diff options
Diffstat (limited to 'kubernetes/common')
39 files changed, 141 insertions, 1067 deletions
diff --git a/kubernetes/common/cassandra/templates/backup/cronjob.yaml b/kubernetes/common/cassandra/templates/backup/cronjob.yaml index 402d1688a7..6db1202b4f 100644 --- a/kubernetes/common/cassandra/templates/backup/cronjob.yaml +++ b/kubernetes/common/cassandra/templates/backup/cronjob.yaml @@ -148,9 +148,6 @@ spec: apiVersion: v1 fieldPath: metadata.namespace volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true {{- range $i := until (int .Values.replicaCount)}} - mountPath: /onap-data/cassandra-{{ $i }} name: data-dir-{{ $i }} @@ -239,13 +236,7 @@ spec: volumeMounts: - name: backup-dir mountPath: /backup - - name: localtime - mountPath: /etc/localtime - readOnly: true volumes: - - name: localtime - hostPath: - path: /etc/localtime - name: scripts configMap: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml index bb7027cab9..ddaff5c7c0 100644 --- a/kubernetes/common/cassandra/templates/statefulset.yaml +++ b/kubernetes/common/cassandra/templates/statefulset.yaml @@ -38,9 +38,6 @@ spec: volumeMounts: - name: {{ include "common.fullname" . }}-data mountPath: /var/lib/cassandra - - name: localtime - mountPath: /etc/localtime - readOnly: true - name: cassandra-entrypoint mountPath: /docker-entrypoint.sh subPath: docker-entrypoint.sh @@ -169,9 +166,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "nothing" "dot" . )}} volumes: - - name: localtime - hostPath: - path: /etc/localtime {{- range $key, $value := .Values.configOverrides }} - name: cassandra-config-{{ $key | replace "." "-" }} configMap: diff --git a/kubernetes/common/cassandra/values.yaml b/kubernetes/common/cassandra/values.yaml index 2fc368f04f..0ab1f0961c 100644 --- a/kubernetes/common/cassandra/values.yaml +++ b/kubernetes/common/cassandra/values.yaml @@ -40,11 +40,12 @@ k8ssandraOperator: superuserPassword: &superuserpassword cassandra casOptions: authorizer: AllowAllAuthorizer + read_request_timeout: 10000ms write_request_timeout: 10000ms counter_write_request_timeout: 15000ms jvmOptions: heap_initial_size: 512M - heap_max_size: 4096M + heap_max_size: 8192M hostNetwork: false datacenters: - name: dc1 @@ -159,11 +160,9 @@ service: podAnnotations: # sidecar.istio.io/inject: "false" - traffic.sidecar.istio.io/excludeInboundPorts: "7000,7001" + traffic.sidecar.istio.io/excludeInboundPorts: "7000,7001,7199,50051" traffic.sidecar.istio.io/includeInboundPorts: '*' - traffic.sidecar.istio.io/excludeOutboundPorts: "7000,7001" - prometheus.io/scrape: 'true' - prometheus.io/port: '8080' + traffic.sidecar.istio.io/excludeOutboundPorts: "7000,7001,7199,50051" podManagementPolicy: OrderedReady updateStrategy: @@ -211,7 +210,7 @@ configOverrides: {} resources: limits: cpu: "2" - memory: "8Gi" + memory: "16Gi" requests: cpu: "0.2" memory: "2.5Gi" diff --git a/kubernetes/common/common/Chart.yaml b/kubernetes/common/common/Chart.yaml index bb9e8a24fc..ffcda6736a 100644 --- a/kubernetes/common/common/Chart.yaml +++ b/kubernetes/common/common/Chart.yaml @@ -16,4 +16,4 @@ apiVersion: v2 description: Common templates for inclusion in other charts name: common -version: 13.1.0 +version: 13.2.0 diff --git a/kubernetes/common/common/templates/_cassOp.tpl b/kubernetes/common/common/templates/_cassOp.tpl index b9f676665f..b0cf8e331e 100644 --- a/kubernetes/common/common/templates/_cassOp.tpl +++ b/kubernetes/common/common/templates/_cassOp.tpl @@ -35,6 +35,16 @@ spec: commonLabels: app: {{ .Values.k8ssandraOperator.config.clusterName }}-reaper version: {{ .Values.k8ssandraOperator.cassandraVersion }} + {{- if .Values.metrics.enabled }} + telemetry: + prometheus: + enabled: true + mcac: + enabled: false + cassandra: + endpoint: + address: 0.0.0.0 + {{- end }} {{- end }} {{ if .Values.k8ssandraOperator.stargate.enabled -}} stargate: @@ -74,6 +84,16 @@ spec: storage: {{ .Values.k8ssandraOperator.persistence.size }} superuserSecretRef: name: {{ include "common.fullname" . }}-{{ .Values.k8ssandraOperator.config.secretName }} + {{- if .Values.metrics.enabled }} + telemetry: + prometheus: + enabled: true + mcac: + enabled: false + cassandra: + endpoint: + address: 0.0.0.0 + {{- end }} config: {{ if .Values.k8ssandraOperator.config.casOptions -}} cassandraYaml: diff --git a/kubernetes/common/common/templates/_mariadb.tpl b/kubernetes/common/common/templates/_mariadb.tpl index caf2fd1031..3092298a7d 100644 --- a/kubernetes/common/common/templates/_mariadb.tpl +++ b/kubernetes/common/common/templates/_mariadb.tpl @@ -80,11 +80,7 @@ {{- index .Values "mariadb-galera" "nameOverride" -}} {{- end }} {{- else -}} - {{- if .Values.global.mariadbGalera.useOperator }} - {{- printf "%s-primary" (.Values.global.mariadbGalera.service) }} - {{- else }} {{- .Values.global.mariadbGalera.service -}} - {{- end }} {{- end -}} {{- end -}} @@ -118,14 +114,14 @@ {{- end -}} {{/* - Create MariDB Database via mariadb-operator + Create MariaDB Database via mariadb-operator */}} {{- define "common.mariadbOpDatabase" -}} {{- $dot := default . .dot -}} {{- $dbname := (required "'dbame' param, is required." .dbname) -}} {{- $dbinst := (required "'dbinst' param, is required." .dbinst) -}} --- -apiVersion: mariadb.mmontes.io/v1alpha1 +apiVersion: k8s.mariadb.com/v1alpha1 kind: Database metadata: name: {{ $dbinst }}-{{ $dbname }} @@ -147,7 +143,7 @@ spec: {{- $dbinst := (required "'dbinst' param, is required." .dbinst) -}} {{- $dbsecret := (required "'dbsecret' param, is required." .dbsecret) -}} --- -apiVersion: mariadb.mmontes.io/v1alpha1 +apiVersion: k8s.mariadb.com/v1alpha1 kind: User metadata: name: {{ $dbinst }}-{{ $dbuser }} @@ -155,6 +151,7 @@ spec: name: {{ $dbuser }} mariaDbRef: name: {{ $dbinst }} + waitForIt: true passwordSecretKeyRef: name: {{ $dbsecret }} key: password @@ -172,13 +169,14 @@ spec: {{- $dbname := (required "'dbame' param, is required." .dbname) -}} {{- $dbinst := (required "'dbinst' param, is required." .dbinst) -}} --- -apiVersion: mariadb.mmontes.io/v1alpha1 +apiVersion: k8s.mariadb.com/v1alpha1 kind: Grant metadata: name: {{ $dbuser }}-{{ $dbname }}-{{ $dbinst }} spec: mariaDbRef: name: {{ $dbinst }} + waitForIt: true privileges: - "ALL" database: {{ $dbname }} @@ -196,13 +194,19 @@ spec: {{- $dbinst := include "common.name" $dot -}} {{- $name := default $dbinst $dot.Values.backup.nameOverride -}} --- -apiVersion: mariadb.mmontes.io/v1alpha1 +apiVersion: k8s.mariadb.com/v1alpha1 kind: Backup metadata: name: {{ $name }} spec: + inheritMetadata: + labels: + sidecar.istio.io/inject: 'false' + backoffLimit: 5 + logLevel: info mariaDbRef: name: {{ $dbinst }} + waitForIt: true schedule: cron: {{ $dot.Values.backup.cron }} suspend: false @@ -244,7 +248,7 @@ spec: {{- $dbrootsecret := tpl (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" $dot "chartName" "")) $dot.Values.rootUser.externalSecret) $dot -}} {{- $dbusersecret := tpl (default (include "common.mariadb.secret.userCredentialsSecretName" (dict "dot" $dot "chartName" "")) $dot.Values.db.externalSecret) $dot -}} --- -apiVersion: mariadb.mmontes.io/v1alpha1 +apiVersion: k8s.mariadb.com/v1alpha1 kind: MariaDB metadata: name: {{ $dbinst }} @@ -258,6 +262,9 @@ spec: annotations: {{ toYaml .Values.podAnnotations | nindent 6 }} {{- end }} labels: + # temporarily test mariaDB without sidecar (fix initial Job, Backup and Metrics) + # will be obsolete with "native-sidecars" feature in K8S and Istio + sidecar.istio.io/inject: "false" app: {{ $dbinst }} version: {{ .Values.mariadbOperator.appVersion }} rootPasswordSecretKeyRef: @@ -281,24 +288,30 @@ spec: enabled: true authDelegatorRoleName: {{ $dbinst }}-auth gracefulShutdownTimeout: 5s + primary: + automaticFailover: true + podIndex: 0 recovery: enabled: true - clusterHealthyTimeout: 5m0s + clusterHealthyTimeout: 30s clusterBootstrapTimeout: 10m0s - podRecoveryTimeout: 5m0s - podSyncTimeout: 10m0s + minClusterSize: 50% + podRecoveryTimeout: 3m0s + podSyncTimeout: 3m0s initContainer: image: {{ include "repositoryGenerator.githubContainerRegistry" . }}/{{ $dot.Values.mariadbOperator.galera.initImage }}:{{ $dot.Values.mariadbOperator.galera.initVersion }} imagePullPolicy: IfNotPresent - volumeClaimTemplate: - {{- if .Values.mariadbOperator.storageClassName }} - storageClassName: {{ .Values.mariadbOperator.storageClassName }} - {{- end }} - resources: - requests: - storage: 50Mi - accessModes: - - ReadWriteOnce + config: + reuseStorageVolume: false + volumeClaimTemplate: + {{- if .Values.mariadbOperator.persistence.storageClassName }} + storageClassName: {{ .Values.mariadbOperator.persistence.storageClassName }} + {{- end }} + resources: + requests: + storage: 50Mi + accessModes: + - ReadWriteOnce {{- end }} livenessProbe: exec: @@ -318,7 +331,7 @@ spec: initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 - {{- if default false .Values.global.metrics.enabled }} + {{- if default false $dot.Values.global.metrics.enabled }} metrics: enabled: true {{- end }} @@ -327,7 +340,7 @@ spec: requiredDuringSchedulingIgnoredDuringExecution: - topologyKey: kubernetes.io/hostname tolerations: - - key: mariadb.mmontes.io/ha + - key: k8s.mariadb.com/ha operator: Exists effect: NoSchedule podDisruptionBudget: @@ -339,15 +352,11 @@ spec: key: my.cnf name: {{ printf "%s-configuration" (include "common.fullname" $dot) }} resources: {{ include "common.resources" . | nindent 4 }} - volumeClaimTemplate: - {{- if $dot.Values.mariadbOperator.storageClassName }} - storageClassName: {{ $dot.Values.mariadbOperator.storageClassName }} + storage: + {{- if $dot.Values.mariadbOperator.persistence.storageClassName }} + storageClassName: {{ $dot.Values.mariadbOperator.persistence.storageClassName }} {{- end }} - resources: - requests: - storage: {{ $dot.Values.mariadbOperator.persistence.size | quote }} - accessModes: - - ReadWriteOnce + size: {{ $dot.Values.mariadbOperator.persistence.size | quote }} {{- if $dot.Values.db.user }} {{ include "common.mariadbOpUser" (dict "dot" . "dbuser" $dot.Values.db.user "dbinst" $dbinst "dbsecret" $dbusersecret) }} {{- end }} diff --git a/kubernetes/common/dgbuilder/.helmignore b/kubernetes/common/dgbuilder/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/common/dgbuilder/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/common/dgbuilder/Chart.yaml b/kubernetes/common/dgbuilder/Chart.yaml deleted file mode 100644 index b5a2c94471..0000000000 --- a/kubernetes/common/dgbuilder/Chart.yaml +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: D.G. Builder application -name: dgbuilder -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: 'file://../common' - - name: repositoryGenerator - version: ~13.x-0 - repository: 'file://../repositoryGenerator' - - name: serviceAccount - version: ~13.x-0 - repository: 'file://../serviceAccount' diff --git a/kubernetes/common/dgbuilder/resources/config/customSettings.js b/kubernetes/common/dgbuilder/resources/config/customSettings.js deleted file mode 100644 index abaab57254..0000000000 --- a/kubernetes/common/dgbuilder/resources/config/customSettings.js +++ /dev/null @@ -1,58 +0,0 @@ -/* Copyright © 2017 AT&T, Amdocs, Bell Canada -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ - -module.exports={ - "name": "Release sdnc1.0", - "emailAddress": "dguser@onap.org", - "uiPort": 3100, - "mqttReconnectTime": 15000, - "serialReconnectTime": 15000, - "debugMaxLength": 1000, - "htmlPath": "releases/sdnc1.0/html/", - "xmlPath": "releases/sdnc1.0/xml/", - "flowFile": "releases/sdnc1.0/flows/flows.json", - "sharedDir": "releases/sdnc1.0/flows/shared", - "userDir": "releases/sdnc1.0", - "httpAuth": { - "user": "${HTTP_USER}", - "pass": "${HTTP_PASSWORD}" - }, - "dbHost": "{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}", - "dbPort": "3306", - "dbName": "{{.Values.config.db.dbName}}", - "dbUser": "${DB_USER}", - "dbPassword": "${DB_PASSWORD}", - "gitLocalRepository": "", - "restConfUrl": "http://localhost:8181/restconf/operations/SLI-API:execute-graph", - "restConfUser": "${REST_CONF_USER}", - "restConfPassword": "${REST_CONF_PASSWORD}", - "formatXML": "Y", - "formatJSON": "Y", - "httpRoot": "/", - "disableEditor": false, - "httpAdminRoot": "/", - "httpAdminAuth": { - "user": "${HTTP_ADMIN_USER}", - "pass": "${HTTP_ADMIN_PASSWORD}" - }, - "httpNodeRoot": "/", - "httpNodeAuth": { - "user": "${HTTP_NODE_USER}", - "pass": "${HTTP_NODE_PASSWORD}" - }, - "uiHost": "0.0.0.0", - "version": "0.9.1", - "performGitPull": "N" -} diff --git a/kubernetes/common/dgbuilder/resources/config/svclogic.properties b/kubernetes/common/dgbuilder/resources/config/svclogic.properties deleted file mode 100644 index 01edb4d411..0000000000 --- a/kubernetes/common/dgbuilder/resources/config/svclogic.properties +++ /dev/null @@ -1,21 +0,0 @@ -{{/* -# Copyright © 2018 AT&T, Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -org.onap.ccsdk.sli.dbtype=jdbc -org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/{{.Values.config.db.dbName}} -org.onap.ccsdk.sli.jdbc.database={{.Values.config.db.dbName}} -org.onap.ccsdk.sli.jdbc.user=${DB_USER} -org.onap.ccsdk.sli.jdbc.password=${DB_PASSWORD} diff --git a/kubernetes/common/dgbuilder/templates/NOTES.txt b/kubernetes/common/dgbuilder/templates/NOTES.txt deleted file mode 100644 index 27db4f3535..0000000000 --- a/kubernetes/common/dgbuilder/templates/NOTES.txt +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada -# -# This file is licensed under the CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE -# -# Full license text at https://creativecommons.org/licenses/by/4.0/legalcode - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/common/dgbuilder/templates/configmap.yaml b/kubernetes/common/dgbuilder/templates/configmap.yaml deleted file mode 100644 index 05699e6107..0000000000 --- a/kubernetes/common/dgbuilder/templates/configmap.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{/* -# Copyright © 2018 AT&T, Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-config - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml deleted file mode 100644 index ab0b21c5b6..0000000000 --- a/kubernetes/common/dgbuilder/templates/deployment.yaml +++ /dev/null @@ -1,133 +0,0 @@ -{{/* -# Copyright © 2018 AT&T, Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: - - command: - - sh - args: - - -c - - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" - env: - - name: DB_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - - name: DB_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} - - name: HTTP_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "http-user-creds" "key" "login") | indent 10 }} - - name: HTTP_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "http-user-creds" "key" "password") | indent 10 }} - - name: HTTP_ADMIN_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "admin-creds" "key" "login") | indent 10 }} - - name: HTTP_ADMIN_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "admin-creds" "key" "password") | indent 10 }} - - name: HTTP_NODE_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "node-creds" "key" "login") | indent 10 }} - - name: HTTP_NODE_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "node-creds" "key" "password") | indent 10 }} - - name: REST_CONF_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }} - - name: REST_CONF_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }} - volumeMounts: - - mountPath: /config-input - name: config-input - - mountPath: /config - name: config - image: {{ include "repositoryGenerator.image.envsubst" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config - - command: - - /app/ready.py - args: - - --service-name - - {{ .Values.config.dbServiceName }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["/bin/bash"] - args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && ./start.sh sdnc1.0 && wait"] - ports: {{- include "common.containerPorts" . | indent 10 }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: SDNC_CONFIG_DIR - value: /opt/onap/sdnc/data/properties - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - name: config - mountPath: /opt/app/application.properties - subPath: application.properties - - name: config - mountPath: /opt/onap/ccsdk/dgbuilder/releases/sdnc1.0/conf/svclogic.properties - subPath: svclogic.properties - - name: config - mountPath: /opt/onap/ccsdk/dgbuilder/svclogic/svclogic.properties - subPath: svclogic.properties - - name: config - mountPath: /opt/onap/ccsdk/dgbuilder/releases/sdnc1.0/customSettings.js - subPath: customSettings.js - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: config-input - configMap: - name: {{ include "common.fullname" . }}-config - - name: config - emptyDir: - medium: Memory - {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/common/dgbuilder/templates/ingress.yaml b/kubernetes/common/dgbuilder/templates/ingress.yaml deleted file mode 100644 index 4392308e38..0000000000 --- a/kubernetes/common/dgbuilder/templates/ingress.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{/* -# Copyright © 2020 Samsung, Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{ include "common.ingress" . }} diff --git a/kubernetes/common/dgbuilder/templates/secrets.yaml b/kubernetes/common/dgbuilder/templates/secrets.yaml deleted file mode 100644 index 4b4849980c..0000000000 --- a/kubernetes/common/dgbuilder/templates/secrets.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -# Copyright © 2018 AT&T, Amdocs, Bell Canada -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/common/dgbuilder/templates/service.yaml b/kubernetes/common/dgbuilder/templates/service.yaml deleted file mode 100644 index 53f04104d9..0000000000 --- a/kubernetes/common/dgbuilder/templates/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2018 AT&T, Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml deleted file mode 100644 index 68cb86bd7e..0000000000 --- a/kubernetes/common/dgbuilder/values.yaml +++ /dev/null @@ -1,180 +0,0 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Global configuration default values that can be inherited by -# all subcharts. -################################################################# -global: - # Change to an unused port prefix range to prevent port conflicts - # with other instances running within the same k8s cluster - nodePortPrefix: 302 - - # image pull policy - pullPolicy: Always - - # default mount path root directory referenced - # by persistent volumes and log files - persistence: - mountPath: /dockerdata-nfs - - # flag to enable debugging - application support required - debugEnabled: true - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: 'db-root-password' - type: password - externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}' - password: '{{ .Values.config.db.rootPassword }}' - - uid: 'db-user-creds' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' - login: '{{ .Values.config.db.userName }}' - password: '{{ .Values.config.db.userPassword }}' - - uid: 'http-user-creds' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.httpCredsExternalSecret) . }}' - login: '{{ .Values.config.httpUser }}' - password: '{{ .Values.config.dgUserPassword }}' - - uid: 'admin-creds' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.adminCredsExternalSecret) . }}' - login: '{{ .Values.config.adminUser }}' - password: '{{ .Values.config.dgUserPassword }}' - - uid: 'node-creds' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.nodeCredsExternalSecret) . }}' - login: '{{ .Values.config.nodeUser }}' - password: '{{ .Values.config.dgUserPassword }}' - - uid: 'restconf-creds' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.restconfCredsExternalSecret) . }}' - login: '{{ .Values.config.restconfUser }}' - password: '{{ .Values.config.restconfPassword }}' - -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/ccsdk-dgbuilder-image:1.5.1 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -config: - db: - dbName: sdnctl - # unused for now to preserve the API - rootPassword: openECOMP1.0 - # rootPasswordExternalSecret: some secret - userName: sdnctl - # unused for now to preserve the API - userPassword: gamma - # userCredentialsExternalSecret: some secret - httpUser: dguser - # unused for now to preserve the API - httpPassword: cc03e747a6afbbcbf8be7668acfebee5 - # httpCredsExternalSecret: some secret - adminUser: dguser - # unused for now to preserve the API - adminPassword: cc03e747a6afbbcbf8be7668acfebee5 - # adminCredsExternalSecret: some secret - nodeUser: dguser - # unused for now to preserve the API - nodePassword: cc03e747a6afbbcbf8be7668acfebee5 - # nodeCredsExternalSecret: some secret - restconfUser: admin - # unused for now to preserve the API - restconfPassword: admin - # restconfCredsExternalSecret: some secret - - dbPodName: mysql-db - dbServiceName: sdnc-dbhost - # MD5 hash of dguser password ( default: test123 ) - dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5 - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: NodePort - name: dgbuilder - internalPort: 3100 - ports: - - name: http - port: 3100 - nodePort: 28 - -ingress: - enabled: false - service: - - baseaddr: "dgbuilder" - name: "dgbuilder" - port: 3100 - config: - ssl: "redirect" - -#Resource Limit flavor -By Default using small -flavor: small -#segregation for different envionment (Small and Large) - -resources: - small: - limits: - cpu: "2" - memory: "4Gi" - requests: - cpu: "1" - memory: "2Gi" - large: - limits: - cpu: "4" - memory: "8Gi" - requests: - cpu: "2" - memory: "4Gi" - unlimited: {} - -podAnnotations: - # Workarround to exclude K8S API from istio communication - # as init-container (readinessCheck) does not work with the - # Istio CNI plugin, see: - # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers) - traffic.sidecar.istio.io/excludeOutboundPorts: "443" - -#Pods Service Account -serviceAccount: - nameOverride: dgbuilder - roles: - - read diff --git a/kubernetes/common/etcd-init/templates/job.yaml b/kubernetes/common/etcd-init/templates/job.yaml index f77a8ec8ba..71f912e201 100644 --- a/kubernetes/common/etcd-init/templates/job.yaml +++ b/kubernetes/common/etcd-init/templates/job.yaml @@ -99,10 +99,6 @@ spec: value: "{{ .Values.config.appRole }}" - name: KEY_PREFIX value: "{{ .Values.config.keyPrefix }}" - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true resources: {{ include "common.resources" . | nindent 10 }} {{ include "common.waitForJobContainer" . | indent 6 | trim }} {{- if .Values.nodeSelector }} @@ -112,9 +108,5 @@ spec: affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: localtime - hostPath: - path: /etc/localtime restartPolicy: Never {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/common/mariadb-galera/Chart.yaml b/kubernetes/common/mariadb-galera/Chart.yaml index 470e64b5f1..c5bb0aaf94 100644 --- a/kubernetes/common/mariadb-galera/Chart.yaml +++ b/kubernetes/common/mariadb-galera/Chart.yaml @@ -18,7 +18,7 @@ apiVersion: v2 description: Chart for MariaDB Galera cluster name: mariadb-galera -version: 13.1.0 +version: 13.2.0 keywords: - mariadb - mysql diff --git a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml index f2128693e8..877e6faaa6 100644 --- a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml +++ b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml @@ -164,16 +164,10 @@ spec: name: tmp-data - mountPath: /opt/bitnami/mariadb/tmp name: tmp - - mountPath: /etc/localtime - name: localtime - readOnly: true - name: backup-dir mountPath: /backup {{- include "common.imagePullSecrets" . | nindent 10 }} volumes: - - name: localtime - hostPath: - path: /etc/localtime - name: data persistentVolumeClaim: {{- if .Values.persistence.existingClaim }} diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index 9a27e605d8..3d9725cb43 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -56,16 +56,16 @@ secrets: mariadbOperator: image: mariadb - appVersion: 11.1.2 + appVersion: 11.2.2 persistence: #storageClassName: default size: 3Gi galera: enabled: true - agentImage: mariadb-operator/agent - agentVersion: v0.0.3 - initImage: mariadb-operator/init - initVersion: v0.0.6 + agentImage: mariadb-operator/mariadb-operator + agentVersion: v0.0.27 + initImage: mariadb-operator/mariadb-operator + initVersion: v0.0.27 ## String to partially override common.names.fullname template (will maintain the release name) ## @@ -99,7 +99,7 @@ podAnnotations: # sidecar.istio.io/inject: "false" traffic.sidecar.istio.io/excludeInboundPorts: "4444,4567,4568" traffic.sidecar.istio.io/includeInboundPorts: '*' - traffic.sidecar.istio.io/excludeOutboundPorts: "4444,4567,4568" + traffic.sidecar.istio.io/excludeOutboundPorts: "4444,4567,4568,443" mariadbOpConfiguration: |- [mysqld] diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml index 0edb8e936b..4bb142d001 100644 --- a/kubernetes/common/mariadb-init/templates/job.yaml +++ b/kubernetes/common/mariadb-init/templates/job.yaml @@ -74,9 +74,6 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "password") | indent 10 }} {{ end }} volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - name: mariadb-init mountPath: /db_init/ {{- if or .Values.dbScriptConfigMap .Values.dbScript }} @@ -95,9 +92,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - - name: localtime - hostPath: - path: /etc/localtime {{- if or .Values.dbScriptConfigMap .Values.dbScript }} - name: mariadb-conf configMap: diff --git a/kubernetes/common/mariadb-init/tests/job_test.yaml b/kubernetes/common/mariadb-init/tests/job_test.yaml index 31e04f0e2c..cff8f947f8 100644 --- a/kubernetes/common/mariadb-init/tests/job_test.yaml +++ b/kubernetes/common/mariadb-init/tests/job_test.yaml @@ -36,7 +36,7 @@ tests: content: mariadb-galera - equal: path: spec.template.spec.initContainers[0].image - value: nexus3.onap.org:10001/onap/oom/readiness:6.0.2 + value: nexus3.onap.org:10001/onap/oom/readiness:6.0.3 - equal: path: spec.template.spec.initContainers[0].imagePullPolicy value: IfNotPresent diff --git a/kubernetes/common/mongodb/Chart.yaml b/kubernetes/common/mongodb/Chart.yaml index 73c8bab5c2..2d6bf4bb4f 100644 --- a/kubernetes/common/mongodb/Chart.yaml +++ b/kubernetes/common/mongodb/Chart.yaml @@ -16,7 +16,7 @@ annotations: - name: os-shell image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 -appVersion: 7.0.5 +appVersion: 7.0.8 dependencies: - name: common repository: 'file://./common' @@ -40,4 +40,4 @@ maintainers: name: mongodb sources: - https://github.com/bitnami/charts/tree/main/bitnami/mongodb -version: 14.12.2 +version: 14.12.3 diff --git a/kubernetes/common/mongodb/templates/arbiter/statefulset.yaml b/kubernetes/common/mongodb/templates/arbiter/statefulset.yaml index 269863f3ec..041b0cb51d 100644 --- a/kubernetes/common/mongodb/templates/arbiter/statefulset.yaml +++ b/kubernetes/common/mongodb/templates/arbiter/statefulset.yaml @@ -254,6 +254,9 @@ spec: - name: empty-dir mountPath: /opt/bitnami/mongodb/logs subPath: app-logs-dir + - name: empty-dir + mountPath: /bitnami/mongodb + subPath: app-volume-dir {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap }} - name: config mountPath: /opt/bitnami/mongodb/conf/mongodb.conf diff --git a/kubernetes/common/mongodb/templates/backup/cronjob.yaml b/kubernetes/common/mongodb/templates/backup/cronjob.yaml index 79466e919e..2e884b14b9 100644 --- a/kubernetes/common/mongodb/templates/backup/cronjob.yaml +++ b/kubernetes/common/mongodb/templates/backup/cronjob.yaml @@ -166,14 +166,16 @@ spec: restartPolicy: {{ .Values.backup.cronjob.restartPolicy }} volumes: - name: empty-dir - emptyDir: {} + emptyDir: + sizeLimit: 64Mi - name: common-scripts configMap: name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} defaultMode: 0550 {{- if .Values.tls.enabled }} - name: certs - emptyDir: {} + emptyDir: + sizeLimit: 64Mi {{- if (include "mongodb.autoGenerateCerts" .) }} - name: certs-volume secret: diff --git a/kubernetes/common/mongodb/templates/hidden/statefulset.yaml b/kubernetes/common/mongodb/templates/hidden/statefulset.yaml index 5b2a807d84..08a55ebd06 100644 --- a/kubernetes/common/mongodb/templates/hidden/statefulset.yaml +++ b/kubernetes/common/mongodb/templates/hidden/statefulset.yaml @@ -514,7 +514,8 @@ spec: {{- end }} volumes: - name: empty-dir - emptyDir: {} + emptyDir: + sizeLimit: 64Mi - name: common-scripts configMap: name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} @@ -531,7 +532,8 @@ spec: {{- end }} {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} - name: shared - emptyDir: {} + emptyDir: + sizeLimit: 64Mi {{- end }} - name: scripts configMap: @@ -542,7 +544,8 @@ spec: {{- end }} {{- if .Values.tls.enabled }} - name: certs - emptyDir: {} + emptyDir: + sizeLimit: 64Mi {{- if (include "mongodb.autoGenerateCerts" .) }} - name: certs-volume secret: @@ -568,8 +571,10 @@ spec: {{- if .Values.hidden.persistence.medium }} emptyDir: medium: {{ .Values.hidden.persistence.medium | quote }} + sizeLimit: 64Mi {{- else }} - emptyDir: {} + emptyDir: + sizeLimit: 64Mi {{- end }} {{- else }} volumeClaimTemplates: diff --git a/kubernetes/common/mongodb/templates/replicaset/statefulset.yaml b/kubernetes/common/mongodb/templates/replicaset/statefulset.yaml index 55158e8fb0..b171eca005 100644 --- a/kubernetes/common/mongodb/templates/replicaset/statefulset.yaml +++ b/kubernetes/common/mongodb/templates/replicaset/statefulset.yaml @@ -512,7 +512,8 @@ spec: {{- end }} volumes: - name: empty-dir - emptyDir: {} + emptyDir: + sizeLimit: 64Mi - name: common-scripts configMap: name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} @@ -529,7 +530,8 @@ spec: {{- end }} {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} - name: shared - emptyDir: {} + emptyDir: + sizeLimit: 64Mi {{- end }} - name: scripts configMap: @@ -540,7 +542,8 @@ spec: {{- end }} {{- if .Values.tls.enabled }} - name: certs - emptyDir: {} + emptyDir: + sizeLimit: 64Mi {{- if (include "mongodb.autoGenerateCerts" .) }} - name: certs-volume secret: @@ -566,8 +569,10 @@ spec: {{- if .Values.persistence.medium }} emptyDir: medium: {{ .Values.persistence.medium | quote }} + sizeLimit: 64Mi {{- else }} - emptyDir: {} + emptyDir: + sizeLimit: 64Mi {{- end }} {{- else }} {{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }} diff --git a/kubernetes/common/mongodb/templates/standalone/dep-sts.yaml b/kubernetes/common/mongodb/templates/standalone/dep-sts.yaml index 29dd406bca..6f63f0be5b 100644 --- a/kubernetes/common/mongodb/templates/standalone/dep-sts.yaml +++ b/kubernetes/common/mongodb/templates/standalone/dep-sts.yaml @@ -437,7 +437,8 @@ spec: {{- end }} volumes: - name: empty-dir - emptyDir: {} + emptyDir: + sizeLimit: 64Mi - name: common-scripts configMap: name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} @@ -457,7 +458,8 @@ spec: {{- end }} {{- if .Values.tls.enabled }} - name: certs - emptyDir: {} + emptyDir: + sizeLimit: 64Mi {{- if (include "mongodb.autoGenerateCerts" .) }} - name: certs-volume secret: @@ -481,8 +483,10 @@ spec: {{- if .Values.persistence.medium }} emptyDir: medium: {{ .Values.persistence.medium | quote }} + sizeLimit: 64Mi {{- else }} - emptyDir: {} + emptyDir: + sizeLimit: 64Mi {{- end }} {{- else if .Values.persistence.existingClaim }} - name: {{ .Values.persistence.name | default "datadir" }} diff --git a/kubernetes/common/mongodb/values.yaml b/kubernetes/common/mongodb/values.yaml index 8d995ce973..9612859392 100644 --- a/kubernetes/common/mongodb/values.yaml +++ b/kubernetes/common/mongodb/values.yaml @@ -120,7 +120,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/mongodb - tag: 7.0.5-debian-12-r5 + tag: 7.0.8-debian-12-r2 digest: "" ## Specify a imagePullPolicy ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images @@ -246,7 +246,7 @@ tls: image: registry: docker.io repository: bitnami/nginx - tag: 1.25.4-debian-12-r1 + tag: 1.25.4-debian-12-r7 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -571,15 +571,17 @@ podSecurityContext: ## containerSecurityContext: enabled: true - seLinuxOptions: null + seLinuxOptions: {} runAsUser: 1001 - runAsGroup: 0 + runAsGroup: 1001 runAsNonRoot: true privileged: false - readOnlyRootFilesystem: false + readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: - drop: ["ALL"] + drop: + - ALL + - CAP_NET_RAW seccompProfile: type: "RuntimeDefault" ## MongoDB(®) containers' resource requests and limits. @@ -834,7 +836,7 @@ externalAccess: image: registry: docker.io repository: bitnami/kubectl - tag: 1.29.2-debian-12-r1 + tag: 1.29.3-debian-12-r3 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1203,15 +1205,17 @@ backup: ## containerSecurityContext: enabled: true - seLinuxOptions: null + seLinuxOptions: {} runAsUser: 1001 - runAsGroup: 0 + runAsGroup: 1001 runAsNonRoot: true privileged: false - readOnlyRootFilesystem: false + readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: - drop: ["ALL"] + drop: + - ALL + - CAP_NET_RAW seccompProfile: type: "RuntimeDefault" ## @param backup.cronjob.command Set backup container's command to run @@ -1382,7 +1386,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 12-debian-12-r15 + tag: 12-debian-12-r18 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1429,7 +1433,7 @@ volumePermissions: ## @param volumePermissions.securityContext.runAsUser User ID for the volumePermissions container ## securityContext: - seLinuxOptions: null + seLinuxOptions: {} runAsUser: 0 ## @section Arbiter parameters ## @@ -1603,15 +1607,17 @@ arbiter: ## containerSecurityContext: enabled: true - seLinuxOptions: null + seLinuxOptions: {} runAsUser: 1001 - runAsGroup: 0 + runAsGroup: 1001 runAsNonRoot: true privileged: false - readOnlyRootFilesystem: false + readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: - drop: ["ALL"] + drop: + - ALL + - CAP_NET_RAW seccompProfile: type: "RuntimeDefault" ## MongoDB(®) Arbiter containers' resource requests and limits. @@ -1946,15 +1952,17 @@ hidden: ## containerSecurityContext: enabled: true - seLinuxOptions: null + seLinuxOptions: {} runAsUser: 1001 - runAsGroup: 0 + runAsGroup: 1001 runAsNonRoot: true privileged: false - readOnlyRootFilesystem: false + readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: - drop: ["ALL"] + drop: + - ALL + - CAP_NET_RAW seccompProfile: type: "RuntimeDefault" ## MongoDB(®) Hidden containers' resource requests and limits. @@ -2180,7 +2188,7 @@ metrics: image: registry: docker.io repository: bitnami/mongodb-exporter - tag: 0.40.0-debian-12-r11 + tag: 0.40.0-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/kubernetes/common/network-name-gen/Chart.yaml b/kubernetes/common/network-name-gen/Chart.yaml deleted file mode 100644 index 88336f49c3..0000000000 --- a/kubernetes/common/network-name-gen/Chart.yaml +++ /dev/null @@ -1,39 +0,0 @@ -# Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: Name Generation Micro Service
-name: network-name-gen
-version: 13.0.0
-
-dependencies:
- - name: common
- version: ~13.x-0
- repository: 'file://../common'
- - name: repositoryGenerator
- version: ~13.x-0
- repository: 'file://../repositoryGenerator'
- - name: mariadb-galera
- version: ~13.x-0
- repository: 'file://../mariadb-galera'
- condition: global.mariadbGalera.localCluster
- - name: mariadb-init
- version: ~13.x-0
- repository: 'file://../mariadb-init'
- condition: global.mariadbGalera.globalCluster
- - name: serviceAccount
- version: ~13.x-0
- repository: '@local'
\ No newline at end of file diff --git a/kubernetes/common/network-name-gen/resources/config/aai_keystore b/kubernetes/common/network-name-gen/resources/config/aai_keystore Binary files differdeleted file mode 100644 index 83cae95273..0000000000 --- a/kubernetes/common/network-name-gen/resources/config/aai_keystore +++ /dev/null diff --git a/kubernetes/common/network-name-gen/templates/deployment.yaml b/kubernetes/common/network-name-gen/templates/deployment.yaml deleted file mode 100644 index 6bba995b11..0000000000 --- a/kubernetes/common/network-name-gen/templates/deployment.yaml +++ /dev/null @@ -1,120 +0,0 @@ -{{/* -# Copyright (C) 2018 AT&T Intellectual Property. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: - - name: {{ include "common.name" . }}-readiness - command: - - /app/ready.py - args: -{{- if .Values.global.mariadbGalera.localCluster }} - - --app-name - - {{ index .Values "mariadb-galera" "nameOverride" }} -{{- else }} - - --job-name - - {{ include "common.release" . }}-{{ index .Values "mariadb-init" "nameOverride" }}-config-job -{{- end }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" - containers: - - name: {{ include "common.name" . }} - command: - - bash - args: - - '-c' - - 'export POL_BASIC_AUTH=`echo -n $POL_BASIC_AUTH_USER:$POL_BASIC_AUTH_PASSWORD | base64`; /startService.sh' - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: SPRING_PROFILE - value: "{{ .Values.config.springProfile }}" - - name: NENG_DB_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-db-secret" "key" "login") | indent 10}} - - name: NENG_DB_PASS - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-db-secret" "key" "password") | indent 10}} - - name: NENG_DB_URL - value: jdbc:mysql://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "db" "name" }} - - name: POL_CLIENT_AUTH - value: "{{ .Values.config.polClientAuth }}" - - name: POL_BASIC_AUTH_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pol-basic-auth-secret" "key" "login") | indent 10}} - - name: POL_BASIC_AUTH_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pol-basic-auth-secret" "key" "password") | indent 10}} - - name: POL_URL - {{- if (include "common.needTLS" .) }} - value: "{{ .Values.config.polUrl.https }}" - {{- else }} - value: "{{ .Values.config.polUrl.http }}" - {{- end }} - - name: POL_ENV - value: "{{ .Values.config.polEnv }}" - - name: POL_REQ_ID - value: "{{ .Values.config.polReqId }}" - - name: AAI_CERT_PASS - value: "{{ .Values.config.aaiCertPass }}" - - name: AAI_CERT_PATH - value: "{{ .Values.config.aaiCertPath }}" - - name: AAI_URI - {{- if (include "common.needTLS" .) }} - value: "{{ .Values.config.aaiUri.https }}" - {{- else }} - value: "{{ .Values.config.aaiUri.http }}" - {{- end }} - - name: AAI_AUTH - value: "{{ .Values.config.aaiAuth }}" - - name: DISABLE_HOST_VERIFICATION - value: "{{ .Values.config.disableHostVerification }}" - volumeMounts: - - name: certs - mountPath: /opt/etc/config/aai_keystore - subPath: aai_keystore - readOnly: true - resources: {{ include "common.resources" . | nindent 10 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: certs - secret: - secretName: {{ include "common.release" . }}-aai-keystore - {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/common/network-name-gen/templates/secrets.yaml b/kubernetes/common/network-name-gen/templates/secrets.yaml deleted file mode 100644 index 61b83d7a9b..0000000000 --- a/kubernetes/common/network-name-gen/templates/secrets.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{/* -# Copyright (c) 2018 Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} ---- -apiVersion: v1 -data: -{{ tpl (.Files.Glob "resources/config/aai_keystore").AsSecrets . | indent 2 }} -metadata: - name: {{ include "common.release" . }}-aai-keystore - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -kind: Secret -type: Opaque diff --git a/kubernetes/common/network-name-gen/templates/service.yaml b/kubernetes/common/network-name-gen/templates/service.yaml deleted file mode 100644 index aac71f7eb3..0000000000 --- a/kubernetes/common/network-name-gen/templates/service.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{/* -# Copyright (C) 2018 AT&T Intellectual Property. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app.kubernetes.io/name: {{ include "common.name" . }} - app.kubernetes.io/instance: {{ include "common.release" . }} - diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml deleted file mode 100644 index 0b62705474..0000000000 --- a/kubernetes/common/network-name-gen/values.yaml +++ /dev/null @@ -1,156 +0,0 @@ -# Copyright (C) 2018 AT&T Intellectual Property. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Global configuration default values that can be inherited by -# all subcharts. -################################################################# -global: - - # Change to an unused port prefix range to prevent port conflicts - # with other instances running within the same k8s cluster - nodePortPrefix: 302 - - # image pull policy - pullPolicy: IfNotPresent - - mariadbGalera: &mariadbGalera - # flag to enable the DB creation via mariadb-operator - useOperator: true - #This flag allows SO to instantiate its own mariadb-galera cluster - #When changing it to "true", also set "globalCluster: false" - #as the dependency check will not work otherwise (Chart.yaml) - localCluster: false - globalCluster: true - service: mariadb-galera - internalPort: 3306 - nameOverride: mariadb-galera - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: neng-db-secret - name: &dbUserSecretName '{{ include "common.release" . }}-neng-db-secret' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.db.externalSecret) . }}' - login: '{{ .Values.config.db.userName }}' - password: '{{ .Values.config.db.userPassword }}' - - uid: pol-basic-auth-secret - name: '{{ include "common.release" . }}-pol-basic-auth-secret' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.polBasicAuthSecret) . }}' - login: '{{ .Values.config.polBasicAuthUser }}' - password: '{{ .Values.config.polBasicAuthPassword }}' - -# sub-chart config -mariadb-galera: - db: - user: sdnctl - # password: - externalSecret: *dbUserSecretName - name: &mysqlDbName nengdb - nameOverride: nengdb - service: - name: nengdb - portName: nengdbport - replicaCount: 1 - mariadbOperator: - galera: - enabled: false - - persistence: - enabled: true - mountSubPath: network-name-gen/data - -mariadb-init: - config: - userCredentialsExternalSecret: *dbUserSecretName - mysqlDatabase: *mysqlDbName - nameOverride: nengdb-init - serviceAccount: - nameOverride: nengdb-init - -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/ccsdk-apps-ms-neng:1.4.0 -pullPolicy: IfNotPresent - -# application configuration -config: - db: - userName: nenguser - # userPassword: password - # userCredentialsExternalSecret: some-secret - springProfile: live - polClientAuth: cHl0aG9uOnRlc3Q= - polBasicAuthUser: healthcheck - polBasicAuthPassword: zb!XztG34 - polUrl: - https: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision - http: http://policy-xacml-pdp:6969/policy/pdpx/v1/decision - polEnv: TEST - polReqId: xx - disableHostVerification: true - aaiCertPass: changeit - aaiCertPath: /opt/etc/config/aai_keystore - aaiAuth: QUFJOkFBSQ== - aaiUri: - https: https://aai:8443/aai/v14/ - http: http://aai:80/aai/v14/ - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: false - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: ClusterIP - name: neng-serv - portName: http - internalPort: 8080 - externalPort: 8080 - -ingress: - enabled: false - -resources: {} - -podAnnotations: - # Workarround to exclude K8S API from istio communication - # as init-container (readinessCheck) does not work with the - # Istio CNI plugin, see: - # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers) - traffic.sidecar.istio.io/excludeOutboundPorts: "443" - -#Pods Service Account -serviceAccount: - nameOverride: network-name-gen - roles: - - read
\ No newline at end of file diff --git a/kubernetes/common/postgres-init/templates/job.yaml b/kubernetes/common/postgres-init/templates/job.yaml index 348dda517a..cc7d410eb2 100644 --- a/kubernetes/common/postgres-init/templates/job.yaml +++ b/kubernetes/common/postgres-init/templates/job.yaml @@ -76,9 +76,6 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - mountPath: /config-input/setup.sql name: config subPath: setup.sql @@ -96,9 +93,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - - name: localtime - hostPath: - path: /etc/localtime - name: config configMap: name: {{ include "common.fullname" . }} diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl index aae5da9195..ff701a2c10 100644 --- a/kubernetes/common/postgres/templates/_deployment.tpl +++ b/kubernetes/common/postgres/templates/_deployment.tpl @@ -222,9 +222,6 @@ spec: {{ toYaml $dot.Values.affinity | indent 10 }} {{- end }} volumes: - - name: localtime - hostPath: - path: /etc/localtime - name: {{ include "common.fullname" $dot }}-backup emptyDir: {} - name: {{ include "common.fullname" $dot }}-data diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml index 3b1acd9946..da10d82035 100644 --- a/kubernetes/common/repositoryGenerator/values.yaml +++ b/kubernetes/common/repositoryGenerator/values.yaml @@ -39,10 +39,10 @@ global: mariadbImage: bitnami/mariadb:10.5.8 nginxImage: bitnami/nginx:1.21.4 postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1 - readinessImage: onap/oom/readiness:6.0.2 + readinessImage: onap/oom/readiness:6.0.3 dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1 drProvClientImage: onap/dmaap/datarouter-prov-client:2.1.15 - quitQuitImage: onap/oom/readiness:6.0.2 + quitQuitImage: onap/oom/readiness:6.0.3 # Default credentials # they're optional. If the target repository doesn't need them, comment them |