: {{ include "common.name" . }}-readiness containers: # side car containers - - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap + {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }} + # main container - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -81,17 +72,23 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap + - name: logs + mountPath: {{ .Values.log.path }} - mountPath: /opt/clamp/sdc-controllers-config.json name: {{ include "common.fullname" . }}-config subPath: sdc-controllers-config.json env: - - name: SPRING_APPLICATION_JSON - valueFrom: - configMapKeyRef: - name: {{ template "common.fullname" . }} - key: spring_application_json + - name: MYSQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + - name: MYSQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + - name: MYSQL_DATABASE + value: {{ tpl .Values.db.databaseName .}} + - name: SPRING_APPLICATION_JSON + valueFrom: + configMapKeyRef: + name: {{ template "common.fullname" . }} + key: spring_application_json resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -109,12 +106,8 @@ spec: items: - key: sdc-controllers-config.json path: sdc-controllers-config.json - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ include "common.release" . }}-clamp-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} - - name: {{ include "common.fullname" . }}-logs + - name: logs emptyDir: {} + {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml b/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml new file mode 100644 index 0000000000..57f88ce32d --- /dev/null +++ b/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/clamp/charts/clamp-backend/values.yaml b/kubernetes/clamp/charts/clamp-backend/values.yaml index 18888547c3..f354ad14a7 100644 --- a/kubernetes/clamp/charts/clamp-backend/values.yaml +++ b/kubernetes/clamp/charts/clamp-backend/values.yaml @@ -23,19 +23,34 @@ global: # global defaults readinessImage: readiness-check:2.0.0 persistence: {} +secrets: + - uid: db-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + passwordPolicy: required + flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-backend:5.0.3 +image: onap/clamp-backend:5.0.6 pullPolicy: Always # flag to enable debugging - application support required debugEnabled: false +# log configuration +log: + path: /var/log/onap + ################################################################# # Application configuration defaults. ################################################################# + +db: {} + config: log: logstashServiceName: log-ls @@ -43,8 +58,10 @@ config: mysqlPassword: strong_pitchou dataRootDir: /dockerdata-nfs springApplicationJson: > - { - "spring.datasource.cldsdb.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/cldsdb4?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3", + { + "spring.datasource.username": "${MYSQL_USER}", + "spring.datasource.password": "${MYSQL_PASSWORD}", + "spring.datasource.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3", "spring.profiles.active": "clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,legacy-operational-policy,default-dictionary-elements", "clamp.config.files.sdcController": "file:/opt/clamp/sdc-controllers-config.json", "clamp.config.dcae.inventory.url": "https4://inventory.{{ include "common.namespace" . }}:8080", @@ -59,7 +76,7 @@ config: "clamp.config.policy.pap.userName": "healthcheck", "clamp.config.policy.pap.password": "zb!XztG34", "clamp.config.cadi.aafLocateUrl": "https://aaf-locate.{{ include "common.namespace" . }}:8095" - } + } # default number of instances replicaCount: 1 diff --git a/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml b/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml index e4deab0e15..1eb20fce89 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml +++ b/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml @@ -87,7 +87,7 @@ discovery.zen.minimum_master_nodes: 1 discovery.seed_hosts: [] # # Breaking change in 7.0 # # https://www.elastic.co/guide/en/elasticsearch/reference/7.0/breaking-changes-7.0.html#breaking_70_discovery_changes -cluster.initial_master_nodes: +cluster.initial_master_nodes: - cldash-es-node1 # - docker-test-node-1 # ---------------------------------- Various ----------------------------------- @@ -125,4 +125,4 @@ opendistro_security.check_snapshot_restore_write_privileges: true opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"] cluster.routing.allocation.disk.threshold_enabled: false node.max_local_storage_nodes: 3 -######## End OpenDistro for Elasticsearch Security Demo Configuration ########
\ No newline at end of file +######## End OpenDistro for Elasticsearch Security Demo Configuration ######## diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/ingress.yaml b/kubernetes/clamp/charts/clamp-dash-kibana/templates/ingress.yaml new file mode 100644 index 0000000000..0cd8cfbd36 --- /dev/null +++ b/kubernetes/clamp/charts/clamp-dash-kibana/templates/ingress.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.ingress" . }} diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml b/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml index 8e640a4b3a..96a30f9e5f 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml +++ b/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml @@ -87,6 +87,12 @@ service: nodePort: 90 ingress: enabled: false + service: + - baseaddr: "cdash-kibana" + name: "cdash-kibana" + port: 5601 + config: + ssl: "redirect" #resources: {} # We usually recommend not to specify default resources and to leave this as a conscious diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf b/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf index 4b05910c02..c005fcca3e 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf +++ b/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf @@ -59,7 +59,7 @@ filter { if [http_request_failure] or [@metadata][code] != 200 { mutate { - add_tag => [ "error" ] + add_tag => [ "error" ] } } @@ -195,7 +195,7 @@ filter { clones => [ "event-cl-aggs" ] add_tag => [ "event-cl-aggs" ] } - + if "event-cl-aggs" in [@metadata][request][tags]{ # # we only need a few fields for aggregations; remove all fields from clone except : @@ -204,7 +204,7 @@ filter { prune { whitelist_names => ["^@.*$","^topic$","^type$","^tags$","^flagFinalFailure$","^flagAbated$","^locationState$","^locationCity$","^vmName$","^vnfName$","^vnfType$","^requestID$","^closedLoopAlarmStart$","^closedLoopControlName$","^closedLoopAlarmEnd$","^target$","^target_type$","^triggerSourceName$","^policyScope$","^policyName$","^policyVersion$"] } - + } } } diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bootstrap-database.sh b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bootstrap-database.sh deleted file mode 100755 index 224a813db9..0000000000 --- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bootstrap-database.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh - -### -# ============LICENSE_START======================================================= -# ONAP CLAMP -# ================================================================================ -# Copyright (C) 2017 AT&T Intellectual Property. All rights -# reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END============================================ -# =================================================================== -# -### - -mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < /docker-entrypoint-initdb.d/bulkload/create-db.sql -## New model creation -mysql -uroot -p$MYSQL_ROOT_PASSWORD -f cldsdb4 < /docker-entrypoint-initdb.d/bulkload/create-tables.sql diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-db.sql b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-db.sql deleted file mode 100644 index ea4d97c1b5..0000000000 --- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-db.sql +++ /dev/null @@ -1,11 +0,0 @@ -# -# Create CLDS database objects (tables, etc.) -# -# -CREATE DATABASE `cldsdb4`; -USE `cldsdb4`; -DROP USER 'clds'; -CREATE USER 'clds'; -GRANT ALL on cldsdb4.* to 'clds' identified by 'sidnnd83K' with GRANT OPTION; -FLUSH PRIVILEGES; - diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-tables.sql b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql index 1f153bce04..1f153bce04 100644 --- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-tables.sql +++ b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql diff --git a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml b/kubernetes/clamp/charts/mariadb/templates/configmap.yaml index 705c38fa19..522c5f9bf8 100644 --- a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml +++ b/kubernetes/clamp/charts/mariadb/templates/configmap.yaml @@ -17,19 +17,6 @@ apiVersion: v1 kind: ConfigMap metadata: - name: clamp-entrypoint-initdb-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: name: clamp-entrypoint-bulkload-configmap namespace: {{ include "common.namespace" . }} labels: @@ -38,7 +25,7 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/*").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }} --- apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml b/kubernetes/clamp/charts/mariadb/templates/deployment.yaml index be46f89433..7d22930b6a 100644 --- a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml +++ b/kubernetes/clamp/charts/mariadb/templates/deployment.yaml @@ -52,19 +52,19 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-root-password + - name: MYSQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + - name: MYSQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + - name: MYSQL_ROOT_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12 }} + - name: MYSQL_DATABASE + value: {{ tpl .Values.db.databaseName .}} volumeMounts: - - mountPath: /docker-entrypoint-initdb.d/bootstrap-database.sh - name: docker-entrypoint-initdb - subPath: bootstrap-database.sh - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: /docker-entrypoint-initdb.d/bulkload/ + - mountPath: /docker-entrypoint-initdb.d/ name: docker-entrypoint-bulkload - mountPath: /etc/mysql/conf.d/conf1/ name: clamp-mariadb-conf @@ -88,9 +88,6 @@ spec: {{- else }} emptyDir: {} {{- end }} - - name: docker-entrypoint-initdb - configMap: - name: clamp-entrypoint-initdb-configmap - name: docker-entrypoint-bulkload configMap: name: clamp-entrypoint-bulkload-configmap diff --git a/kubernetes/clamp/charts/mariadb/templates/secrets.yaml b/kubernetes/clamp/charts/mariadb/templates/secrets.yaml index 8f3a21752d..57f88ce32d 100644 --- a/kubernetes/clamp/charts/mariadb/templates/secrets.yaml +++ b/kubernetes/clamp/charts/mariadb/templates/secrets.yaml @@ -13,16 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - db-root-password: {{ .Values.config.mysqlPassword | b64enc | quote }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/clamp/charts/mariadb/values.yaml b/kubernetes/clamp/charts/mariadb/values.yaml index 8bf6100563..df651dd9ea 100644 --- a/kubernetes/clamp/charts/mariadb/values.yaml +++ b/kubernetes/clamp/charts/mariadb/values.yaml @@ -20,18 +20,27 @@ global: # global defaults nodePortPrefix: 302 persistence: {} - # application image repository: nexus3.onap.org:10001 image: mariadb:10.3.12 pullPolicy: Always flavor: small - ################################################################# -# Application configuration defaults. +# Secrets metaconfig ################################################################# -config: - mysqlPassword: strong_pitchou +secrets: + - uid: db-root-pass + type: password + externalSecret: '{{ tpl (default "" .Values.db.rootCredsExternalSecret) . }}' + password: '{{ .Values.db.rootPass }}' + - uid: db-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + +# Application configuration +db: {} # default number of instances replicaCount: 1 diff --git a/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml b/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml new file mode 100644 index 0000000000..dab2e44f5e --- /dev/null +++ b/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml @@ -0,0 +1,53 @@ +# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +filebeat.prospectors: +#it is mandatory, in our case it's log +- input_type: log + #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. + paths: + - /var/log/onap/*/*/*/*.log + - /var/log/onap/*/*/*.log + - /var/log/onap/*/*.log + #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive + ignore_older: 48h + # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit + clean_inactive: 96h + +# Name of the registry file. If a relative path is used, it is considered relative to the +# data path. Else full qualified file name. +#filebeat.registry_file: ${path.data}/registry + + +output.logstash: + #List of logstash server ip addresses with port number. + #But, in our case, this will be the loadbalancer IP address. + #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. + hosts: ["{{.Values.config.log.logstashServiceName}}:{{.Values.config.log.logstashPort}}"] + #If enable will do load balancing among availabe Logstash, automatically. + loadbalance: true + + #The list of root certificates for server verifications. + #If certificate_authorities is empty or not set, the trusted + #certificate authorities of the host system are used. + #ssl.certificate_authorities: $ssl.certificate_authorities + + #The path to the certificate for SSL client authentication. If the certificate is not specified, + #client authentication is not available. + #ssl.certificate: $ssl.certificate + + #The client certificate key used for client authentication. + #ssl.key: $ssl.key + + #The passphrase used to decrypt an encrypted key stored in the configured key file + #ssl.key_passphrase: $ssl.key_passphrase diff --git a/kubernetes/clamp/templates/configmap.yaml b/kubernetes/clamp/templates/configmap.yaml index 4278a6e6d3..3fce850140 100644 --- a/kubernetes/clamp/templates/configmap.yaml +++ b/kubernetes/clamp/templates/configmap.yaml @@ -25,3 +25,5 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} + +{{ include "common.log.configMap" . }} diff --git a/kubernetes/clamp/templates/deployment.yaml b/kubernetes/clamp/templates/deployment.yaml index e4ac4723da..e8a7cc25cd 100644 --- a/kubernetes/clamp/templates/deployment.yaml +++ b/kubernetes/clamp/templates/deployment.yaml @@ -48,17 +48,8 @@ spec: name: {{ include "common.name" . }}-readiness containers: # side car containers - - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/nginx/ + {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }} + # main container - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -79,8 +70,8 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/nginx/ + - name: logs + mountPath: {{ .Values.log.path }} - mountPath: /etc/nginx/conf.d/default.conf name: {{ include "common.fullname" . }}-config subPath: default.conf @@ -101,13 +92,8 @@ spec: items: - key: default.conf path: default.conf - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ include "common.release" . }}-clamp-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} - - name: {{ include "common.fullname" . }}-logs + - name: logs emptyDir: {} + {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" - diff --git a/kubernetes/clamp/templates/secrets.yaml b/kubernetes/clamp/templates/secrets.yaml new file mode 100644 index 0000000000..57f88ce32d --- /dev/null +++ b/kubernetes/clamp/templates/secrets.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml index 47eca67f91..9446ca8eb3 100644 --- a/kubernetes/clamp/values.yaml +++ b/kubernetes/clamp/values.yaml @@ -22,6 +22,34 @@ global: # global defaults readinessImage: readiness-check:2.0.0 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + centralizedLoggingEnabled: false + +secrets: + - uid: db-root-pass + name: &dbRootPass '{{ include "common.release" . }}-clamp-db-root-pass' + type: password + password: '{{ .Values.db.rootPass }}' + - uid: db-secret + name: &dbUserPass '{{ include "common.release" . }}-clamp-db-user-pass' + type: basicAuth + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + +db: + user: clds +# password: sidnnd83K + databaseName: &dbName cldsdb4 +# rootPass: emrys user: testos + +clamp-backend: + db: + userCredsExternalSecret: *dbUserPass + databaseName: *dbName +mariadb: + db: + rootCredsExternalSecret: *dbRootPass + userCredsExternalSecret: *dbUserPass + databaseName: *dbName subChartsOnly: enabled: true @@ -30,12 +58,16 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-frontend:5.0.3 +image: onap/clamp-frontend:5.0.6 pullPolicy: Always # flag to enable debugging - application support required debugEnabled: false +# log configuration +log: + path: /var/log/nginx/ + ################################################################# # Application configuration defaults. ################################################################# @@ -84,7 +116,7 @@ service: ingress: enabled: false service: - - baseaddr: "clamp" + - baseaddr: "clamp.api" name: "clamp" port: 2443 config: |