20 files changed, 139 insertions, 41 deletions

diff --git a/kubernetes/common/Makefile b/kubernetes/common/Makefile
index 0e923b7a75..817a2e24bc 100644
--- a/kubernetes/common/Makefile
+++ b/kubernetes/common/Makefile
@@ -20,11 +20,14 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
 COMMON_CHARTS_DIR := common
 
 EXCLUDES :=
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+PROCESSED_LAST := cert-wrapper
+TO_FILTER := $(EXCLUDES) $(PROCESSED_LAST)
 
-HELM_VER := $(shell helm version --template "{{.Version}}")
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(TO_FILTER), $(sort $(patsubst %/.,%,$(wildcard */.)))) $(PROCESSED_LAST)
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
 
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+.PHONY: $(HELM_CHARTS) $(TO_FILTER)
 
 all: $(COMMON_CHARTS_DIR) $(HELM_CHARTS)
 
@@ -36,19 +39,19 @@ make-%:
 	@if [ -f $*/Makefile ]; then make -C $*; fi
 
 dep-%: make-%
-	@if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+	@if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
 
 lint-%: dep-%
-	@if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
 
 package-%: lint-%
 	@mkdir -p $(PACKAGE_DIR)
 ifeq "$(findstring v3,$(HELM_VER))" "v3"
-	@if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+	@if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
 else
-	@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+	@if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
 endif
-	@helm repo index $(PACKAGE_DIR)
+	@$(HELM_BIN) repo index $(PACKAGE_DIR)
 
 clean:
 	@rm -f */requirements.lock
diff --git a/kubernetes/common/cassandra/templates/backup/cronjob.yaml b/kubernetes/common/cassandra/templates/backup/cronjob.yaml
index cabe59f696..b242de2b6b 100644
--- a/kubernetes/common/cassandra/templates/backup/cronjob.yaml
+++ b/kubernetes/common/cassandra/templates/backup/cronjob.yaml
@@ -149,7 +149,7 @@ spec:
                 subPath: exec.py
           containers:
             - name: cassandra-backup-validate
-              image: "{{ .Values.image }}"
+              image: "{{ include "common.repository" . }}/{{ .Values.image }}"
               imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
               command:
               - /bin/bash
diff --git a/kubernetes/common/cert-wrapper/Chart.yaml b/kubernetes/common/cert-wrapper/Chart.yaml
new file mode 100644
index 0000000000..68d5400743
--- /dev/null
+++ b/kubernetes/common/cert-wrapper/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: Wrapper chart to allow truststore to be shared among cert-initializer instances
+name: cert-wrapper
+version: 6.0.0
diff --git a/kubernetes/common/cert-wrapper/requirements.yaml b/kubernetes/common/cert-wrapper/requirements.yaml
new file mode 100644
index 0000000000..b6a667e448
--- /dev/null
+++ b/kubernetes/common/cert-wrapper/requirements.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: certInitializer
+    version: ~6.x-0
+    repository: 'file://../certInitializer'
diff --git a/kubernetes/common/certInitializer/resources/import-custom-certs.sh b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
index dd311830e7..7e2fa91363 100755
--- a/kubernetes/common/certInitializer/resources/import-custom-certs.sh
+++ b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
@@ -1,4 +1,5 @@
 #!/bin/bash
+{{/*
 
 # Copyright © 2020 Bell Canada
 #
@@ -13,6 +14,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 CERTS_DIR=${CERTS_DIR:-/certs}
 WORK_DIR=${WORK_DIR:-/updatedTruststore}
diff --git a/kubernetes/common/certInitializer/resources/truststoreONAP.p12.b64 b/kubernetes/common/cert-wrapper/resources/truststoreONAP.p12.b64
index 71b6782c58..71b6782c58 100644
--- a/kubernetes/common/certInitializer/resources/truststoreONAP.p12.b64
+++ b/kubernetes/common/cert-wrapper/resources/truststoreONAP.p12.b64
diff --git a/kubernetes/common/certInitializer/resources/truststoreONAPall.jks.b64 b/kubernetes/common/cert-wrapper/resources/truststoreONAPall.jks.b64
index 17b051268f..17b051268f 100644
--- a/kubernetes/common/certInitializer/resources/truststoreONAPall.jks.b64
+++ b/kubernetes/common/cert-wrapper/resources/truststoreONAPall.jks.b64
diff --git a/kubernetes/common/cert-wrapper/templates/configmap.yaml b/kubernetes/common/cert-wrapper/templates/configmap.yaml
new file mode 100644
index 0000000000..117a4ab718
--- /dev/null
+++ b/kubernetes/common/cert-wrapper/templates/configmap.yaml
@@ -0,0 +1,22 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+{{- $suffix := "certs" }}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . ) | nindent 2 }}
+data:
+{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/common/cert-wrapper/values.yaml b/kubernetes/common/cert-wrapper/values.yaml
new file mode 100644
index 0000000000..fcece0e3f5
--- /dev/null
+++ b/kubernetes/common/cert-wrapper/values.yaml
@@ -0,0 +1,17 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+certInitializer:
+  nameOverride: cert-initializer
+  createCertsCM: true
diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
index 6734e0be81..800364f1a2 100644
--- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml
+++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
@@ -172,7 +172,7 @@
     medium: Memory
 - name: aaf-agent-certs
   configMap:
-    name: {{ include "common.fullname" $subchartDot }}-certs
+    name: {{ tpl $subchartDot.Values.certsCMName $subchartDot }}
     defaultMode: 0700
 
 {{-     if $initRoot.aaf_add_config }}
diff --git a/kubernetes/common/certInitializer/templates/configmap.yaml b/kubernetes/common/certInitializer/templates/configmap.yaml
index a89a33152b..7abbf9c7d8 100644
--- a/kubernetes/common/certInitializer/templates/configmap.yaml
+++ b/kubernetes/common/certInitializer/templates/configmap.yaml
@@ -23,10 +23,3 @@ data:
   aaf-add-config.sh: |
     {{ tpl .Values.aaf_add_config . | indent 4 }}
 {{- end }}
----
-apiVersion: v1
-kind: ConfigMap
-{{- $suffix := "certs" }}
-metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . ) | nindent 2 }}
-data:
-{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml
index 642fe7799b..66251fa29a 100644
--- a/kubernetes/common/certInitializer/values.yaml
+++ b/kubernetes/common/certInitializer/values.yaml
@@ -56,3 +56,9 @@ importCustomCertsEnabled: false
 truststoreMountpath: ""
 truststoreOutputFileName: truststore.jks
 truststorePassword: changeit
+
+# This introduces implicit dependency on cert-wrapper
+# if you are using cert initializer cert-wrapper has to be also deployed.
+# We had to move this CM to a separate chart to reduce the total size of our charts
+# as it exceeds the default helm limits.
+certsCMName: '{{ include "common.release" . }}-cert-wrapper-certs'
diff --git a/kubernetes/common/dgbuilder/resources/config/svclogic.properties b/kubernetes/common/dgbuilder/resources/config/svclogic.properties
index 28612a270b..01edb4d411 100644
--- a/kubernetes/common/dgbuilder/resources/config/svclogic.properties
+++ b/kubernetes/common/dgbuilder/resources/config/svclogic.properties
@@ -1,3 +1,4 @@
+{{/*
 # Copyright © 2018 AT&T, Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 org.onap.ccsdk.sli.dbtype=jdbc
 org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/{{.Values.config.db.dbName}}
diff --git a/kubernetes/common/elasticsearch/.helmignore b/kubernetes/common/elasticsearch/.helmignore
new file mode 100644
index 0000000000..68ffb32406
--- /dev/null
+++ b/kubernetes/common/elasticsearch/.helmignore
@@ -0,0 +1 @@
+components/
diff --git a/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh
index 678761736a..b354efe86c 100755
--- a/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh
+++ b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh
@@ -1,8 +1,10 @@
 #!/bin/bash
+{{/*
 #
 # Adfinis SyGroup AG
 # openshift-mariadb-galera: mysql setup script
 #
+*/}}
 
 set -eox pipefail
 
diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml
index afd6c547ea..8a46098a21 100644
--- a/kubernetes/common/mariadb-galera/values.yaml
+++ b/kubernetes/common/mariadb-galera/values.yaml
@@ -150,11 +150,11 @@ externalConfig: ""
 resources:
   small:
     limits:
-      cpu: 2
-      memory: 4Gi
+      cpu: 500m
+      memory: 1.5Gi
     requests:
-      cpu: 1
-      memory: 2Gi
+      cpu: 100m
+      memory: 750Mi
   large:
     limits:
       cpu: 2
diff --git a/kubernetes/common/mariadb-init/resources/config/db_init.sh b/kubernetes/common/mariadb-init/resources/config/db_init.sh
index 40254d469b..fa4b007a5a 100755
--- a/kubernetes/common/mariadb-init/resources/config/db_init.sh
+++ b/kubernetes/common/mariadb-init/resources/config/db_init.sh
@@ -1,4 +1,5 @@
 #!/bin/bash
+{{/*
 # Copyright © 2019 Orange
 # Copyright © 2020 Samsung Electronics
 #
@@ -13,6 +14,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+*/}}
 
 # make sure the script fails if any of commands failed
 set -e
diff --git a/kubernetes/common/music/charts/music/resources/config/startup.sh b/kubernetes/common/music/charts/music/resources/config/startup.sh
index 7ab32558b4..37bb84de8b 100755
--- a/kubernetes/common/music/charts/music/resources/config/startup.sh
+++ b/kubernetes/common/music/charts/music/resources/config/startup.sh
@@ -1,4 +1,5 @@
 #!/bin/bash
+{{/*
 #
 # ============LICENSE_START==========================================
 # org.onap.music
@@ -19,6 +20,7 @@
 #
 # ============LICENSE_END=============================================
 # ====================================================================
+*/}}
 
 echo "Running startup script to get password from certman"
 PWFILE=/opt/app/aafcertman/.password
diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl
index 9ce9b88644..1048811328 100644
--- a/kubernetes/common/postgres/templates/_deployment.tpl
+++ b/kubernetes/common/postgres/templates/_deployment.tpl
@@ -146,8 +146,7 @@ spec:
         - mountPath: /backup
           name: {{ include "common.fullname" $dot }}-backup
           readOnly: true
-        resources:
-{{ include "common.resources" $dot | indent 12 }}
+        resources: {{ include "common.resources" $dot | nindent 12 }}
         {{- if $dot.Values.nodeSelector }}
         nodeSelector:
 {{ toYaml $dot.Values.nodeSelector | indent 10 }}
diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml
index fbc43c0768..b653ba1a41 100644
--- a/kubernetes/common/postgres/values.yaml
+++ b/kubernetes/common/postgres/values.yaml
@@ -125,21 +125,32 @@ service:
 ingress:
   enabled: false
 
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  #
-  # Example:
-  # Configure resource requests and limits
-  # ref: http://kubernetes.io/docs/user-guide/compute-resources/
-  # Minimum memory for development is 2 CPU cores and 4GB memory
-  # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-#  limits:
-#    cpu: 2
-#    memory: 4Gi
-#  requests:
-#    cpu: 2
-#    memory: 4Gi
+flavor: small
+
+#resources: {}
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+#
+# Example:
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+# Minimum memory for development is 2 CPU cores and 4GB memory
+# Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+  small:
+    limits:
+      cpu: 100m
+      memory: 300Mi
+    requests:
+      cpu: 10m
+      memory: 90Mi
+  large:
+    limits:
+      cpu: 2
+      memory: 4Gi
+    requests:
+      cpu: 1
+      memory: 2Gi
+  unlimited: {}