diff options
Diffstat (limited to 'kubernetes/common')
19 files changed, 133 insertions, 29 deletions
diff --git a/kubernetes/common/Makefile b/kubernetes/common/Makefile index 58125f8506..817a2e24bc 100644 --- a/kubernetes/common/Makefile +++ b/kubernetes/common/Makefile @@ -20,12 +20,14 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets COMMON_CHARTS_DIR := common EXCLUDES := +PROCESSED_LAST := cert-wrapper +TO_FILTER := $(EXCLUDES) $(PROCESSED_LAST) HELM_BIN := helm -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_CHARTS := $(filter-out $(TO_FILTER), $(sort $(patsubst %/.,%,$(wildcard */.)))) $(PROCESSED_LAST) HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") -.PHONY: $(EXCLUDES) $(HELM_CHARTS) +.PHONY: $(HELM_CHARTS) $(TO_FILTER) all: $(COMMON_CHARTS_DIR) $(HELM_CHARTS) diff --git a/kubernetes/common/cassandra/templates/backup/cronjob.yaml b/kubernetes/common/cassandra/templates/backup/cronjob.yaml index cabe59f696..b242de2b6b 100644 --- a/kubernetes/common/cassandra/templates/backup/cronjob.yaml +++ b/kubernetes/common/cassandra/templates/backup/cronjob.yaml @@ -149,7 +149,7 @@ spec: subPath: exec.py containers: - name: cassandra-backup-validate - image: "{{ .Values.image }}" + image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /bin/bash diff --git a/kubernetes/common/cert-wrapper/Chart.yaml b/kubernetes/common/cert-wrapper/Chart.yaml new file mode 100644 index 0000000000..68d5400743 --- /dev/null +++ b/kubernetes/common/cert-wrapper/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Wrapper chart to allow truststore to be shared among cert-initializer instances +name: cert-wrapper +version: 6.0.0 diff --git a/kubernetes/common/cert-wrapper/requirements.yaml b/kubernetes/common/cert-wrapper/requirements.yaml new file mode 100644 index 0000000000..b6a667e448 --- /dev/null +++ b/kubernetes/common/cert-wrapper/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: 'file://../certInitializer' diff --git a/kubernetes/common/certInitializer/resources/import-custom-certs.sh b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh index dd311830e7..7e2fa91363 100755 --- a/kubernetes/common/certInitializer/resources/import-custom-certs.sh +++ b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh @@ -1,4 +1,5 @@ #!/bin/bash +{{/* # Copyright © 2020 Bell Canada # @@ -13,6 +14,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} CERTS_DIR=${CERTS_DIR:-/certs} WORK_DIR=${WORK_DIR:-/updatedTruststore} diff --git a/kubernetes/common/certInitializer/resources/truststoreONAP.p12.b64 b/kubernetes/common/cert-wrapper/resources/truststoreONAP.p12.b64 index 71b6782c58..71b6782c58 100644 --- a/kubernetes/common/certInitializer/resources/truststoreONAP.p12.b64 +++ b/kubernetes/common/cert-wrapper/resources/truststoreONAP.p12.b64 diff --git a/kubernetes/common/certInitializer/resources/truststoreONAPall.jks.b64 b/kubernetes/common/cert-wrapper/resources/truststoreONAPall.jks.b64 index 17b051268f..17b051268f 100644 --- a/kubernetes/common/certInitializer/resources/truststoreONAPall.jks.b64 +++ b/kubernetes/common/cert-wrapper/resources/truststoreONAPall.jks.b64 diff --git a/kubernetes/common/cert-wrapper/templates/configmap.yaml b/kubernetes/common/cert-wrapper/templates/configmap.yaml new file mode 100644 index 0000000000..117a4ab718 --- /dev/null +++ b/kubernetes/common/cert-wrapper/templates/configmap.yaml @@ -0,0 +1,22 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +{{- $suffix := "certs" }} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . ) | nindent 2 }} +data: +{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/cert-wrapper/values.yaml b/kubernetes/common/cert-wrapper/values.yaml new file mode 100644 index 0000000000..fcece0e3f5 --- /dev/null +++ b/kubernetes/common/cert-wrapper/values.yaml @@ -0,0 +1,17 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +certInitializer: + nameOverride: cert-initializer + createCertsCM: true diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml index 6734e0be81..800364f1a2 100644 --- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml +++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml @@ -172,7 +172,7 @@ medium: Memory - name: aaf-agent-certs configMap: - name: {{ include "common.fullname" $subchartDot }}-certs + name: {{ tpl $subchartDot.Values.certsCMName $subchartDot }} defaultMode: 0700 {{- if $initRoot.aaf_add_config }} diff --git a/kubernetes/common/certInitializer/templates/configmap.yaml b/kubernetes/common/certInitializer/templates/configmap.yaml index a89a33152b..7eae899cc1 100644 --- a/kubernetes/common/certInitializer/templates/configmap.yaml +++ b/kubernetes/common/certInitializer/templates/configmap.yaml @@ -21,12 +21,5 @@ kind: ConfigMap metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} data: aaf-add-config.sh: | - {{ tpl .Values.aaf_add_config . | indent 4 }} + {{ tpl .Values.aaf_add_config . | indent 4 | trim }} {{- end }} ---- -apiVersion: v1 -kind: ConfigMap -{{- $suffix := "certs" }} -metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . ) | nindent 2 }} -data: -{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml index 642fe7799b..66251fa29a 100644 --- a/kubernetes/common/certInitializer/values.yaml +++ b/kubernetes/common/certInitializer/values.yaml @@ -56,3 +56,9 @@ importCustomCertsEnabled: false truststoreMountpath: "" truststoreOutputFileName: truststore.jks truststorePassword: changeit + +# This introduces implicit dependency on cert-wrapper +# if you are using cert initializer cert-wrapper has to be also deployed. +# We had to move this CM to a separate chart to reduce the total size of our charts +# as it exceeds the default helm limits. +certsCMName: '{{ include "common.release" . }}-cert-wrapper-certs' diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl index 6b4f0ed36e..e57d4bedaa 100644 --- a/kubernetes/common/common/templates/_ingress.tpl +++ b/kubernetes/common/common/templates/_ingress.tpl @@ -1,19 +1,28 @@ +{{- define "ingress.config.host" -}} +{{- $dot := default . .dot -}} +{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} +{{- $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}} +{{ printf "%s.%s" $baseaddr $burl }} +{{- end -}} + {{- define "ingress.config.port" -}} +{{- $dot := default . .dot -}} {{- if .Values.ingress -}} {{- if .Values.global.ingress -}} {{- if or (not .Values.global.ingress.virtualhost) (not .Values.global.ingress.virtualhost.enabled) -}} - http: paths: {{- range .Values.ingress.service }} - - path: {{ printf "/%s" (required "baseaddr" .baseaddr) }} +{{ $baseaddr := required "baseaddr" .baseaddr }} + - path: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} backend: serviceName: {{ .name }} servicePort: {{ .port }} {{- end -}} {{- else if .Values.ingress.service -}} -{{- $burl := (required "baseurl" .Values.global.ingress.virtualhost.baseurl) -}} {{ range .Values.ingress.service }} - - host: {{ printf "%s.%s" (required "baseaddr" .baseaddr) $burl }} +{{ $baseaddr := required "baseaddr" .baseaddr }} + - host: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} http: paths: - backend: @@ -95,7 +104,18 @@ spec: {{- if .Values.ingress.tls }} tls: {{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} +{{- end -}} +{{- if .Values.ingress.config -}} +{{- if .Values.ingress.config.tls -}} +{{- $dot := default . .dot -}} + tls: + - hosts: + {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }} + - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} + {{- end }} + secretName: {{ required "secret" (tpl (default "" .Values.ingress.config.tls.secret) $dot) }} +{{- end -}} +{{- end -}} {{- end -}} {{- end -}} {{- end -}} diff --git a/kubernetes/common/dgbuilder/resources/config/svclogic.properties b/kubernetes/common/dgbuilder/resources/config/svclogic.properties index 28612a270b..01edb4d411 100644 --- a/kubernetes/common/dgbuilder/resources/config/svclogic.properties +++ b/kubernetes/common/dgbuilder/resources/config/svclogic.properties @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} org.onap.ccsdk.sli.dbtype=jdbc org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/{{.Values.config.db.dbName}} diff --git a/kubernetes/common/elasticsearch/.helmignore b/kubernetes/common/elasticsearch/.helmignore new file mode 100644 index 0000000000..68ffb32406 --- /dev/null +++ b/kubernetes/common/elasticsearch/.helmignore @@ -0,0 +1 @@ +components/ diff --git a/kubernetes/common/elasticsearch/components/master/values.yaml b/kubernetes/common/elasticsearch/components/master/values.yaml index 23302335ea..b606c3ed6e 100644 --- a/kubernetes/common/elasticsearch/components/master/values.yaml +++ b/kubernetes/common/elasticsearch/components/master/values.yaml @@ -12,7 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. - ################################################################# # Global configuration defaults. ################################################################# @@ -41,7 +40,7 @@ name: master ## replicaCount: 3 ## master acts as master only node, choose 'no' if no further data nodes are deployed) -dedicatednode: "yes" +dedicatednode: 'yes' ## dedicatednode: "no" image: bitnami/elasticsearch:7.6.1 ## Specify a imagePullPolicy @@ -102,12 +101,14 @@ resources: ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. - limits: {} + limits: + cpu: 25m + memory: 1Gi # cpu: 100m # memory: 128Mi requests: - cpu: 25m - memory: 256Mi + cpu: 5m + memory: 310Mi ## Elasticsearch master-eligible container's liveness and readiness probes ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## @@ -160,13 +161,13 @@ persistence: ## Service parameters for master-eligible node(s) ## service: - suffix: "service" - name: "" + suffix: 'service' + name: '' ## list of ports for "common.containerPorts" ## Elasticsearch transport port ports: - - name: http-transport - port: 9300 + - name: http-transport + port: 9300 ## master-eligible service type ## type: ClusterIP @@ -192,10 +193,6 @@ serviceAccount: ## If not set and create is true, a name is generated using the fullname template # name: - ## Elasticsearch cluster name ## clusterName: elastic-cluster - - - diff --git a/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh index 678761736a..b354efe86c 100755 --- a/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh +++ b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh @@ -1,8 +1,10 @@ #!/bin/bash +{{/* # # Adfinis SyGroup AG # openshift-mariadb-galera: mysql setup script # +*/}} set -eox pipefail diff --git a/kubernetes/common/mariadb-init/resources/config/db_init.sh b/kubernetes/common/mariadb-init/resources/config/db_init.sh index 40254d469b..fa4b007a5a 100755 --- a/kubernetes/common/mariadb-init/resources/config/db_init.sh +++ b/kubernetes/common/mariadb-init/resources/config/db_init.sh @@ -1,4 +1,5 @@ #!/bin/bash +{{/* # Copyright © 2019 Orange # Copyright © 2020 Samsung Electronics # @@ -13,6 +14,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} # make sure the script fails if any of commands failed set -e diff --git a/kubernetes/common/music/charts/music/resources/config/startup.sh b/kubernetes/common/music/charts/music/resources/config/startup.sh index 7ab32558b4..37bb84de8b 100755 --- a/kubernetes/common/music/charts/music/resources/config/startup.sh +++ b/kubernetes/common/music/charts/music/resources/config/startup.sh @@ -1,4 +1,5 @@ #!/bin/bash +{{/* # # ============LICENSE_START========================================== # org.onap.music @@ -19,6 +20,7 @@ # # ============LICENSE_END============================================= # ==================================================================== +*/}} echo "Running startup script to get password from certman" PWFILE=/opt/app/aafcertman/.password |