diff options
Diffstat (limited to 'kubernetes/sdnc/components/network-name-gen')
6 files changed, 364 insertions, 0 deletions
diff --git a/kubernetes/sdnc/components/network-name-gen/Chart.yaml b/kubernetes/sdnc/components/network-name-gen/Chart.yaml new file mode 100644 index 0000000000..e998a64ecc --- /dev/null +++ b/kubernetes/sdnc/components/network-name-gen/Chart.yaml @@ -0,0 +1,34 @@ +# Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2021 Orange
+# Modifications Copyright © 2021 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+description: Name Generation Micro Service
+name: network-name-gen
+version: 13.0.0
+
+dependencies:
+ - name: common
+ version: ~13.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~13.x-0
+ repository: '@local'
+ - name: mariadb-init
+ version: ~13.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
\ No newline at end of file diff --git a/kubernetes/sdnc/components/network-name-gen/resources/config/aai_keystore b/kubernetes/sdnc/components/network-name-gen/resources/config/aai_keystore Binary files differnew file mode 100644 index 0000000000..83cae95273 --- /dev/null +++ b/kubernetes/sdnc/components/network-name-gen/resources/config/aai_keystore diff --git a/kubernetes/sdnc/components/network-name-gen/templates/deployment.yaml b/kubernetes/sdnc/components/network-name-gen/templates/deployment.yaml new file mode 100644 index 0000000000..fbb8044630 --- /dev/null +++ b/kubernetes/sdnc/components/network-name-gen/templates/deployment.yaml @@ -0,0 +1,120 @@ +{{/* +# Copyright (C) 2018 AT&T Intellectual Property. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - name: {{ include "common.name" . }}-readiness + command: + - /app/ready.py + args: +{{- if .Values.global.mariadbGalera.localCluster }} + - --app-name + - {{ index .Values "mariadb-galera" "nameOverride" }} +{{- else }} + - --job-name + - {{ include "common.release" . }}-{{ index .Values "mariadb-init" "nameOverride" }}-config-job +{{- end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: + limits: + cpu: "100m" + memory: "500Mi" + requests: + cpu: "3m" + memory: "20Mi" + containers: + - name: {{ include "common.name" . }} + command: + - bash + args: + - '-c' + - 'export POL_BASIC_AUTH=`echo -n $POL_BASIC_AUTH_USER:$POL_BASIC_AUTH_PASSWORD | base64`; /startService.sh' + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: SPRING_PROFILE + value: "{{ .Values.config.springProfile }}" + - name: NENG_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-db-secret" "key" "login") | indent 10}} + - name: NENG_DB_PASS + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-db-secret" "key" "password") | indent 10}} + - name: NENG_DB_URL + value: jdbc:mysql://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-init" "config" "mysqlDatabase" }} + - name: POL_CLIENT_AUTH + value: "{{ .Values.config.polClientAuth }}" + - name: POL_BASIC_AUTH_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pol-basic-auth-secret" "key" "login") | indent 10}} + - name: POL_BASIC_AUTH_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pol-basic-auth-secret" "key" "password") | indent 10}} + - name: POL_URL + {{- if (include "common.needTLS" .) }} + value: "{{ .Values.config.polUrl.https }}" + {{- else }} + value: "{{ .Values.config.polUrl.http }}" + {{- end }} + - name: POL_ENV + value: "{{ .Values.config.polEnv }}" + - name: POL_REQ_ID + value: "{{ .Values.config.polReqId }}" + - name: AAI_CERT_PASS + value: "{{ .Values.config.aaiCertPass }}" + - name: AAI_CERT_PATH + value: "{{ .Values.config.aaiCertPath }}" + - name: AAI_URI + {{- if (include "common.needTLS" .) }} + value: "{{ .Values.config.aaiUri.https }}" + {{- else }} + value: "{{ .Values.config.aaiUri.http }}" + {{- end }} + - name: AAI_AUTH + value: "{{ .Values.config.aaiAuth }}" + - name: DISABLE_HOST_VERIFICATION + value: "{{ .Values.config.disableHostVerification }}" + volumeMounts: + - name: certs + mountPath: /opt/etc/config/aai_keystore + subPath: aai_keystore + readOnly: true + resources: {{ include "common.resources" . | nindent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: + - name: certs + secret: + secretName: {{ include "common.release" . }}-aai-keystore + {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/sdnc/components/network-name-gen/templates/secrets.yaml b/kubernetes/sdnc/components/network-name-gen/templates/secrets.yaml new file mode 100644 index 0000000000..61b83d7a9b --- /dev/null +++ b/kubernetes/sdnc/components/network-name-gen/templates/secrets.yaml @@ -0,0 +1,31 @@ +{{/* +# Copyright (c) 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} +--- +apiVersion: v1 +data: +{{ tpl (.Files.Glob "resources/config/aai_keystore").AsSecrets . | indent 2 }} +metadata: + name: {{ include "common.release" . }}-aai-keystore + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +kind: Secret +type: Opaque diff --git a/kubernetes/sdnc/components/network-name-gen/templates/service.yaml b/kubernetes/sdnc/components/network-name-gen/templates/service.yaml new file mode 100644 index 0000000000..aac71f7eb3 --- /dev/null +++ b/kubernetes/sdnc/components/network-name-gen/templates/service.yaml @@ -0,0 +1,43 @@ +{{/* +# Copyright (C) 2018 AT&T Intellectual Property. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app.kubernetes.io/name: {{ include "common.name" . }} + app.kubernetes.io/instance: {{ include "common.release" . }} + diff --git a/kubernetes/sdnc/components/network-name-gen/values.yaml b/kubernetes/sdnc/components/network-name-gen/values.yaml new file mode 100644 index 0000000000..9d6a0aef5c --- /dev/null +++ b/kubernetes/sdnc/components/network-name-gen/values.yaml @@ -0,0 +1,136 @@ +# Copyright (C) 2018 AT&T Intellectual Property. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Global configuration default values that can be inherited by +# all subcharts. +################################################################# +global: + + # Change to an unused port prefix range to prevent port conflicts + # with other instances running within the same k8s cluster + nodePortPrefix: 302 + + # image pull policy + pullPolicy: IfNotPresent + + mariadbGalera: &mariadbGalera + # flag to enable the DB creation via mariadb-operator + useOperator: true + localCluster: false + service: &dbService mariadb-galera + internalPort: &dbPort 3306 + nameOverride: mariadb-galera + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: neng-db-secret + name: &dbUserSecretName '{{ include "common.release" . }}-neng-db-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.externalSecret) . }}' + login: '{{ .Values.config.db.userName }}' + password: '{{ .Values.config.db.userPassword }}' + - uid: pol-basic-auth-secret + name: '{{ include "common.release" . }}-pol-basic-auth-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.polBasicAuthSecret) . }}' + login: '{{ .Values.config.polBasicAuthUser }}' + password: '{{ .Values.config.polBasicAuthPassword }}' + +mariadb-init: + config: + userCredentialsExternalSecret: *dbUserSecretName + mysqlDatabase: nengdb + nameOverride: nengdb-init + mariadb-galera: + nameOverride: *dbService + service: + internalPort: *dbPort + serviceAccount: + nameOverride: nengdb-init + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: onap/ccsdk-apps-ms-neng:1.4.0 +pullPolicy: IfNotPresent + +# application configuration +config: + db: + userName: nenguser + # userPassword: password + # userCredentialsExternalSecret: some-secret + springProfile: live + polClientAuth: cHl0aG9uOnRlc3Q= + polBasicAuthUser: healthcheck + polBasicAuthPassword: zb!XztG34 + polUrl: + https: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision + http: http://policy-xacml-pdp:6969/policy/pdpx/v1/decision + polEnv: TEST + polReqId: xx + disableHostVerification: true + aaiCertPass: changeit + aaiCertPath: /opt/etc/config/aai_keystore + aaiAuth: QUFJOkFBSQ== + aaiUri: + https: https://aai:8443/aai/v14/ + http: http://aai:80/aai/v14/ + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: false + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: ClusterIP + name: neng-serv + portName: http + internalPort: 8080 + externalPort: 8080 + +ingress: + enabled: false + +resources: {} + +podAnnotations: + # Workarround to exclude K8S API from istio communication + # as init-container (readinessCheck) does not work with the + # Istio CNI plugin, see: + # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers) + traffic.sidecar.istio.io/excludeOutboundPorts: "443" + +#Pods Service Account +serviceAccount: + nameOverride: network-name-gen + roles: + - read |