diff options
Diffstat (limited to 'kubernetes/dcaegen2')
30 files changed, 232 insertions, 103 deletions
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json index 6de75c96d7..d0413192c8 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json @@ -41,15 +41,20 @@ }, "external_cert": { - "image_tag": "{{ .Values.global.tlsRepository }}/{{ .Values.cmpv2Config.global.aaf.certServiceClient.image }}", - "request_url": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.requestURL }}", - "timeout": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.requestTimeout }}", - "country": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2Country }}", - "organization": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2Organization }}", - "state": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2State }}", - "organizational_unit": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2OrganizationalUnit }}", - "location": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2Location }}", - "keystore_password": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.keystorePassword }}", - "truststore_password": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.truststorePassword }}" + "image_tag": "{{ .Values.global.tlsRepository }}/{{ .Values.cmpv2Config.global.platform.certServiceClient.image }}", + "request_url": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.requestURL }}", + "timeout": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.requestTimeout }}", + "country": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Country }}", + "organization": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Organization }}", + "state": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2State }}", + "organizational_unit": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2OrganizationalUnit }}", + "location": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Location }}", + "cert_secret_name": "{{ .Values.cmpv2Config.global.platform.certServiceClient.secretName }}", + "keystore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.keystorePassword }}", + "truststore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.truststorePassword }}" + }, + "truststore_merger": + { + "image_tag": "{{ .Values.global.tlsRepository }}/{{ .Values.cmpv2Config.global.platform.certPostProcessor.image }}" } } diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml index a0cbbbdba2..f571affec0 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml @@ -1,6 +1,7 @@ #============LICENSE_START======================================================== #================================================================================= -# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2020 Nokia. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,4 +20,9 @@ tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.hv_ves }} {{ end }} use_tls: true -security_ssl_disable: false
\ No newline at end of file +security_ssl_disable: false +external_cert_ca_name: "RA" +external_cert_common_name: "dcae-hv-ves-collector" +external_cert_sans: "dcae-hv-ves-collector:hv-ves-collector:hv-ves" +external_cert_cert_type: "JKS" +external_cert_use_external_tls: false diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml index 5074cb8a7f..02e4dd68fd 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml @@ -19,4 +19,4 @@ tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.tcagen2 }} {{ end }} tca_handle_in_subscribe_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/" -tca_handle_out_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.TCAGEN2_OUTPUT/" +tca_handle_out_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.DCAE_CL_OUTPUT/" diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml index 5a2a595ca6..4ff23b7b2d 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml @@ -30,4 +30,13 @@ ves_fault_publish_url: "http://{{ .Values.config.address.message_router }}:3904/ ves_measurement_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/" ves_pnfRegistration_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_PNFREG_OUTPUT/" ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/" +ves_3gpp_fault_supervision_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT/" +ves_3gpp_provisioning_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT/" +ves_3gpp_hearbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT/" +ves_3gpp_performance_assurance_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT/" user_list: "sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6|demouser,$2a$10$1cc.COcqV/d3iT2N7BjPG.S6ZKv2jpb9a5MV.o7lMih/GpjJRX.Ce" +external_cert_ca_name: "RA" +external_cert_common_name: "dcae-ves-collector" +external_cert_sans: "dcae-ves-collector:ves-collector:ves" +external_cert_cert_type: "JKS" +external_cert_use_external_tls: false diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml index dda75dd874..0cbe71a224 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml @@ -31,3 +31,7 @@ ves_fault_publish_url: "http://{{ .Values.config.address.message_router }}:3904/ ves_measurement_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/" ves_pnfRegistration_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_PNFREG_OUTPUT/" ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/" +ves_3gpp_fault_supervision_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT/" +ves_3gpp_provisioning_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT/" +ves_3gpp_hearbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT/" +ves_3gpp_performance_assurance_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT/"
\ No newline at end of file diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml index 5c96138b03..4d10bcc0c9 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -56,10 +56,10 @@ spec: name: {{ include "common.name" . }}-update-config - name: {{ include "common.name" . }}-readiness - image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - dcae-cloudify-manager @@ -128,10 +128,7 @@ spec: - name: CMADDR value: {{ .Values.config.address.cm.host }} - name: CMPASS - valueFrom: - secretKeyRef: - name: {{ include "common.name" . }}-cmpass - key: password + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14}} - name: CMPROTO value: {{ .Values.config.address.cm.proto }} - name: CMPORT diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml index 44395e48e8..6489659d86 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,18 +16,4 @@ # limitations under the License. # ============LICENSE_END========================================================= -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.name" . }}-cmpass - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - password: YWRtaW4= ---- {{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index 5bce55ae6c..f35a6863d4 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -22,8 +22,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 + readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 tlsRepository: nexus3.onap.org:10001 @@ -37,6 +36,10 @@ secrets: externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "dcae-bootstrap-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}' password: '{{ .Values.postgres.config.pgRootpassword }}' policy: generate + - uid: 'cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' config: logstashServiceName: log-ls @@ -105,7 +108,7 @@ mongo: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.0.4 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.1.6 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager @@ -114,10 +117,10 @@ componentImages: holmes_rules: onap/holmes/rule-management:1.2.7 holmes_engine: onap/holmes/engine-management:1.2.6 tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.2.0 - ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.3 + ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.6 snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0 - prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.2 - hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.4.0 + prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.4 + hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.5.0 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml index b5bb66b8c0..428c7816cd 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml @@ -1,7 +1,8 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada +# Copyright (c) 2020 J. F. Lucas. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -45,10 +46,10 @@ spec: - "dcae-cloudify-manager" initContainers: - name: {{ include "common.name" . }}-readiness - image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - aaf-cm @@ -68,7 +69,6 @@ spec: - {{ include "common.namespace" . }} - --configmap - {{ .Values.multisiteConfigMapName }} - restartPolicy: Never - name: init-tls env: - name: POD_IP @@ -116,6 +116,7 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} {{ end }} readinessProbe: exec: @@ -123,6 +124,7 @@ spec: - /scripts/readiness-check.sh initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} + timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} volumeMounts: - mountPath: /opt/onap/config.txt subPath: config.txt @@ -144,6 +146,9 @@ spec: name: cm-persistent - mountPath: /opt/onap/certs name: tls-info + - mountPath: /opt/onap/cm-secrets + name: cm-secrets + readOnly: true securityContext: privileged: True volumes: @@ -171,5 +176,8 @@ spec: {{- end }} - emptyDir: {} name: tls-info + - name: cm-secrets + secret: + secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "cm-pass") }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml index 57cbe89cc1..960ec786b2 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml @@ -1,3 +1,4 @@ +{{/* #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. @@ -15,7 +16,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= - +*/}} {{ if .Values.dcae_ns}} # Create the namespace apiVersion: v1 diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml index dee9200eff..876b971db1 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml @@ -41,3 +41,5 @@ metadata: annotations: kubernetes.io/service-account.name: default type: kubernetes.io/service-account-token +--- +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml index f5d1ffe1ed..0de6f03b72 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml @@ -1,7 +1,8 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada +# Copyright (c) 2020 J. F. Lucas. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,8 +23,7 @@ global: nodePortPrefix: 302 persistence: {} - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 + readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 tlsRepository: nexus3.onap.org:10001 @@ -32,7 +32,15 @@ global: user: docker password: docker +secrets: + - uid: 'cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' + policy: required + config: + cloudifyManagerPassword: "override me" logstashServiceName: log-ls logstashPort: 5044 # Addresses of other ONAP entities @@ -46,7 +54,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.cm-container:3.1.0 +image: onap/org.onap.dcaegen2.deployments.cm-container:3.3.3 pullPolicy: Always # name of shared ConfigMap with kubeconfig for multiple clusters @@ -62,6 +70,7 @@ cleanupImage: onap/org.onap.dcaegen2.deployments.dcae-k8s-cleanup-container:1.0. liveness: initialDelaySeconds: 10 periodSeconds: 10 + timeoutSeconds: 5 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container # liveness not desirable for Cloudify Manager container @@ -69,7 +78,13 @@ liveness: readiness: initialDelaySeconds: 60 - periodSeconds: 10 + # In some environments we see CM coming up + # properly but readiness probe timing out. + # Increasing the timeout and adjusting the + # period so it's longer than the timeout. + # (DCAEGEN2-2465) + periodSeconds: 30 + timeoutSeconds: 10 service: type: ClusterIP diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml index 959c7f4826..e0e45c457a 100644 --- a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml @@ -38,10 +38,10 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-readiness - image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - consul-server @@ -89,7 +89,7 @@ spec: port: {{ .Values.service.secure.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} + {{ end }} readinessProbe: httpGet: scheme: "HTTPS" @@ -139,7 +139,7 @@ spec: port: {{ .Values.service.insecure.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} + {{ end }} readinessProbe: httpGet: scheme: "HTTP" diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml index a27fba52ae..a7be74a7ad 100644 --- a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml @@ -21,8 +21,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 + readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 tlsRepository: nexus3.onap.org:10001 @@ -45,7 +44,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.configbinding:2.5.2 +image: onap/org.onap.dcaegen2.platform.configbinding:2.5.3 pullPolicy: Always # probe configuration parameters diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml index 9765b62ae2..404927cda8 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -38,10 +38,10 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-readiness - image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - dcae-cloudify-manager @@ -105,7 +105,7 @@ spec: successThreshold: 1 timeoutSeconds: 1 volumeMounts: - - mountPath: /usr/local/share/ca-certificates/ + - mountPath: /opt/app/osaaf/ name: tls-info - mountPath: /opt/logs/dcae/dashboard name: component-log @@ -119,7 +119,7 @@ spec: - name: postgres_port value: "{{ .Values.postgres.config.pgPort }}" - name: cloudify_password - value: admin + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }} - name: dhandler_url value: {{ .Values.config.dhandler_url }} - name: cfy_url diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml index b143034d8f..34932b713d 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml @@ -1,16 +1,17 @@ {{/* # Copyright © 2020 Samsung Electronics -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. */}} + {{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml index 8e3f94dc64..a86a1eed49 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml @@ -20,8 +20,7 @@ ################################################################# global: nodePortPrefixExt: 304 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 + readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 tlsRepository: nexus3.onap.org:10001 @@ -35,8 +34,14 @@ secrets: login: '{{ .Values.postgres.config.pgUserName }}' password: '{{ .Values.postgres.config.pgUserPassword }}' passwordPolicy: generate + - uid: 'cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' + policy: required config: + cloudifyManagerPassword: "override me" logstashServiceName: log-ls logstashPort: 5044 dhandler_url: https://deployment-handler:8443 @@ -53,7 +58,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.3.2 +image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.4.0 pullPolicy: Always # probe configuration parameters diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml index 1a96bffa86..88ec5cbe66 100755 --- a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2020 Nokia # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -39,10 +39,10 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-readiness - image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - dcae-cloudify-manager @@ -124,7 +124,7 @@ spec: - name: CLOUDIFY_USER value: admin - name: CLOUDIFY_PASSWORD - value: admin + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }} - name: CONFIG_BINDING_SERVICE value: config-binding-service - name: NODE_EXTRA_CA_CERTS diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/secrets.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/secrets.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml index 8a3440dae5..7e340db628 100644 --- a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml @@ -20,8 +20,7 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 + readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 tlsRepository: nexus3.onap.org:10001 @@ -32,7 +31,15 @@ global: user: docker password: docker +secrets: + - uid: 'cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' + policy: required + config: + cloudifyManagerPassword: "override me" logstashServiceName: log-ls logstashPort: 5044 # Addresses of other ONAP entities @@ -46,7 +53,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.deployment-handler:4.3.0 +image: onap/org.onap.dcaegen2.platform.deployment-handler:4.4.1 pullPolicy: Always # probe configuration parameters diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml index a818435a03..d25889e028 100644 --- a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml @@ -22,8 +22,7 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 + readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml index 29d6207c9b..a39c4d27a1 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml @@ -57,10 +57,10 @@ spec: name: {{ include "common.name" . }}-update-config - name: {{ include "common.name" . }}-readiness - image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - {{ .Values.postgres.nameOverride }} diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml index a26ae5d196..3fec537716 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml @@ -20,8 +20,7 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 + readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 tlsRepository: nexus3.onap.org:10001 @@ -54,7 +53,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.inventory-api:3.4.1 +image: onap/org.onap.dcaegen2.platform.inventory-api:3.5.1 pullPolicy: Always diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml index f7492e03c9..61084fa26c 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -38,10 +38,10 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-readiness - image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - dcae-deployment-handler @@ -117,7 +117,7 @@ spec: - name: CLOUDIFY_USER value: admin - name: CLOUDIFY_PASSWORD - value: admin + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }} - name: CONFIG_BINDING_SERVICE value: config-binding-service - name: POD_IP diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/secrets.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/secrets.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml index 717497f4d4..4a587d82eb 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml @@ -20,8 +20,7 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 + readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 tlsRepository: nexus3.onap.org:10001 @@ -32,7 +31,15 @@ global: user: docker password: docker +secrets: + - uid: 'cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' + policy: required + config: + cloudifyManagerPassword: "override me" logstashServiceName: log-ls logstashPort: 5044 # Addresses of other ONAP entities diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml index d880433ef3..cd09e96217 100644 --- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml @@ -38,17 +38,17 @@ spec: spec: initContainers: - name: {{ include "common.name" . }}-readiness - image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /root/ready.py + - /app/ready.py args: - --container-name - "dcae-inventory-api" - --container-name - "message-router" - --container-name - - "sdc-dcae-be" + - "sdc-be" - "-t" - "45" env: diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml index 92206f7e2f..4b5896e45f 100644 --- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml @@ -20,8 +20,7 @@ ################################################################# global: nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 + readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 tlsRepository: nexus3.onap.org:10001 diff --git a/kubernetes/dcaegen2/templates/secrets.yaml b/kubernetes/dcaegen2/templates/secrets.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/dcaegen2/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml index 939bd115a4..1918a8fea7 100644 --- a/kubernetes/dcaegen2/values.yaml +++ b/kubernetes/dcaegen2/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2018 Amdocs, Bell Canada # Modifications Copyright © 2018-2019 AT&T +# Modifications Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,22 +26,47 @@ global: busyboxRepository: docker.io busyboxImage: library/busybox:1.30 +################################################################# +# Secrets metaconfig +################################################################# +secrets: +- name: &cmPassSecretName '{{ include "common.release" . }}-dcaegen2-cm-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}' + password: '{{ .Values.config.cloudifyManagerPassword }}' + +config: {} + +# To work around DCAEGEN2-2450, set password strength to "basic" +# to ensure password contains only alphanumerics +passwordStrengthOverride: basic + # Enable all DCAE components by default dcae-bootstrap: enabled: true + config: + cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-cloudify-manager: enabled: true + config: + cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-config-binding-service: enabled: true dcae-dashboard: enabled: true + config: + cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-deployment-handler: enabled: true + config: + cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-healthcheck: enabled: true dcae-inventory-api: enabled: true dcae-policy-handler: enabled: true + config: + cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-servicechange-handler: enabled: true |