diff options
Diffstat (limited to 'kubernetes/common')
21 files changed, 622 insertions, 75 deletions
diff --git a/kubernetes/common/common/templates/_aafconfig.tpl b/kubernetes/common/common/templates/_aafconfig.tpl new file mode 100644 index 0000000000..db7cbe8d8d --- /dev/null +++ b/kubernetes/common/common/templates/_aafconfig.tpl @@ -0,0 +1,226 @@ +{{/* +# Copyright © 2020 Amdocs, Bell Canada, highstreet technologies GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* + common templates to enable aaf configs for applictaions + + Parameter for aafConfig to be defined in values.yaml + aafConfig: --> if a different key is used, call templates with argument (dict "aafRoot" "<yourkey>" "dot" .) + # additional scripts can be defined to handle certs + addconfig: true|false + fqdn: "sdnc" + image: onap/aaf/aaf_agent:2.1.15 + app_ns: "org.osaaf.aaf" + fqi: "sdnc@sdnc.onap.org" + fqi_namespace: org.onap.sdnc + public_fqdn: "aaf.osaaf.org" + aafDeployFqi: "deployer@people.osaaf.org" + aafDeployPass: demo123456! + cadi_latitude: "38.0" + cadi_longitude: "-72.0" + persistence: + enabled: true + config.volumeReclaimPolicy: Delete + config.accessMode: ReadWriteMany + config.size: 40M + config.storageClass: "manual" + config.mountPath: "/dockerdata-nfs" + config.mountSubPath: "sdnc/aaf" + # secrets configuration, Note: create a secrets template + secrets: + - uid: aaf-deploy-creds + type: basicAuth + externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}' + login: '{{ .Values.aafConfig.aafDeployFqi }}' + password: '{{ .Values.aafConfig.aafDeployPass }}' + passwordPolicy: required + + In deployments/jobs/stateful include: + initContainers: + {{ include "common.aaf-config" . | nindent XX}} + + containers: + volumeMounts: + {{- if .Values.global.aafEnabled }} + - mountPath: "/opt/app/osaaf" + name: {{ include "common.fullname" . }}-aaf-config-vol + {{- end }} + volumes: + {{- include "common.aaf-config-volumes" . | nindent XX}} + + If persistence.enabled = true + Create pvc: + {{ include "common.aaf-config-pvc" . }} + Create pv + {{ include "common.aaf-config-pv" . }} + +*/}} +{{- define "common.aaf-config" -}} +{{- $dot := default . .dot -}} +{{- $aafRoot := default "aafConfig" .aafRoot -}} +{{ if .Values.global.aafEnabled }} +- name: {{ include "common.name" . }}-aaf-readiness + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - aaf-locate + - --container-name + - aaf-cm + - --container-name + - aaf-service + + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace +- name: {{ include "common.name" . }}-aaf-config + image: {{ .Values.global.repository }}/{{index .Values $aafRoot "image" }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: "/opt/app/osaaf" + name: {{ include "common.fullname" . }}-aaf-config-vol + {{- if (index .Values $aafRoot "addconfig") }} + - name: aaf-add-config + mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh + subPath: aaf-add-config.sh + {{- end }} + command: + - sh + - -c + - | + #!/usr/bin/env bash + /opt/app/aaf_config/bin/agent.sh + {{- if (index .Values $aafRoot "addconfig") }} + /opt/app/aaf_config/bin/aaf-add-config.sh + {{- end }} + env: + - name: APP_FQI + value: "{{ index .Values $aafRoot "fqi" }}" + - name: aaf_locate_url + value: "https://aaf-locate.{{ .Release.Namespace}}:8095" + - name: aaf_locator_container + value: "oom" + - name: aaf_locator_container_ns + value: "{{ .Release.Namespace }}" + - name: aaf_locator_fqdn + value: "{{ index .Values $aafRoot "fqdn" }}" + - name: aaf_locator_app_ns + value: "{{ index .Values $aafRoot "app_ns" }}" + - name: DEPLOY_FQI + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "login") | indent 6 }} + - name: DEPLOY_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "password") | indent 6 }} + #Note: want to put this on Nodes, evenutally + - name: cadi_longitude + value: "{{ default "52.3" (index .Values $aafRoot "cadi_longitude") }}" + - name: cadi_latitude + value: "{{ default "13.2" (index .Values $aafRoot "cadi_latitude") }}" + #Hello specific. Clients don't don't need this, unless Registering with AAF Locator + - name: aaf_locator_public_fqdn + value: "{{ (index .Values $aafRoot "public_fqdn") | default "" }}" +{{- end -}} +{{- end -}} + + +{{- define "common.aaf-config-volume-mountpath" -}} +{{ if .Values.global.aafEnabled }} +- mountPath: "/opt/app/osaaf" + name: {{ include "common.fullname" . }}-aaf-config-vol +{{- end -}} +{{- end -}} + +{{- define "common.aaf-config-volumes" -}} +{{ if .Values.global.aafEnabled }} +{{- $dot := default . .dot -}} +{{- $aafRoot := default "aafConfig" .aafRoot -}} +- name: {{ include "common.fullname" . }}-aaf-config-vol + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-aaf-config-pvc +{{- if (index .Values $aafRoot "addconfig") }} +- name: aaf-add-config + configMap: + name: {{ include "common.fullname" . }}-aaf-add-config + defaultMode: 0700 +{{- end }} +{{- end -}} +{{- end }} + +{{- define "common.aaf-config-pv" -}} +{{- $dot := default . .dot -}} +{{- $aafRoot := default "aafConfig" .aafRoot -}} +metadata: + name: {{ include "common.fullname" . }}-aaf-config-pv + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-aaf-config-pv + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} +spec: + capacity: + storage: {{ index .Values $aafRoot "persistence" "config" "size"}} + accessModes: + - {{ index .Values $aafRoot "persistence" "config" "accessMode" }} + persistentVolumeReclaimPolicy: {{ index .Values $aafRoot "persistence" "config" "volumeReclaimPolicy" }} + hostPath: + path: {{ index .Values $aafRoot "persistence" "config" "mountPath" }}/{{ .Release.Name }}/{{ index .Values $aafRoot "persistence" "config" "mountSubPath" }} +{{- if (index .Values $aafRoot "persistence" "config" "storageClass") }} +{{- if (eq "-" (index .Values $aafRoot "persistence" "config" "storageClass")) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ index .Values $aafRoot "persistence" "config" "storageClass" }}" +{{- end }} +{{- end }} +{{- end -}} + +{{- define "common.aaf-config-pvc" -}} +{{- $dot := default . .dot -}} +{{- $aafRoot := default "aafConfig" .aafRoot -}} +metadata: + name: {{ include "common.fullname" . }}-aaf-config-pvc + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- if (index .Values $aafRoot "persistence" "annotations") }} + annotations: +{{ toYaml (index .Values $aafRoot "persistence" "annotations" ) | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app: {{ include "common.name" . }}-aaf-config-pv + accessModes: + - {{ index .Values $aafRoot "persistence" "config" "accessMode" }} + resources: + requests: + storage: {{ index .Values $aafRoot "persistence" "config" "size" }} +{{- if (index .Values $aafRoot "persistence" "config" "storageClass") }} +{{- if (eq "-" (index .Values $aafRoot "persistence" "config" "storageClass")) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ index .Values $aafRoot "persistence" "config" "storageClass" }}" +{{- end }} +{{- end }} +{{- end -}} diff --git a/kubernetes/common/common/templates/_labels.tpl b/kubernetes/common/common/templates/_labels.tpl index 95d51e17b7..66727629ef 100644 --- a/kubernetes/common/common/templates/_labels.tpl +++ b/kubernetes/common/common/templates/_labels.tpl @@ -18,45 +18,84 @@ {{/* Common labels +The function takes several arguments (inside a dictionary): + - .dot : environment (.) + - .labels : labels to add (dict) */}} {{- define "common.labels" -}} -app.kubernetes.io/name: {{ include "common.name" . }} -helm.sh/chart: {{ include "common.chart" . }} -app.kubernetes.io/instance: {{ include "common.release" . }} -app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- $dot := default . .dot -}} +app.kubernetes.io/name: {{ include "common.name" $dot }} +helm.sh/chart: {{ include "common.chart" $dot }} +app.kubernetes.io/instance: {{ include "common.release" $dot }} +app.kubernetes.io/managed-by: {{ $dot.Release.Service }} +{{ if .labels }} +{{- include "common.tplValue" (dict "value" .labels "context" $dot) }} +{{- end -}} {{- end -}} {{/* Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +The function takes several arguments (inside a dictionary): + - .dot : environment (.) + - .matchLabels: selectors/matchlLabels to add (dict) */}} {{- define "common.matchLabels" -}} -app.kubernetes.io/name: {{ include "common.name" . }} -app.kubernetes.io/instance: {{ include "common.release" . }} +{{- $dot := default . .dot -}} +{{- if not .matchLabels.nameNoMatch -}} +app.kubernetes.io/name: {{ include "common.name" $dot }} +{{- end }} +app.kubernetes.io/instance: {{ include "common.release" $dot }} +{{ if .matchLabels }} +{{$_ := unset .matchLabels "nameNoMatch"}} +{{- include "common.tplValue" (dict "value" .matchLabels "context" $dot) }} +{{- end -}} {{- end -}} {{/* Generate "top" metadata for Deployment / StatefulSet / ... + The function takes several arguments (inside a dictionary): + - .dot : environment (.) + - .labels: labels to add (dict) + - .suffix: suffix to name + */}} {{- define "common.resourceMetadata" -}} -name: {{ include "common.fullname" . }} -namespace: {{ include "common.namespace" . }} -labels: {{- include "common.labels" . | nindent 2 }} +{{- $dot := default . .dot -}} +{{- $suffix := default "" .suffix -}} +{{- $labels := default (dict) .labels -}} +{{- $annotations := default (dict) .annotations -}} +name: {{ include "common.fullname" (dict "suffix" $suffix "dot" $dot )}} +namespace: {{ include "common.namespace" $dot }} +labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot ) | nindent 2 }} +{{- if $annotations }} +annotations: {{- include "common.tplValue" (dict "value" $annotations "context" $dot) | nindent 2}} +{{- end -}} {{- end -}} {{/* Generate selectors for Deployment / StatefulSet / ... + The function takes several arguments (inside a dictionary): + - .dot : environment (.) + - .matchLabels: labels to add (dict) */}} {{- define "common.selectors" -}} -matchLabels: {{- include "common.matchLabels" . | nindent 2 }} +{{- $dot := default . .dot -}} +{{- $matchLabels := default (dict) .matchLabels -}} +matchLabels: {{- include "common.matchLabels" (dict "matchLabels" $matchLabels "dot" $dot) | nindent 2 }} {{- end -}} {{/* Generate "template" metadata for Deployment / StatefulSet / ... + The function takes several arguments (inside a dictionary) + - .dot : environment (.) + - .labels: labels to add (dict) */}} {{- define "common.templateMetadata" -}} -{{- if .Values.podAnnotations }} -annotations: {{- include "common.tplValue" (dict "value" .Values.podAnnotations "context" $) | nindent 2 }} +{{- $dot := default . .dot -}} +{{- $labels := default (dict) .labels -}} +{{- if $dot.Values.podAnnotations }} +annotations: {{- include "common.tplValue" (dict "value" $dot.Values.podAnnotations "context" $) | nindent 2 }} {{- end }} -labels: {{- include "common.labels" . | nindent 2 }} -name: {{ include "common.name" . }} +labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent 2 }} +name: {{ include "common.name" $dot }} {{- end -}} diff --git a/kubernetes/common/common/templates/_name.tpl b/kubernetes/common/common/templates/_name.tpl index 943078ff2f..e918cc1dd8 100644 --- a/kubernetes/common/common/templates/_name.tpl +++ b/kubernetes/common/common/templates/_name.tpl @@ -16,9 +16,14 @@ {{/* Expand the name of a chart. + The function takes from one to two arguments (inside a dictionary): + - .dot : environment (.) + - .suffix : add a suffix to the name */}} {{- define "common.name" -}} - {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} + {{- $dot := default . .dot -}} + {{- $suffix := .suffix -}} + {{- default $dot.Chart.Name $dot.Values.nameOverride | trunc 63 | trimSuffix "-" -}}{{ if $suffix }}{{ print "-" $suffix }}{{ end }} {{- end -}} {{/* @@ -28,16 +33,25 @@ {{- define "common.fullnameExplicit" -}} {{- $dot := .dot }} {{- $name := .chartName }} - {{- printf "%s-%s" (include "common.release" $dot) $name | trunc 63 | trimSuffix "-" -}} + {{- $suffix := default "" .suffix -}} + {{- printf "%s-%s-%s" (include "common.release" $dot) $name $suffix | trunc 63 | trimSuffix "-" | trimSuffix "-" -}} {{- end -}} {{/* Create a default fully qualified application name. Truncated at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). + Usage: + include "common.fullname" . + include "common.fullname" (dict "suffix" "mySuffix" "dot" .) + The function takes from one to two arguments: + - .dot : environment (.) + - .suffix : add a suffix to the fullname */}} {{- define "common.fullname" -}} - {{- $name := default .Chart.Name .Values.nameOverride -}} - {{- include "common.fullnameExplicit" (dict "dot" . "chartName" $name) }} +{{- $dot := default . .dot -}} +{{- $suffix := default "" .suffix -}} + {{- $name := default $dot.Chart.Name $dot.Values.nameOverride -}} + {{- include "common.fullnameExplicit" (dict "dot" $dot "chartName" $name "suffix" $suffix) }} {{- end -}} {{/* diff --git a/kubernetes/common/common/templates/_secret.yaml b/kubernetes/common/common/templates/_secret.tpl index 9f41906c9e..064b0c16af 100644 --- a/kubernetes/common/common/templates/_secret.yaml +++ b/kubernetes/common/common/templates/_secret.tpl @@ -78,6 +78,38 @@ type: Opaque {{- end }} {{- end -}} +{{/* + For internal use only! + + Pick a value based on "user input" and generation policy. + + The template takes below arguments: + - .global: environment (.) + - .secretName: name of the secret where the value will be placed + - .secretEnv: map of values which configures this secret. This can contain below keys: + - value: Value of secret key provided by user (can be a template inside a string) + - policy: What to do if value is missing or empty. Possible options are: + - generate: Generate a new password deriving it from master password + - required: Fail the deployment if value has not been provided + Defaults to generate. + - name: Name of the key to which this value should be assigned +*/}} +{{- define "common.secret._valueFast" -}} + {{- $global := .global }} + {{- $name := .secretName }} + {{- $secretEnv := .secretEnv }} + {{- $value := $secretEnv.value }} + {{- $policy := default "generate" $secretEnv.policy }} + + {{- if $value }} + {{- $value | quote }} + {{- else if eq $policy "generate" }} + {{- include "common.createPassword" (dict "dot" $global "uid" $name) | quote }} + {{- else }} + {{- fail (printf "Value for %s secret %s key not provided" $name $secretEnv.name) }} + {{- end }} +{{- end -}} + {{/* Generate a secret name based on provided name or UID. @@ -100,6 +132,14 @@ type: Opaque {{- default (printf "%s-%s" $fullname $uid) $name }} {{- end -}} +{{- define "common.secret.genNameFast" -}} + {{- $global := .global }} + {{- $uid := (default "" .uid) }} + {{- $name := (default "" .name) }} + {{- $fullname := ne (default "" .chartName) "" | ternary (include "common.fullnameExplicit" (dict "dot" $global "chartName" .chartName)) (include "common.fullname" $global) }} + {{- default (printf "%s-%s" $fullname $uid) $name }} +{{- end -}} + {{/* Get the real secret name by UID or name, based on the configuration provided by user. User may decide to not create a new secret but reuse existing one for this deployment @@ -122,8 +162,8 @@ type: Opaque {{- $uid := tpl (default "" .uid) $global }} {{- $targetName := default (include "common.secret.genName" (dict "global" $global "uid" $uid "name" .name)) $name}} {{- range $secret := $global.Values.secrets }} - {{- $givenName := tpl (default "" $secret.name) $global }} {{- $currUID := tpl (default "" $secret.uid) $global }} + {{- $givenName := tpl (default "" $secret.name) $global }} {{- $currName := default (include "common.secret.genName" (dict "global" $global "uid" $currUID "name" $secret.name)) $givenName }} {{- if or (eq $uid $currUID) (eq $currName $targetName) }} {{- $externalSecret := tpl (default "" $secret.externalSecret) $global }} @@ -132,6 +172,51 @@ type: Opaque {{- end }} {{- end -}} +{{- define "common.secret.getSecretNameFast" -}} + {{- $global := .global }} + {{- include "common.secret.buildCache" $global }} + {{- $secretsCache := $global.Values._secretsCache }} + {{- $uid := tpl .uid $global }} + {{- $secret := index $secretsCache $uid }} + {{- $secret.realName }} +{{- end -}} + +{{- define "common.secret.buildCache" -}} + {{- $global := . }} + {{- if not $global.Values._secretsCache }} + {{- $secretCache := dict }} + {{- range $secret := .Values.secrets }} + {{- $entry := dict }} + {{- $uid := tpl (default "" $secret.uid) $global }} + {{- $keys := keys $secret }} + {{- range $key := (without $keys "annotations" "filePaths" )}} + {{- $_ := set $entry $key (tpl (index $secret $key) $global) }} + {{- end }} + {{- if $secret.annotations }} + {{- $_ := set $entry "annotations" $secret.annotations }} + {{- end }} + {{- if $secret.filePaths }} + {{- if kindIs "string" $secret.filePaths }} + {{- $evaluated := tpl (default "" $secret.filePaths) $global }} + {{- if and $evaluated (ne $evaluated "\"\"") }} + {{- $fstr := printf "val:\n%s" ($evaluated | indent 2) }} + {{- $flist := (index (tpl $fstr $global | fromYaml) "val") }} + {{- $_ := set $entry "filePaths" $flist }} + {{- else }} + {{- $_ := set $entry "filePaths" (list) }} + {{- end }} + {{- else }} + {{- $_ := set $entry "filePaths" $secret.filePaths }} + {{- end }} + {{- end }} + {{- $realName := default (include "common.secret.genNameFast" (dict "global" $global "uid" $uid "name" $entry.name) ) $entry.externalSecret }} + {{- $_ := set $entry "realName" $realName }} + {{- $_ := set $secretCache $uid $entry }} + {{- end }} + {{- $_ := set $global.Values "_secretsCache" $secretCache }} + {{- end }} +{{- end -}} + {{/* Convenience template which can be used to easily set the value of environment variable to the value of a key in a secret. @@ -159,6 +244,14 @@ valueFrom: key: {{ $key }} {{- end -}} +{{- define "common.secret.envFromSecretFast" -}} + {{- $key := .key }} +valueFrom: + secretKeyRef: + name: {{ include "common.secret.getSecretNameFast" . }} + key: {{ $key }} +{{- end -}} + {{/* Define secrets to be used by chart. Every secret has a type which is one of: @@ -285,3 +378,132 @@ stringData: {{- end }} {{- end }} {{- end -}} + +{{/* + Define secrets to be used by chart. + Every secret has a type which is one of: + - generic: + Generic secret template that allows to input some raw data (from files). + File Input can be passed as list of files (filePaths) or as a single string + (filePath) + - genericKV: + Type of secret which allows you to define a list of key value pairs. + The list is assiged to envs value. Every item may define below items: + - name: + Identifier of this value within secret + - value: + String that defines a value associated with given key. + This can be a simple string or a template. + - policy: + Defines what to do if value is not provided by the user. + Available options are: + - generate: + Generate a value by derriving it from master password + - required: + Fail the deployment + - password: + Type of secret that holds only the password. + Only two items can be defined for this type: + - password: + Equivalent of value field from genericKV + - policy: + The same meaning as for genericKV policy field + - basicAuth: + Type of secret that holds both username and password. + Below fields are available: + - login: + The value for login key. + This can be a simple string or a template. + Providing a value for login is always required. + - password: + The value for password key. + This can be a simple string or a template. + - passwordPolicy: + The same meaning as the policy field in genericKV. + Only the policy for password can be set. + + Every secret can be identified using: + - uid: + A string to be appended to the chart fullname to generate a secret name. + - name: + Overrides default secret name generation and allows to set immutable + and globaly unique name + - annotations: + List of annotations to be used while defining a secret + + To allow sharing a secret between the components and allow to pre-deploy secrets + before ONAP deployment it is possible to use already existing secret instead of + creating a new one. For this purpose externalSecret field can be used. If value of + this field is evaluated to true no new secret is created, only the name of the + secret is aliased to the external one. + + Example usage: + secrets.yaml: + {{ include "common.secretFast" . }} + + values.yaml: + mysqlLogin: "root" + + mysqlExternalSecret: "some-other-secret-name" + + secrets: + - uid: "mysql" + externalSecret: '{{ tpl .Values.passExternalSecret . }}' + type: basicAuth + login: '{{ .Values.mysqlLogin }}' + mysqlPassword: '{{ .Values.mysqlPassword }}' + passwordPolicy: generate + + In the above example new secret is not going to be created. + Already existing one (some-other-secret-name) is going to be used. + To force creating a new one, just make sure that mysqlExternalSecret + is not set. + +*/}} +{{- define "common.secretFast" -}} + {{- $global := . }} + {{- include "common.secret.buildCache" $global }} + {{- range $secret := .Values._secretsCache }} + {{- $uid := $secret.uid }} + {{- $externalSecret := $secret.externalSecret }} + {{- if not $externalSecret }} + {{- $name := $secret.realName }} + {{- $annotations := default "" $secret.annotations }} + {{- $type := default "generic" $secret.type }} +--- + {{ include "common.secret._header" (dict "global" $global "name" $name "annotations" $annotations) }} + + {{- if eq $type "generic" }} +data: + {{- range $curFilePath := $secret.filePaths }} + {{- fail (printf "%s" $curFilePath) }} + {{ tpl ($global.Files.Glob $curFilePath).AsSecrets $global | indent 2 }} + {{- end }} + {{- if $secret.filePath }} + {{ tpl ($global.Files.Glob $secret.filePath).AsSecrets $global | indent 2 }} + {{- end }} + {{- else if eq $type "genericKV" }} +stringData: + {{- if $secret.envs }} + {{- range $secretEnv := $secret.envs }} + {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }} + {{ $secretEnv.name }}: {{ include "common.secret._valueFast" $valueDesc }} + {{- end }} + {{- end }} + {{- else if eq $type "password" }} + {{- $secretEnv := (dict "policy" (default "generate" $secret.policy) "name" "password" "value" $secret.password) }} + {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }} +stringData: + password: {{ include "common.secret._valueFast" $valueDesc }} + {{- else if eq $type "basicAuth" }} +stringData: + {{- $secretEnv := (dict "policy" "required" "name" "login" "value" $secret.login) }} + {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }} + login: {{ include "common.secret._valueFast" $valueDesc }} + {{- $secretEnv := (dict "policy" (default "generate" $secret.passwordPolicy) "name" "password" "value" $secret.password) }} + {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }} + password: {{ include "common.secret._valueFast" $valueDesc }} + {{- end }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl index cd1595b0ca..0c7660eb1f 100644 --- a/kubernetes/common/common/templates/_service.tpl +++ b/kubernetes/common/common/templates/_service.tpl @@ -31,11 +31,12 @@ {{- end -}} {{/* Define the metadata of Service - The function takes from one to three arguments (inside a dictionary): + The function takes from one to four arguments (inside a dictionary): - .dot : environment (.) - .suffix : a string which will be added at the end of the name (with a '-'). - .annotations: the annotations to add - .msb_informations: msb information in order to create msb annotation + - .labels : labels to add Usage example: {{ include "common.serviceMetadata" ( dict "suffix" "myService" "dot" .) }} {{ include "common.serviceMetadata" ( dict "annotations" .Values.service.annotation "dot" .) }} @@ -45,6 +46,7 @@ {{- $suffix := default "" .suffix -}} {{- $annotations := default "" .annotations -}} {{- $msb_informations := default "" .msb_informations -}} + {{- $labels := default (dict) .labels -}} {{- if or $annotations $msb_informations -}} annotations: {{- if $annotations }} @@ -52,20 +54,25 @@ annotations: {{- end }} {{- if $msb_informations }} msb.onap.org/service-info: '[ +{{- range $index, $msb_information := $msb_informations }} +{{- if ne $index 0 }} + , +{{- end }} { - "serviceName": "{{ include "common.servicename" $dot }}", - "version": "{{ default "v1" $msb_informations.version }}", - "url": "{{ default "/" $msb_informations.url }}", - "protocol": "{{ default "REST" $msb_informations.protocol }}", - "port": "{{ $msb_informations.port }}", - "visualRange":"{{ default "1" $msb_informations.visualRange }}" + "serviceName": "{{ default (include "common.servicename" $dot) $msb_information.serviceName }}", + "version": "{{ default "v1" $msb_information.version }}", + "url": "{{ default "/" $msb_information.url }}", + "protocol": "{{ default "REST" $msb_information.protocol }}", + "port": "{{ $msb_information.port }}", + "visualRange":"{{ default "1" $msb_information.visualRange }}" } - ]' +{{- end }} + ]' {{- end}} {{- end }} name: {{ include "common.servicename" $dot }}{{ if $suffix }}{{ print "-" $suffix }}{{ end }} namespace: {{ include "common.namespace" $dot }} -labels: {{- include "common.labels" $dot | nindent 2 -}} +labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent 2 -}} {{- end -}} {{/* Define the ports of Service @@ -125,6 +132,9 @@ labels: {{- include "common.labels" $dot | nindent 2 -}} - .publishNotReadyAddresses: if we publish not ready address - .headless: if the service is headless - .add_plain_port: add tls port AND plain port + - .labels : labels to add (dict) + - .matchLabels: selectors/machLabels to add (dict) + - .sessionAffinity: ClientIP - enables sticky sessions based on client IP, default: None */}} {{- define "common.genericService" -}} {{- $dot := default . .dot -}} @@ -136,9 +146,12 @@ labels: {{- include "common.labels" $dot | nindent 2 -}} {{- $ports := .ports -}} {{- $headless := default false .headless -}} {{- $add_plain_port := default false .add_plain_port }} +{{- $labels := default (dict) .labels -}} +{{- $matchLabels := default (dict) .matchLabels -}} +{{- $sessionAffinity := default "None" $dot.Values.service.sessionAffinity -}} apiVersion: v1 kind: Service -metadata: {{ include "common.serviceMetadata" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" $dot) | nindent 2 }} +metadata: {{ include "common.serviceMetadata" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "labels" $labels "dot" $dot) | nindent 2 }} spec: {{- if $headless }} clusterIP: None @@ -148,7 +161,8 @@ spec: publishNotReadyAddresses: true {{- end }} type: {{ $serviceType }} - selector: {{- include "common.matchLabels" $dot | nindent 4 }} + selector: {{- include "common.matchLabels" (dict "matchLabels" $matchLabels "dot" $dot) | nindent 4 }} + sessionAffinity: {{ $sessionAffinity }} {{- end -}} {{/* @@ -166,15 +180,19 @@ spec: ports and the other one is NodePort (or LoadBalancer) with crypted port only. */}} {{- define "common.service" -}} -{{- $suffix := default "" .Values.service.suffix -}} -{{- $annotations := default "" .Values.service.annotations -}} -{{- $publishNotReadyAddresses := default false .Values.service.publishNotReadyAddresses -}} -{{- $msb_informations := default "" .Values.service.msb -}} -{{- $serviceType := .Values.service.type -}} -{{- $ports := .Values.service.ports -}} -{{- $both_tls_and_plain:= default false .Values.service.both_tls_and_plain }} +{{- $dot := default . .dot -}} +{{- $suffix := default "" $dot.Values.service.suffix -}} +{{- $annotations := default "" $dot.Values.service.annotations -}} +{{- $publishNotReadyAddresses := default false $dot.Values.service.publishNotReadyAddresses -}} +{{- $msb_informations := default "" $dot.Values.service.msb -}} +{{- $serviceType := $dot.Values.service.type -}} +{{- $ports := $dot.Values.service.ports -}} +{{- $both_tls_and_plain:= default false $dot.Values.service.both_tls_and_plain }} +{{- $labels := default (dict) .labels -}} +{{- $matchLabels := default (dict) .matchLabels -}} + {{- if (and (include "common.needTLS" .) $both_tls_and_plain) }} -{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true) }} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true $labels "matchLabels" $matchLabels) }} {{- if (ne $serviceType "ClusterIP") }} --- {{- if $suffix }} @@ -182,20 +200,23 @@ spec: {{- else }} {{- $suffix = "external" }} {{- end }} -{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType) }} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }} {{- end }} {{- else }} -{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType) }} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }} {{- end }} {{- end -}} {{/* Create headless service template */}} {{- define "common.headlessService" -}} -{{- $suffix := include "common._makeHeadlessSuffix" . -}} -{{- $annotations := default "" .Values.service.headless.annotations -}} -{{- $publishNotReadyAddresses := default false .Values.service.headless.publishNotReadyAddresses -}} -{{- $ports := .Values.service.headlessPorts -}} -{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "headless" true ) }} +{{- $dot := default . .dot -}} +{{- $suffix := include "common._makeHeadlessSuffix" $dot -}} +{{- $annotations := default "" $dot.Values.service.headless.annotations -}} +{{- $publishNotReadyAddresses := default false $dot.Values.service.headless.publishNotReadyAddresses -}} +{{- $ports := $dot.Values.service.headlessPorts -}} +{{- $labels := default (dict) .labels -}} +{{- $matchLabels := default (dict) .matchLabels -}} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "headless" true "labels" $labels "matchLabels" $matchLabels) }} {{- end -}} {{/* diff --git a/kubernetes/common/common/templates/_serviceMesh.tpl b/kubernetes/common/common/templates/_serviceMesh.tpl index 6b6a26fc45..4457762754 100644 --- a/kubernetes/common/common/templates/_serviceMesh.tpl +++ b/kubernetes/common/common/templates/_serviceMesh.tpl @@ -1,4 +1,4 @@ -{/* +{{/* # Copyright © 2020 Amdocs, Bell Canada, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/kubernetes/common/dgbuilder/templates/configmap.yaml b/kubernetes/common/dgbuilder/templates/configmap.yaml index 828818c68d..05699e6107 100644 --- a/kubernetes/common/dgbuilder/templates/configmap.yaml +++ b/kubernetes/common/dgbuilder/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml index b3f0ab05a3..e1fac77a97 100644 --- a/kubernetes/common/dgbuilder/templates/deployment.yaml +++ b/kubernetes/common/dgbuilder/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: extensions/v1beta1 kind: Deployment @@ -38,25 +40,25 @@ spec: - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - name: DB_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} - name: HTTP_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "http-user-creds" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "http-user-creds" "key" "login") | indent 10 }} - name: HTTP_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "http-user-creds" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "http-user-creds" "key" "password") | indent 10 }} - name: HTTP_ADMIN_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "admin-creds" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "admin-creds" "key" "login") | indent 10 }} - name: HTTP_ADMIN_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "admin-creds" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "admin-creds" "key" "password") | indent 10 }} - name: HTTP_NODE_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "node-creds" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "node-creds" "key" "login") | indent 10 }} - name: HTTP_NODE_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "node-creds" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "node-creds" "key" "password") | indent 10 }} - name: REST_CONF_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }} - name: REST_CONF_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }} volumeMounts: - mountPath: /config-input name: config-input diff --git a/kubernetes/common/dgbuilder/templates/secrets.yaml b/kubernetes/common/dgbuilder/templates/secrets.yaml index c9a409fdca..4b4849980c 100644 --- a/kubernetes/common/dgbuilder/templates/secrets.yaml +++ b/kubernetes/common/dgbuilder/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada # Copyright © 2020 Samsung Electronics # @@ -12,5 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/common/dgbuilder/templates/service.yaml b/kubernetes/common/dgbuilder/templates/service.yaml index 7a8f752a2d..bfe8b0aeb5 100644 --- a/kubernetes/common/dgbuilder/templates/service.yaml +++ b/kubernetes/common/dgbuilder/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml index c9e2ffe85c..29d96748a3 100644 --- a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml +++ b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml @@ -86,7 +86,7 @@ spec: echo "Backup Successful!!!" env: - name: DB_PASS - {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}} volumeMounts: - name: backup-dir mountPath: /backup @@ -96,7 +96,7 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}} command: - /bin/bash - -c diff --git a/kubernetes/common/mariadb-galera/templates/configmap.yaml b/kubernetes/common/mariadb-galera/templates/configmap.yaml index f143c3b679..e7bb701930 100644 --- a/kubernetes/common/mariadb-galera/templates/configmap.yaml +++ b/kubernetes/common/mariadb-galera/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.externalConfig }} apiVersion: v1 diff --git a/kubernetes/common/mariadb-galera/templates/pv.yaml b/kubernetes/common/mariadb-galera/templates/pv.yaml index 6e53a9543d..579b3475d1 100644 --- a/kubernetes/common/mariadb-galera/templates/pv.yaml +++ b/kubernetes/common/mariadb-galera/templates/pv.yaml @@ -13,6 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} + {{- $global := . }} {{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} {{- if eq "True" (include "common.needPV" .) -}} diff --git a/kubernetes/common/mariadb-galera/templates/secrets.yaml b/kubernetes/common/mariadb-galera/templates/secrets.yaml index 3f8eb0b6de..27c9a3aaee 100644 --- a/kubernetes/common/mariadb-galera/templates/secrets.yaml +++ b/kubernetes/common/mariadb-galera/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada # Copyright © 2019 Samsung Electronics # @@ -12,4 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/common/mariadb-galera/templates/service.yaml b/kubernetes/common/mariadb-galera/templates/service.yaml index 71d1b0fe80..69d8999f67 100644 --- a/kubernetes/common/mariadb-galera/templates/service.yaml +++ b/kubernetes/common/mariadb-galera/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml index a6260fae54..7157e3390b 100644 --- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml +++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Amdocs, Bell Canada, Orange, Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1beta1 kind: StatefulSet @@ -61,13 +63,13 @@ spec: apiVersion: v1 fieldPath: metadata.namespace - name: MYSQL_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "login") | indent 14}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "login") | indent 14}} - name: MYSQL_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "password") | indent 14}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "password") | indent 14}} - name: MYSQL_DATABASE value: {{ default "" .Values.config.mysqlDatabase | quote }} - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}} ports: - containerPort: {{ .Values.service.internalPort }} name: {{ .Values.service.portName }} diff --git a/kubernetes/common/network-name-gen/templates/deployment.yaml b/kubernetes/common/network-name-gen/templates/deployment.yaml index a6d18e7a59..3e9e849052 100644 --- a/kubernetes/common/network-name-gen/templates/deployment.yaml +++ b/kubernetes/common/network-name-gen/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright (C) 2018 AT&T Intellectual Property. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: extensions/v1beta1 kind: Deployment @@ -61,9 +63,9 @@ spec: - name: SPRING_PROFILE value: "{{ .Values.config.springProfile }}" - name: NENG_DB_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "neng-db-secret" "key" "login") | indent 10}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-db-secret" "key" "login") | indent 10}} - name: NENG_DB_PASS - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "neng-db-secret" "key" "password") | indent 10}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-db-secret" "key" "password") | indent 10}} - name: NENG_DB_URL value: jdbc:mysql://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "config" "mysqlDatabase" }} - name: POL_CLIENT_AUTH diff --git a/kubernetes/common/network-name-gen/templates/secrets.yaml b/kubernetes/common/network-name-gen/templates/secrets.yaml index d5bdce3e04..61b83d7a9b 100644 --- a/kubernetes/common/network-name-gen/templates/secrets.yaml +++ b/kubernetes/common/network-name-gen/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright (c) 2018 Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,8 +12,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} --- apiVersion: v1 data: diff --git a/kubernetes/common/network-name-gen/templates/service.yaml b/kubernetes/common/network-name-gen/templates/service.yaml index a4c5b05012..753448c5b7 100644 --- a/kubernetes/common/network-name-gen/templates/service.yaml +++ b/kubernetes/common/network-name-gen/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright (C) 2018 AT&T Intellectual Property. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,8 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} + apiVersion: v1 kind: Service metadata: diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl index 361e64847e..e3ac66933f 100644 --- a/kubernetes/common/postgres/templates/_deployment.tpl +++ b/kubernetes/common/postgres/templates/_deployment.tpl @@ -49,15 +49,15 @@ spec: - name: PG_PRIMARY_USER value: primaryuser - name: PG_PRIMARY_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }} - name: PG_USER - {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }} - name: PG_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }} - name: PG_DATABASE value: "{{ $dot.Values.config.pgDatabase }}" - name: PG_ROOT_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }} volumeMounts: - mountPath: /config-input/setup.sql name: config @@ -116,15 +116,15 @@ spec: - name: PG_PRIMARY_PORT value: "{{ $dot.Values.service.internalPort }}" - name: PG_PRIMARY_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }} - name: PG_USER - {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }} - name: PG_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }} - name: PG_DATABASE value: "{{ $dot.Values.config.pgDatabase }}" - name: PG_ROOT_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }} volumeMounts: - name: config mountPath: /pgconf/pool_hba.conf diff --git a/kubernetes/common/postgres/templates/secrets.yaml b/kubernetes/common/postgres/templates/secrets.yaml index 4c68015528..c4cde05216 100644 --- a/kubernetes/common/postgres/templates/secrets.yaml +++ b/kubernetes/common/postgres/templates/secrets.yaml @@ -13,4 +13,4 @@ # # See the License for the specific language governing permissions and # # limitations under the License. */}} -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} |