diff options
Diffstat (limited to 'kubernetes/sdc')
24 files changed, 314 insertions, 116 deletions
diff --git a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml index 87fed417e6..84f6d0b51d 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml @@ -13,23 +13,14 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - name: {{ include "common.name" . }}-readiness @@ -60,19 +51,41 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-update-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" + env: + - name: KEYSTORE_PASS + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-sdc-cs-secrets + key: keystore_password + - name: TRUSTSTORE_PASS + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-sdc-cs-secrets + key: truststore_password + volumeMounts: + - name: {{ include "common.fullname" . }}-environments + mountPath: /config-input/ + - name: sdc-environments-output + mountPath: /config-output/ containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - - containerPort: {{ .Values.service.internalPort2 }} + ports: {{ include "common.containerPorts" . | nindent 10 }} {{ if eq .Values.liveness.enabled true }} livenessProbe: httpGet: path: /sdc2/rest/healthCheck - port: {{ .Values.service.internalPort }} - scheme: HTTPS + port: {{ .Values.liveness.port }} + scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} @@ -84,8 +97,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} env: - name: ENVNAME value: {{ .Values.global.env.name }} @@ -98,8 +110,14 @@ spec: fieldRef: fieldPath: status.podIP volumeMounts: - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ + - name: sdc-cert + mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12 + subPath: org.onap.sdc.p12 + - name: sdc-cert + mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks + subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true @@ -128,6 +146,9 @@ spec: - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime + - name: sdc-cert + secret: + secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap @@ -140,7 +161,9 @@ spec: configMap: name: {{ include "common.release" . }}-sdc-environments-configmap defaultMode: 0755 - - name: {{ include "common.fullname" . }}-logs + - name: sdc-environments-output + emptyDir: { medium: "Memory" } + - name: {{ include "common.fullname" . }}-logs emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-be/templates/job.yaml b/kubernetes/sdc/charts/sdc-be/templates/job.yaml index 4b5ec51976..a4b44a1a54 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/job.yaml +++ b/kubernetes/sdc/charts/sdc-be/templates/job.yaml @@ -18,18 +18,16 @@ kind: Job metadata: name: {{ include "common.fullname" . }}-config-backend namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-job - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} spec: backoffLimit: 20 template: metadata: labels: - app: {{ include "common.name" . }}-job - release: {{ include "common.release" . }} + app.kubernetes.io/name: {{ include "common.name" . }}-job + helm.sh/chart: {{ include "common.chart" . }} + app.kubernetes.io/instance: {{ include "common.release" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} spec: restartPolicy: Never initContainers: diff --git a/kubernetes/sdc/charts/sdc-be/templates/service.yaml b/kubernetes/sdc/charts/sdc-be/templates/service.yaml index 39e1d77642..a0d0f5b438 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/service.yaml +++ b/kubernetes/sdc/charts/sdc-be/templates/service.yaml @@ -13,54 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "sdc", - "version": "v1", - "url": "/sdc/v1", - "protocol": "REST", - "port": "{{ .Values.service.internalPort2 }}", - "visualRange":"1" - }, - { - "serviceName": "sdc-deprecated", - "version": "v1", - "url": "/sdc/v1", - "protocol": "REST", - "port": "{{ .Values.service.internalPort2 }}", - "visualRange":"1", - "path":"/sdc/v1" - } - ]' -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - - port: {{ .Values.service.internalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName }}2 - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName }}2 - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} +{{ include "common.service" . }} diff --git a/kubernetes/sdc/charts/sdc-be/values.yaml b/kubernetes/sdc/charts/sdc-be/values.yaml index b6bc635071..a40b27d2aa 100644 --- a/kubernetes/sdc/charts/sdc-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-backend:1.6.3 -backendInitImage: onap/sdc-backend-init:1.6.3 +image: onap/sdc-backend:1.6.4 +backendInitImage: onap/sdc-backend-init:1.6.4 pullPolicy: Always # flag to enable debugging - application support required @@ -53,6 +53,7 @@ liveness: timeoutSeconds: 5 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container + port: api enabled: true readiness: @@ -63,22 +64,35 @@ readiness: service: type: NodePort name: sdc-be - portName: sdc-be - nodePort: "04" - internalPort: 8443 - externalPort: 8443 - nodePort2: "05" - internalPort2: 8080 - externalPort2: 8080 + both_tls_and_plain: true + msb: + - port: 8080 + url: "/sdc/v1" + version: "v1" + protocol: "REST" + visualRange: "1" + serviceName: sdc + - port: 8080 + url: "/sdc/v1" + version: "v1" + protocol: "REST" + visualRange: "1" + serviceName: sdc-deprecated + ports: + - name: api + port: 8443 + plain_port: 8080 + port_protocol: http + nodePort: '04' ingress: enabled: false service: - baseaddr: "sdcbe" name: "sdc-be" - port: 8080 + port: 8443 config: - ssl: "none" + ssl: "redirect" # Resource Limit flavor -By Default using small diff --git a/kubernetes/sdc/charts/sdc-cs/values.yaml b/kubernetes/sdc/charts/sdc-cs/values.yaml index ddc194654d..6c63927cf5 100644 --- a/kubernetes/sdc/charts/sdc-cs/values.yaml +++ b/kubernetes/sdc/charts/sdc-cs/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-cassandra:1.6.3 -cassandraInitImage: onap/sdc-cassandra-init:1.6.3 +image: onap/sdc-cassandra:1.6.4 +cassandraInitImage: onap/sdc-cassandra-init:1.6.4 pullPolicy: Always diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml index 6072148d07..de80c7a0de 100644 --- a/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml @@ -59,7 +59,30 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - + - name: {{ include "common.name" . }}-update-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" + env: + - name: KEYSTORE_PASS + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-sdc-cs-secrets + key: keystore_password + - name: TRUSTSTORE_PASS + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-sdc-cs-secrets + key: truststore_password + volumeMounts: + - name: {{ include "common.fullname" . }}-environments + mountPath: /config-input/ + - name: sdc-environments-output + mountPath: /config-output/ containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -91,8 +114,14 @@ spec: fieldRef: fieldPath: status.podIP volumeMounts: - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ + - name: sdc-cert + mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12 + subPath: org.onap.sdc.p12 + - name: sdc-cert + mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks + subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true @@ -132,6 +161,9 @@ spec: - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime + - name: sdc-cert + secret: + secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap @@ -144,7 +176,9 @@ spec: configMap: name: {{ include "common.release" . }}-sdc-environments-configmap defaultMode: 0755 - - name: {{ include "common.fullname" . }}-logs + - name: sdc-environments-output + emptyDir: { medium: "Memory" } + - name: {{ include "common.fullname" . }}-logs emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml b/kubernetes/sdc/charts/sdc-dcae-be/values.yaml index 051c076ea1..d1fe131f82 100644 --- a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-be/values.yaml @@ -27,9 +27,9 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dcae-be:1.3.3 +image: onap/dcae-be:1.3.4 pullPolicy: Always -backendInitImage: onap/dcae-tools:v1.3.3 +backendInitImage: onap/dcae-tools:1.3.4 # flag to enable debugging - application support required debugEnabled: false diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml index f3c44f0e54..77a835ccb7 100644 --- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml @@ -59,6 +59,30 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-update-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" + env: + - name: KEYSTORE_PASS + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-sdc-cs-secrets + key: keystore_password + - name: TRUSTSTORE_PASS + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-sdc-cs-secrets + key: truststore_password + volumeMounts: + - name: {{ include "common.fullname" . }}-environments + mountPath: /config-input/ + - name: sdc-environments-output + mountPath: /config-output/ containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -89,8 +113,14 @@ spec: fieldRef: fieldPath: status.podIP volumeMounts: - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ + - name: sdc-cert + mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.p12 + subPath: org.onap.sdc.p12 + - name: sdc-cert + mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.trust.jks + subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true @@ -126,6 +156,9 @@ spec: - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime + - name: sdc-cert + secret: + secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap @@ -138,7 +171,9 @@ spec: configMap: name: {{ include "common.release" . }}-sdc-environments-configmap defaultMode: 0755 - - name: {{ include "common.fullname" . }}-logs + - name: sdc-environments-output + emptyDir: { medium: "Memory" } + - name: {{ include "common.fullname" . }}-logs emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml index c3a2159d2e..ad46842393 100644 --- a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dcae-dt:1.3.3 +image: onap/dcae-dt:1.3.4 pullPolicy: IfNotPresent config: javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-dt/logback-spring.xml diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml index a70f485153..d5861fadfc 100644 --- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml @@ -59,6 +59,30 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-update-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" + env: + - name: KEYSTORE_PASS + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-sdc-cs-secrets + key: keystore_password + - name: TRUSTSTORE_PASS + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-sdc-cs-secrets + key: truststore_password + volumeMounts: + - name: {{ include "common.fullname" . }}-environments + mountPath: /config-input/ + - name: sdc-environments-output + mountPath: /config-output/ containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -89,8 +113,14 @@ spec: fieldRef: fieldPath: status.podIP volumeMounts: - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ + - name: sdc-cert + mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12 + subPath: org.onap.sdc.p12 + - name: sdc-cert + mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks + subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true @@ -130,6 +160,9 @@ spec: - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime + - name: sdc-cert + secret: + secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap @@ -142,7 +175,9 @@ spec: configMap: name: {{ include "common.release" . }}-sdc-environments-configmap defaultMode: 0755 - - name: {{ include "common.fullname" . }}-logs + - name: sdc-environments-output + emptyDir: { medium: "Memory" } + - name: {{ include "common.fullname" . }}-logs emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml index 28181d1c6a..b6572f5d3d 100644 --- a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dcae-fe:1.3.3 +image: onap/dcae-fe:1.3.4 pullPolicy: Always config: javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-fe/logback-spring.xml diff --git a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml index 8e19489f9a..7a11ef927e 100644 --- a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml @@ -46,6 +46,30 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-update-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" + env: + - name: KEYSTORE_PASS + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-sdc-cs-secrets + key: keystore_password + - name: TRUSTSTORE_PASS + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-sdc-cs-secrets + key: truststore_password + volumeMounts: + - name: {{ include "common.fullname" . }}-environments + mountPath: /config-input/ + - name: sdc-environments-output + mountPath: /config-output/ containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -79,8 +103,14 @@ spec: - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} volumeMounts: - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ + - name: sdc-cert + mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12 + subPath: org.onap.sdc.p12 + - name: sdc-cert + mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks + subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true @@ -112,6 +142,9 @@ spec: - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime + - name: sdc-cert + secret: + secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap @@ -128,7 +161,9 @@ spec: configMap: name: {{ include "common.release" . }}-sdc-environments-configmap defaultMode: 0755 - - name: {{ include "common.fullname" . }}-logs + - name: sdc-environments-output + emptyDir: { medium: "Memory" } + - name: {{ include "common.fullname" . }}-logs emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-fe/values.yaml b/kubernetes/sdc/charts/sdc-fe/values.yaml index 64ccaa81b1..f5d1956f18 100644 --- a/kubernetes/sdc/charts/sdc-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-fe/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-frontend:1.6.3 +image: onap/sdc-frontend:1.6.4 pullPolicy: Always config: diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml index 75779a319c..3db3685b86 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml @@ -46,6 +46,30 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-update-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" + env: + - name: KEYSTORE_PASS + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-sdc-cs-secrets + key: keystore_password + - name: TRUSTSTORE_PASS + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-sdc-cs-secrets + key: truststore_password + volumeMounts: + - name: {{ include "common.fullname" . }}-environments + mountPath: /config-input/ + - name: sdc-environments-output + mountPath: /config-output/ containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -93,8 +117,14 @@ spec: - name: SDC_CERT_DIR value: {{ .Values.cert.certDir }} volumeMounts: - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ + - name: sdc-cert + mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12 + subPath: org.onap.sdc.p12 + - name: sdc-cert + mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks + subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true @@ -125,6 +155,9 @@ spec: - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime + - name: sdc-cert + secret: + secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap @@ -137,6 +170,8 @@ spec: configMap: name: {{ include "common.release" . }}-sdc-environments-configmap defaultMode: 0755 + - name: sdc-environments-output + emptyDir: { medium: "Memory" } - name: {{ include "common.fullname" . }}-logs emptyDir: {} - name: {{ include "common.fullname" . }}-cert-storage diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml index b15f784dee..946cb3491f 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-onboard-backend:1.6.3 -onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.3 +image: onap/sdc-onboard-backend:1.6.4 +onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml index 7490b47cef..be2eeb6e96 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml @@ -115,5 +115,16 @@ spec: - name: SERVER_SSL_TRUST_PASSWORD valueFrom: secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: truststore_password} + volumeMounts: + - name: sdc-cert + mountPath: /keystore + subPath: org.onap.sdc.p12 + - name: sdc-cert + mountPath: /truststore + subPath: org.onap.sdc.trust.jks + volumes: + - name: sdc-cert + secret: + secretName: sdc-cert imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml index 78fdb32dcc..8bab2c84ea 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/workflow-backend:1.6.2 -configInitImage: onap/workflow-init:1.6.2 +image: onap/workflow-backend:1.6.4 +configInitImage: onap/workflow-init:1.6.4 pullPolicy: Always initJob: diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml index f419d61291..180c427f1e 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml @@ -90,6 +90,12 @@ spec: - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true + - name: sdc-cert + mountPath: /var/lib/jetty/etc/org.onap.sdc.p12 + subPath: org.onap.sdc.p12 + - name: sdc-cert + mountPath: /var/lib/jetty/etc/org.onap.sdc.trust.jks + subPath: org.onap.sdc.trust.jks resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -116,6 +122,9 @@ spec: - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime + - name: sdc-cert + secret: + secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml index 6b0669b5b6..359c33ab61 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/workflow-frontend:1.6.2 +image: onap/workflow-frontend:1.6.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdc/resources/cert/org.onap.sdc.p12 b/kubernetes/sdc/resources/cert/org.onap.sdc.p12 Binary files differnew file mode 100644 index 0000000000..446856071b --- /dev/null +++ b/kubernetes/sdc/resources/cert/org.onap.sdc.p12 diff --git a/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks b/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks Binary files differnew file mode 100644 index 0000000000..e6686cc08c --- /dev/null +++ b/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks diff --git a/kubernetes/sdc/resources/config/environments/AUTO.json b/kubernetes/sdc/resources/config/environments/AUTO.json index 57d774e59b..2bd165b723 100755 --- a/kubernetes/sdc/resources/config/environments/AUTO.json +++ b/kubernetes/sdc/resources/config/environments/AUTO.json @@ -104,6 +104,10 @@ "username": "user1@sdc.com", "password": "password==" } + }, + "jetty": { + "keystore_pwd": "${KEYSTORE_PASS}", + "truststore_pwd": "${TRUSTSTORE_PASS}" } } } diff --git a/kubernetes/sdc/templates/secrets.yaml b/kubernetes/sdc/templates/secrets.yaml index ba2ec86951..6187104ce6 100644 --- a/kubernetes/sdc/templates/secrets.yaml +++ b/kubernetes/sdc/templates/secrets.yaml @@ -35,4 +35,18 @@ data: truststore_password: "{{ .Values.global.secrets.truststore_password }}" keystore_password: "{{ .Values.global.secrets.keystore_password }}" # workflow - wf_external_user_password: "{{ .Values.global.secrets.wf_external_user_password }}"
\ No newline at end of file + wf_external_user_password: "{{ .Values.global.secrets.wf_external_user_password }}" +--- +apiVersion: v1 +kind: Secret +metadata: + name: sdc-cert + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/cert/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml index dfbd8c80df..5701a91f27 100644 --- a/kubernetes/sdc/values.yaml +++ b/kubernetes/sdc/values.yaml @@ -23,8 +23,8 @@ global: #Should be the password of shared cassandra instance/chart cs_password: Y2Fzc2FuZHJh cs_truststore_password: XS5dW3hndHplXWhCaHoqd3ldfW0jbGYq - truststore_password: XS5dW3hndHplXWhCaHoqd3ldfW0jbGYq - keystore_password: IXBwSi5KdlduMGhHaClvVkZdKFtLdile + truststore_password: eitLRWo7dCssS05eaWltU2lTODllI3Aw + keystore_password: PyhrUCFZdXIhWyohWTUhRV5mKFpLYzMx wf_external_user_password: S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ== ubuntuInitRepository: oomk8s ubuntuInitImage: ubuntu-init:1.0.0 @@ -41,6 +41,7 @@ global: dataCenter: Pod security: disableHttp: true + envsubstImage: dibi/envsubst config: logstashServiceName: log-ls logstashPort: 5044 |