diff options
Diffstat (limited to 'kubernetes/platform')
17 files changed, 330 insertions, 84 deletions
diff --git a/kubernetes/platform/components/chartmuseum/Chart.yaml b/kubernetes/platform/components/chartmuseum/Chart.yaml new file mode 100644 index 0000000000..1aa8d929d5 --- /dev/null +++ b/kubernetes/platform/components/chartmuseum/Chart.yaml @@ -0,0 +1,21 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +description: ONAP Chart Museum +name: chartmuseum +version: 8.0.0 diff --git a/kubernetes/platform/components/chartmuseum/requirements.yaml b/kubernetes/platform/components/chartmuseum/requirements.yaml new file mode 100644 index 0000000000..07ac4b4224 --- /dev/null +++ b/kubernetes/platform/components/chartmuseum/requirements.yaml @@ -0,0 +1,29 @@ +#============LICENSE_START======================================================== +# Copyright (c) 2021 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~8.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~8.x-0 + repository: '@local' + - name: readinessCheck + version: ~8.x-0 + repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/platform/components/chartmuseum/templates/deployment.yaml b/kubernetes/platform/components/chartmuseum/templates/deployment.yaml new file mode 100644 index 0000000000..cc07f27bb1 --- /dev/null +++ b/kubernetes/platform/components/chartmuseum/templates/deployment.yaml @@ -0,0 +1,83 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: 1 + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + {{ include "common.podSecurityContext" . | indent 7 | trim}} + initContainers: + - name: volume-permissions + image: {{ include "repositoryGenerator.image.busybox" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - "-c" + - | + chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} //chartmuseum-persist + securityContext: + runAsUser: 0 + volumeMounts: + - name: chart-persistent + mountPath: "/chartmuseum-persist" + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.githubContainerRegistry" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 12 | trim }} + resources: {{ include "common.resources" . | nindent 12 }} + ports: {{ include "common.containerPorts" . | nindent 12 }} + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + httpGet: + path: {{ .Values.liveness.path }} + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + env: + - name: STORAGE + value: local + - name: STORAGE_LOCAL_ROOTDIR + value: "/chartmuseum-persist" + - name: BASIC_AUTH_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "registrycred" "key" "login") | indent 14 }} + - name: BASIC_AUTH_PASS + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "registrycred" "key" "password") | indent 14 }} + volumeMounts: + - mountPath: /chartmuseum-persist + name: chart-persistent + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: + - name: chart-persistent + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }} + {{- else }} + emptyDir: {} + {{- end }} + + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file diff --git a/kubernetes/platform/components/chartmuseum/templates/pv.yaml b/kubernetes/platform/components/chartmuseum/templates/pv.yaml new file mode 100644 index 0000000000..a05ebfb207 --- /dev/null +++ b/kubernetes/platform/components/chartmuseum/templates/pv.yaml @@ -0,0 +1,20 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.PV" . }}
\ No newline at end of file diff --git a/kubernetes/platform/components/chartmuseum/templates/pvc.yaml b/kubernetes/platform/components/chartmuseum/templates/pvc.yaml new file mode 100644 index 0000000000..2bd21dde5c --- /dev/null +++ b/kubernetes/platform/components/chartmuseum/templates/pvc.yaml @@ -0,0 +1,19 @@ +{{/* +################################################################################ +# Copyright (c) 2021 AT&T # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +*/}} + +{{ include "common.PVC" . }}
\ No newline at end of file diff --git a/kubernetes/platform/components/chartmuseum/templates/secret.yaml b/kubernetes/platform/components/chartmuseum/templates/secret.yaml new file mode 100644 index 0000000000..c8fbd04150 --- /dev/null +++ b/kubernetes/platform/components/chartmuseum/templates/secret.yaml @@ -0,0 +1,21 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2018 Amdocs, Bell Canada +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/platform/components/chartmuseum/templates/service.yaml b/kubernetes/platform/components/chartmuseum/templates/service.yaml new file mode 100644 index 0000000000..40aaa735e2 --- /dev/null +++ b/kubernetes/platform/components/chartmuseum/templates/service.yaml @@ -0,0 +1,20 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.service" . }} diff --git a/kubernetes/platform/components/chartmuseum/values.yaml b/kubernetes/platform/components/chartmuseum/values.yaml new file mode 100644 index 0000000000..05a8b1537b --- /dev/null +++ b/kubernetes/platform/components/chartmuseum/values.yaml @@ -0,0 +1,97 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2021 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +# Global values +global: + pullPolicy: Always + persistence: {} + githubContainerRegistry: ghcr.io +image: helm/chartmuseum:v0.13.1 +containerPort: &cont_port 8080 + + +# Secrets Configuration. +secrets: + - uid: registrycred + type: basicAuth + login: '{{ .Values.registryCred.username }}' + password: '{{ .Values.registryCred.password }}' + passwordPolicy: required + + +# service configuration +service: + type: ClusterIP + name: chart-museum + ports: + - port: 80 + internal_port: *cont_port + name: &port http + +chartsMap: + directory: "/charts/components/" + +liveness: + initialDelaySeconds: 30 + periodSeconds: 30 + path: /health + port: *port + enabled: true + +# Below parameter should match setting in all clients +# including contrib\tools\registry-initialize.sh +# which does preload +registryCred: + username: onapinitializer + password: demo123456! + +# Parameters for persistent storage +persistence: + enabled: true + accessMode: ReadWriteOnce + size: 4Gi + mountPath: /dockerdata-nfs + mountSubPath: chartmuseum/data + volumeReclaimPolicy: Retain + + +serviceAccount: + nameOverride: chartmuseum + roles: + - read + +securityContext: + user_id: 2000 + group_id: 3000 + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 0.5 + memory: 512Mi + large: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 1 + memory: 1Gi + unlimited: {}
\ No newline at end of file diff --git a/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml b/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml index 0bc24afe86..e8418355d3 100644 --- a/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml +++ b/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml @@ -56,7 +56,10 @@ spec: description: Path of health check endpoint. type: string certEndpoint: - description: Path of cerfificate signing enpoint. + description: Path of cerfificate signing endpoint. + type: string + updateEndpoint: + description: Path of certificate update endpoint. type: string caName: description: Name of the external CA server configured on CertService API side. diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml index ae4ae81f02..52e35375d3 100644 --- a/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml +++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml @@ -25,6 +25,7 @@ spec: url: {{ .Values.cmpv2issuer.url }} healthEndpoint: {{ .Values.cmpv2issuer.healthcheckEndpoint }} certEndpoint: {{ .Values.cmpv2issuer.certEndpoint }} + updateEndpoint: {{ .Values.cmpv2issuer.updateEndpoint }} caName: {{ .Values.cmpv2issuer.caName }} certSecretRef: name: {{ .Values.cmpv2issuer.certSecretRef.name }} diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml index 8bcbc1f7d0..c49762202b 100644 --- a/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml +++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml @@ -1,7 +1,7 @@ {{ if .Values.global.cmpv2Enabled }} # ============LICENSE_START======================================================= -# Copyright (c) 2020 Nokia +# Copyright (c) 2020-2021 Nokia # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -33,27 +33,11 @@ spec: labels: control-plane: controller-manager spec: + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" initContainers: {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: - - name: {{ .Values.deploymentProxy.name }} - image: {{ .Values.deploymentProxy.image }} - imagePullPolicy: {{ .Values.deploymentProxy.pullPolicy }} - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - ports: - - containerPort: 8443 - name: https - resources: - limits: - cpu: {{ .Values.deploymentProxy.resources.limits.cpu }} - memory: {{ .Values.deploymentProxy.resources.limits.memory }} - requests: - cpu: {{ .Values.deploymentProxy.resources.requests.cpu }} - memory: {{ .Values.deploymentProxy.resources.requests.memory }} - name: provider image: {{ .Values.global.repository }}{{if .Values.global.repository }}/{{ end }}{{ .Values.deployment.image }} imagePullPolicy: {{ .Values.deployment.pullPolicy }} diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml deleted file mode 100644 index bc689cc68f..0000000000 --- a/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{ if .Values.global.cmpv2Enabled }} - -# ============LICENSE_START======================================================= -# Copyright (c) 2020 Nokia -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -apiVersion: v1 -kind: Service -metadata: - annotations: - prometheus.io/port: "8443" - prometheus.io/scheme: https - prometheus.io/scrape: "true" - labels: - control-plane: controller-manager - name: {{ .Values.service.name }} - namespace: {{ include "common.namespace" . }} -spec: - type: {{ .Values.service.type }} - ports: - - name: {{ .Values.service.ports.name }} - port: {{ .Values.service.ports.port }} - targetPort: {{ .Values.service.ports.targetPort }} - selector: - control-plane: controller-manager -{{ end }} diff --git a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml index 55c4d0beac..2237811465 100644 --- a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml +++ b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml @@ -1,4 +1,4 @@ -# Copyright © 2020, Nokia +# Copyright © 2020-2021, Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,19 +25,10 @@ global: namespace: onap -# Service configuration -service: - name: oom-certservice-cmpv2issuer-metrics-service - type: ClusterIP - ports: - name: https - port: 8443 - targetPort: https - # Deployment configuration deployment: name: oom-certservice-cmpv2issuer - image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.3.2 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.4.0 proxyImage: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 # fol local development use IfNotPresent pullPolicy: Always @@ -49,17 +40,6 @@ deployment: requests: cpu: 100m memory: 64Mi -deploymentProxy: - name: kube-rbac-proxy - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 - pullPolicy: IfNotPresent - resources: - limits: - cpu: 250m - memory: 128Mi - requests: - cpu: 50m - memory: 32Mi readinessCheck: wait_for: - oom-cert-service @@ -70,6 +50,7 @@ cmpv2issuer: url: https://oom-cert-service:8443 healthcheckEndpoint: actuator/health certEndpoint: v1/certificate + updateEndpoint: v1/certificate-update caName: RA certSecretRef: name: oom-cert-service-client-tls-secret diff --git a/kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json b/kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json index 06e1087f60..5a967f0405 100644 --- a/kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json +++ b/kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json @@ -3,7 +3,7 @@ { "caName": "CLIENT", "url": "http://ejbca:8080/ejbca/publicweb/cmp/cmp", - "issuerDN": "CN=ManagementCA", + "issuerDN": "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345", "caMode": "CLIENT", "authentication": { "iak": "${CLIENT_IAK}", @@ -13,7 +13,7 @@ { "caName": "RA", "url": "http://ejbca:8080/ejbca/publicweb/cmp/cmpRA", - "issuerDN": "CN=ManagementCA", + "issuerDN": "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345", "caMode": "RA", "authentication": { "iak": "${RA_IAK}", @@ -21,4 +21,4 @@ } } ] -}
\ No newline at end of file +} diff --git a/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml b/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml index 9a6abd4eb9..8215ed949e 100644 --- a/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml +++ b/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml @@ -23,6 +23,8 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" volumes: {{- if .Values.global.addTestingComponents }} - name: cmp-servers-template-volume diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml index 2e149683d7..fbd545c12e 100644 --- a/kubernetes/platform/components/oom-cert-service/values.yaml +++ b/kubernetes/platform/components/oom-cert-service/values.yaml @@ -34,7 +34,7 @@ service: # Deployment configuration repository: "nexus3.onap.org:10001" -image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.3 +image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.4.0 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/platform/requirements.yaml b/kubernetes/platform/requirements.yaml index 84ad7f8699..ce3310151f 100644 --- a/kubernetes/platform/requirements.yaml +++ b/kubernetes/platform/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: cmpv2-cert-provider version: ~8.x-0 repository: 'file://components/cmpv2-cert-provider' + - name: chartmuseum + version: ~8.x-0 + repository: 'file://components/chartmuseum'
\ No newline at end of file |