aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/sdc
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/sdc')
-rw-r--r--kubernetes/sdc/charts/sdc-be/templates/deployment.yaml67
-rw-r--r--kubernetes/sdc/charts/sdc-be/templates/job.yaml12
-rw-r--r--kubernetes/sdc/charts/sdc-be/templates/service.yaml52
-rw-r--r--kubernetes/sdc/charts/sdc-be/values.yaml36
-rw-r--r--kubernetes/sdc/charts/sdc-cs/values.yaml4
-rw-r--r--kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml40
-rw-r--r--kubernetes/sdc/charts/sdc-dcae-be/values.yaml4
-rw-r--r--kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml39
-rw-r--r--kubernetes/sdc/charts/sdc-dcae-dt/values.yaml2
-rw-r--r--kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml39
-rw-r--r--kubernetes/sdc/charts/sdc-dcae-fe/values.yaml2
-rw-r--r--kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml39
-rw-r--r--kubernetes/sdc/charts/sdc-fe/values.yaml2
-rw-r--r--kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml37
-rw-r--r--kubernetes/sdc/charts/sdc-onboarding-be/values.yaml4
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml11
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-be/values.yaml4
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml9
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-fe/values.yaml2
-rw-r--r--kubernetes/sdc/resources/cert/org.onap.sdc.p12bin0 -> 4443 bytes
-rw-r--r--kubernetes/sdc/resources/cert/org.onap.sdc.trust.jksbin0 -> 1413 bytes
-rwxr-xr-xkubernetes/sdc/resources/config/environments/AUTO.json4
-rw-r--r--kubernetes/sdc/templates/secrets.yaml16
-rw-r--r--kubernetes/sdc/values.yaml5
24 files changed, 314 insertions, 116 deletions
diff --git a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
index 87fed417e6..84f6d0b51d 100644
--- a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
@@ -13,23 +13,14 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
@@ -60,19 +51,41 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-update-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
+ env:
+ - name: KEYSTORE_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-sdc-cs-secrets
+ key: keystore_password
+ - name: TRUSTSTORE_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-sdc-cs-secrets
+ key: truststore_password
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-environments
+ mountPath: /config-input/
+ - name: sdc-environments-output
+ mountPath: /config-output/
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
httpGet:
path: /sdc2/rest/healthCheck
- port: {{ .Values.service.internalPort }}
- scheme: HTTPS
+ port: {{ .Values.liveness.port }}
+ scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
@@ -84,8 +97,7 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
env:
- name: ENVNAME
value: {{ .Values.global.env.name }}
@@ -98,8 +110,14 @@ spec:
fieldRef:
fieldPath: status.podIP
volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/environments/
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12
+ subPath: org.onap.sdc.p12
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks
+ subPath: org.onap.sdc.trust.jks
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
@@ -128,6 +146,9 @@ spec:
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
+ - name: sdc-cert
+ secret:
+ secretName: sdc-cert
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-sdc-filebeat-configmap
@@ -140,7 +161,9 @@ spec:
configMap:
name: {{ include "common.release" . }}-sdc-environments-configmap
defaultMode: 0755
- - name: {{ include "common.fullname" . }}-logs
+ - name: sdc-environments-output
+ emptyDir: { medium: "Memory" }
+ - name: {{ include "common.fullname" . }}-logs
emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-be/templates/job.yaml b/kubernetes/sdc/charts/sdc-be/templates/job.yaml
index 4b5ec51976..a4b44a1a54 100644
--- a/kubernetes/sdc/charts/sdc-be/templates/job.yaml
+++ b/kubernetes/sdc/charts/sdc-be/templates/job.yaml
@@ -18,18 +18,16 @@ kind: Job
metadata:
name: {{ include "common.fullname" . }}-config-backend
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-job
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
spec:
backoffLimit: 20
template:
metadata:
labels:
- app: {{ include "common.name" . }}-job
- release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}-job
+ helm.sh/chart: {{ include "common.chart" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
restartPolicy: Never
initContainers:
diff --git a/kubernetes/sdc/charts/sdc-be/templates/service.yaml b/kubernetes/sdc/charts/sdc-be/templates/service.yaml
index 39e1d77642..a0d0f5b438 100644
--- a/kubernetes/sdc/charts/sdc-be/templates/service.yaml
+++ b/kubernetes/sdc/charts/sdc-be/templates/service.yaml
@@ -13,54 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "sdc",
- "version": "v1",
- "url": "/sdc/v1",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort2 }}",
- "visualRange":"1"
- },
- {
- "serviceName": "sdc-deprecated",
- "version": "v1",
- "url": "/sdc/v1",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort2 }}",
- "visualRange":"1",
- "path":"/sdc/v1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}2
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}2
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
diff --git a/kubernetes/sdc/charts/sdc-be/values.yaml b/kubernetes/sdc/charts/sdc-be/values.yaml
index b6bc635071..a40b27d2aa 100644
--- a/kubernetes/sdc/charts/sdc-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-be/values.yaml
@@ -28,8 +28,8 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-backend:1.6.3
-backendInitImage: onap/sdc-backend-init:1.6.3
+image: onap/sdc-backend:1.6.4
+backendInitImage: onap/sdc-backend-init:1.6.4
pullPolicy: Always
# flag to enable debugging - application support required
@@ -53,6 +53,7 @@ liveness:
timeoutSeconds: 5
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
+ port: api
enabled: true
readiness:
@@ -63,22 +64,35 @@ readiness:
service:
type: NodePort
name: sdc-be
- portName: sdc-be
- nodePort: "04"
- internalPort: 8443
- externalPort: 8443
- nodePort2: "05"
- internalPort2: 8080
- externalPort2: 8080
+ both_tls_and_plain: true
+ msb:
+ - port: 8080
+ url: "/sdc/v1"
+ version: "v1"
+ protocol: "REST"
+ visualRange: "1"
+ serviceName: sdc
+ - port: 8080
+ url: "/sdc/v1"
+ version: "v1"
+ protocol: "REST"
+ visualRange: "1"
+ serviceName: sdc-deprecated
+ ports:
+ - name: api
+ port: 8443
+ plain_port: 8080
+ port_protocol: http
+ nodePort: '04'
ingress:
enabled: false
service:
- baseaddr: "sdcbe"
name: "sdc-be"
- port: 8080
+ port: 8443
config:
- ssl: "none"
+ ssl: "redirect"
# Resource Limit flavor -By Default using small
diff --git a/kubernetes/sdc/charts/sdc-cs/values.yaml b/kubernetes/sdc/charts/sdc-cs/values.yaml
index ddc194654d..6c63927cf5 100644
--- a/kubernetes/sdc/charts/sdc-cs/values.yaml
+++ b/kubernetes/sdc/charts/sdc-cs/values.yaml
@@ -28,8 +28,8 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.6.3
-cassandraInitImage: onap/sdc-cassandra-init:1.6.3
+image: onap/sdc-cassandra:1.6.4
+cassandraInitImage: onap/sdc-cassandra-init:1.6.4
pullPolicy: Always
diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml
index 6072148d07..de80c7a0de 100644
--- a/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml
@@ -59,7 +59,30 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
-
+ - name: {{ include "common.name" . }}-update-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
+ env:
+ - name: KEYSTORE_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-sdc-cs-secrets
+ key: keystore_password
+ - name: TRUSTSTORE_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-sdc-cs-secrets
+ key: truststore_password
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-environments
+ mountPath: /config-input/
+ - name: sdc-environments-output
+ mountPath: /config-output/
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -91,8 +114,14 @@ spec:
fieldRef:
fieldPath: status.podIP
volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/environments/
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12
+ subPath: org.onap.sdc.p12
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks
+ subPath: org.onap.sdc.trust.jks
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
@@ -132,6 +161,9 @@ spec:
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
+ - name: sdc-cert
+ secret:
+ secretName: sdc-cert
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-sdc-filebeat-configmap
@@ -144,7 +176,9 @@ spec:
configMap:
name: {{ include "common.release" . }}-sdc-environments-configmap
defaultMode: 0755
- - name: {{ include "common.fullname" . }}-logs
+ - name: sdc-environments-output
+ emptyDir: { medium: "Memory" }
+ - name: {{ include "common.fullname" . }}-logs
emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml b/kubernetes/sdc/charts/sdc-dcae-be/values.yaml
index 051c076ea1..d1fe131f82 100644
--- a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-be/values.yaml
@@ -27,9 +27,9 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-be:1.3.3
+image: onap/dcae-be:1.3.4
pullPolicy: Always
-backendInitImage: onap/dcae-tools:v1.3.3
+backendInitImage: onap/dcae-tools:1.3.4
# flag to enable debugging - application support required
debugEnabled: false
diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml
index f3c44f0e54..77a835ccb7 100644
--- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml
@@ -59,6 +59,30 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-update-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
+ env:
+ - name: KEYSTORE_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-sdc-cs-secrets
+ key: keystore_password
+ - name: TRUSTSTORE_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-sdc-cs-secrets
+ key: truststore_password
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-environments
+ mountPath: /config-input/
+ - name: sdc-environments-output
+ mountPath: /config-output/
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -89,8 +113,14 @@ spec:
fieldRef:
fieldPath: status.podIP
volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/environments/
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.p12
+ subPath: org.onap.sdc.p12
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.trust.jks
+ subPath: org.onap.sdc.trust.jks
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
@@ -126,6 +156,9 @@ spec:
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
+ - name: sdc-cert
+ secret:
+ secretName: sdc-cert
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-sdc-filebeat-configmap
@@ -138,7 +171,9 @@ spec:
configMap:
name: {{ include "common.release" . }}-sdc-environments-configmap
defaultMode: 0755
- - name: {{ include "common.fullname" . }}-logs
+ - name: sdc-environments-output
+ emptyDir: { medium: "Memory" }
+ - name: {{ include "common.fullname" . }}-logs
emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml
index c3a2159d2e..ad46842393 100644
--- a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml
@@ -27,7 +27,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-dt:1.3.3
+image: onap/dcae-dt:1.3.4
pullPolicy: IfNotPresent
config:
javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-dt/logback-spring.xml
diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml
index a70f485153..d5861fadfc 100644
--- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml
@@ -59,6 +59,30 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-update-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
+ env:
+ - name: KEYSTORE_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-sdc-cs-secrets
+ key: keystore_password
+ - name: TRUSTSTORE_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-sdc-cs-secrets
+ key: truststore_password
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-environments
+ mountPath: /config-input/
+ - name: sdc-environments-output
+ mountPath: /config-output/
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -89,8 +113,14 @@ spec:
fieldRef:
fieldPath: status.podIP
volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/environments/
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12
+ subPath: org.onap.sdc.p12
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks
+ subPath: org.onap.sdc.trust.jks
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
@@ -130,6 +160,9 @@ spec:
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
+ - name: sdc-cert
+ secret:
+ secretName: sdc-cert
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-sdc-filebeat-configmap
@@ -142,7 +175,9 @@ spec:
configMap:
name: {{ include "common.release" . }}-sdc-environments-configmap
defaultMode: 0755
- - name: {{ include "common.fullname" . }}-logs
+ - name: sdc-environments-output
+ emptyDir: { medium: "Memory" }
+ - name: {{ include "common.fullname" . }}-logs
emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml
index 28181d1c6a..b6572f5d3d 100644
--- a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml
@@ -27,7 +27,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-fe:1.3.3
+image: onap/dcae-fe:1.3.4
pullPolicy: Always
config:
javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-fe/logback-spring.xml
diff --git a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml
index 8e19489f9a..7a11ef927e 100644
--- a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml
@@ -46,6 +46,30 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-update-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
+ env:
+ - name: KEYSTORE_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-sdc-cs-secrets
+ key: keystore_password
+ - name: TRUSTSTORE_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-sdc-cs-secrets
+ key: truststore_password
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-environments
+ mountPath: /config-input/
+ - name: sdc-environments-output
+ mountPath: /config-output/
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -79,8 +103,14 @@ spec:
- name: JAVA_OPTIONS
value: {{ .Values.config.javaOptions }}
volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/environments/
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12
+ subPath: org.onap.sdc.p12
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks
+ subPath: org.onap.sdc.trust.jks
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
@@ -112,6 +142,9 @@ spec:
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
+ - name: sdc-cert
+ secret:
+ secretName: sdc-cert
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-sdc-filebeat-configmap
@@ -128,7 +161,9 @@ spec:
configMap:
name: {{ include "common.release" . }}-sdc-environments-configmap
defaultMode: 0755
- - name: {{ include "common.fullname" . }}-logs
+ - name: sdc-environments-output
+ emptyDir: { medium: "Memory" }
+ - name: {{ include "common.fullname" . }}-logs
emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-fe/values.yaml b/kubernetes/sdc/charts/sdc-fe/values.yaml
index 64ccaa81b1..f5d1956f18 100644
--- a/kubernetes/sdc/charts/sdc-fe/values.yaml
+++ b/kubernetes/sdc/charts/sdc-fe/values.yaml
@@ -28,7 +28,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-frontend:1.6.3
+image: onap/sdc-frontend:1.6.4
pullPolicy: Always
config:
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
index 75779a319c..3db3685b86 100644
--- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
@@ -46,6 +46,30 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-update-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
+ env:
+ - name: KEYSTORE_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-sdc-cs-secrets
+ key: keystore_password
+ - name: TRUSTSTORE_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-sdc-cs-secrets
+ key: truststore_password
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-environments
+ mountPath: /config-input/
+ - name: sdc-environments-output
+ mountPath: /config-output/
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -93,8 +117,14 @@ spec:
- name: SDC_CERT_DIR
value: {{ .Values.cert.certDir }}
volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/environments/
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12
+ subPath: org.onap.sdc.p12
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks
+ subPath: org.onap.sdc.trust.jks
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
@@ -125,6 +155,9 @@ spec:
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
+ - name: sdc-cert
+ secret:
+ secretName: sdc-cert
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-sdc-filebeat-configmap
@@ -137,6 +170,8 @@ spec:
configMap:
name: {{ include "common.release" . }}-sdc-environments-configmap
defaultMode: 0755
+ - name: sdc-environments-output
+ emptyDir: { medium: "Memory" }
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-cert-storage
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
index b15f784dee..946cb3491f 100644
--- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
@@ -28,8 +28,8 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-onboard-backend:1.6.3
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.3
+image: onap/sdc-onboard-backend:1.6.4
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.4
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
index 7490b47cef..be2eeb6e96 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
@@ -115,5 +115,16 @@ spec:
- name: SERVER_SSL_TRUST_PASSWORD
valueFrom:
secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: truststore_password}
+ volumeMounts:
+ - name: sdc-cert
+ mountPath: /keystore
+ subPath: org.onap.sdc.p12
+ - name: sdc-cert
+ mountPath: /truststore
+ subPath: org.onap.sdc.trust.jks
+ volumes:
+ - name: sdc-cert
+ secret:
+ secretName: sdc-cert
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
index 78fdb32dcc..8bab2c84ea 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
@@ -28,8 +28,8 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-backend:1.6.2
-configInitImage: onap/workflow-init:1.6.2
+image: onap/workflow-backend:1.6.4
+configInitImage: onap/workflow-init:1.6.4
pullPolicy: Always
initJob:
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
index f419d61291..180c427f1e 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
@@ -90,6 +90,12 @@ spec:
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/etc/org.onap.sdc.p12
+ subPath: org.onap.sdc.p12
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/etc/org.onap.sdc.trust.jks
+ subPath: org.onap.sdc.trust.jks
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -116,6 +122,9 @@ spec:
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
+ - name: sdc-cert
+ secret:
+ secretName: sdc-cert
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-sdc-filebeat-configmap
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
index 6b0669b5b6..359c33ab61 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
@@ -28,7 +28,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-frontend:1.6.2
+image: onap/workflow-frontend:1.6.4
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdc/resources/cert/org.onap.sdc.p12 b/kubernetes/sdc/resources/cert/org.onap.sdc.p12
new file mode 100644
index 0000000000..446856071b
--- /dev/null
+++ b/kubernetes/sdc/resources/cert/org.onap.sdc.p12
Binary files differ
diff --git a/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks b/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks
new file mode 100644
index 0000000000..e6686cc08c
--- /dev/null
+++ b/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks
Binary files differ
diff --git a/kubernetes/sdc/resources/config/environments/AUTO.json b/kubernetes/sdc/resources/config/environments/AUTO.json
index 57d774e59b..2bd165b723 100755
--- a/kubernetes/sdc/resources/config/environments/AUTO.json
+++ b/kubernetes/sdc/resources/config/environments/AUTO.json
@@ -104,6 +104,10 @@
"username": "user1@sdc.com",
"password": "password=="
}
+ },
+ "jetty": {
+ "keystore_pwd": "${KEYSTORE_PASS}",
+ "truststore_pwd": "${TRUSTSTORE_PASS}"
}
}
}
diff --git a/kubernetes/sdc/templates/secrets.yaml b/kubernetes/sdc/templates/secrets.yaml
index ba2ec86951..6187104ce6 100644
--- a/kubernetes/sdc/templates/secrets.yaml
+++ b/kubernetes/sdc/templates/secrets.yaml
@@ -35,4 +35,18 @@ data:
truststore_password: "{{ .Values.global.secrets.truststore_password }}"
keystore_password: "{{ .Values.global.secrets.keystore_password }}"
# workflow
- wf_external_user_password: "{{ .Values.global.secrets.wf_external_user_password }}" \ No newline at end of file
+ wf_external_user_password: "{{ .Values.global.secrets.wf_external_user_password }}"
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: sdc-cert
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/cert/*").AsSecrets . | indent 2 }}
diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml
index dfbd8c80df..5701a91f27 100644
--- a/kubernetes/sdc/values.yaml
+++ b/kubernetes/sdc/values.yaml
@@ -23,8 +23,8 @@ global:
#Should be the password of shared cassandra instance/chart
cs_password: Y2Fzc2FuZHJh
cs_truststore_password: XS5dW3hndHplXWhCaHoqd3ldfW0jbGYq
- truststore_password: XS5dW3hndHplXWhCaHoqd3ldfW0jbGYq
- keystore_password: IXBwSi5KdlduMGhHaClvVkZdKFtLdile
+ truststore_password: eitLRWo7dCssS05eaWltU2lTODllI3Aw
+ keystore_password: PyhrUCFZdXIhWyohWTUhRV5mKFpLYzMx
wf_external_user_password: S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==
ubuntuInitRepository: oomk8s
ubuntuInitImage: ubuntu-init:1.0.0
@@ -41,6 +41,7 @@ global:
dataCenter: Pod
security:
disableHttp: true
+ envsubstImage: dibi/envsubst
config:
logstashServiceName: log-ls
logstashPort: 5044