diff options
Diffstat (limited to 'kubernetes/sdnc')
9 files changed, 220 insertions, 36 deletions
diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/resources/config/RestServer_config b/kubernetes/sdnc/charts/sdnc-ansible-server/resources/config/RestServer_config index eb88d7236b..7dc5c19e12 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/resources/config/RestServer_config +++ b/kubernetes/sdnc/charts/sdnc-ansible-server/resources/config/RestServer_config @@ -13,33 +13,33 @@ # limitations under the License. # Host definition -ip: 0.0.0.0 -port: {{.Values.service.internalPort}} +ip: 0.0.0.0 +port: {{.Values.service.internalPort}} # Security (controls use of TLS encrypton and RestServer authentication) -tls: no -auth: no +tls: no +auth: no # TLS certificates (must be built on application host) -priv: provide_privated_key.pem -pub: provide_public_key.pem +priv: provide_privated_key.pem +pub: provide_public_key.pem # RestServer authentication -id: sdnc -psswd: sdnc +id: ${REST_USER} +psswd: ${REST_PASSWORD} # Mysql -host: {{.Values.config.mariadbGalera.serviceName}} -user: sdnc -passwd: sdnc -db: ansible +host: {{ include "common.mariadbService" $ }} +user: ${DB_USER} +passwd: ${DB_PASSWORD} +db: {{ index .Values "mariadb-galera" "config" "mysqlDatabase" }} # Playbooks -from_files: yes -ansible_path: /opt/onap/sdnc/Playbooks -ansible_inv: Ansible_inventory -ansible_temp: PlaybooksTemp -timeout_seconds: 60 +from_files: yes +ansible_path: /opt/onap/sdnc/Playbooks +ansible_inv: Ansible_inventory +ansible_temp: PlaybooksTemp +timeout_seconds: 60 # Blocking on GetResults -getresults_block: yes +getresults_block: yes diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml index 2233099224..d353adaf58 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml +++ b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml @@ -32,6 +32,29 @@ spec: spec: initContainers: - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: DB_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: REST_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "rest-creds" "key" "login") | indent 10 }} + - name: REST_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "rest-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: config-input + - mountPath: /config + name: config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + + - command: - /root/ready.py args: - --container-name @@ -89,9 +112,12 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: config + - name: config-input configMap: name: {{ include "common.fullname" . }} defaultMode: 0644 + - name: config + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/secret.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/secret.yaml new file mode 100644 index 0000000000..dee311c336 --- /dev/null +++ b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml index db7c63cfa4..b0b3c81c8f 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml @@ -21,6 +21,35 @@ global: readinessImage: readiness-check:2.0.2 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + # envsusbt + envsubstImage: dibi/envsubst + mariadbGalera: + #This flag allows SO to instantiate its own mariadb-galera cluster + #If shared instance is used, this chart assumes that DB already exists + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-secret + name: &dbSecretName '{{ include "common.release" . }}-sdnc-ansible-server-db-secret' + type: basicAuth + # This is a nasty trick that allows you override this secret using external one + # with the same field that is used to pass this to subchart + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-ansible-server-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}' + login: '{{ index .Values "mariadb-galera" "config" "userName" }}' + password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}' + passwordPolicy: required + - uid: rest-creds + type: basicAuth + externalSecret: '{{ .Values.config.restCredsExternalSecret }}' + login: '{{ .Values.config.restUser }}' + password: '{{ .Values.config.restPassword }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -37,9 +66,25 @@ debugEnabled: false config: sdncChartName: sdnc configDir: /opt/onap/sdnc - mariadbGalera: - serviceName: mariadb-galera + restUser: sdnc + restPassword: sdnc + # restCredsExternalSecret: some secret +mariadb-galera: + config: + userCredentialsExternalSecret: *dbSecretName + userName: sdnc + userPassword: sdnc + mysqlDatabase: ansible + nameOverride: ansible-server-galera + service: + name: ansible-server-galera + portName: ansible-server-galera + internalPort: 3306 + replicaCount: 1 + persistence: + enabled: true + mountSubPath: ansible-server/maria/data # default number of instances replicaCount: 1 diff --git a/kubernetes/sdnc/charts/ueb-listener/resources/config/dblib.properties b/kubernetes/sdnc/charts/ueb-listener/resources/config/dblib.properties index fdc2218532..b4e69d36f5 100644 --- a/kubernetes/sdnc/charts/ueb-listener/resources/config/dblib.properties +++ b/kubernetes/sdnc/charts/ueb-listener/resources/config/dblib.properties @@ -2,8 +2,8 @@ # ============LICENSE_START======================================================= # openECOMP : SDN-C # ================================================================================ -# Copyright (C) 2017 AT&T Intellectual Property. All rights -# reserved. +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2020 Samsung Electrinics # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,11 +23,11 @@ org.onap.ccsdk.sli.dbtype=jdbc org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01 -org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}:{{.Values.config.mariadbGalera.internalPort}}/sdnctl +org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}} org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver -org.onap.ccsdk.sli.jdbc.database=sdnctl -org.onap.ccsdk.sli.jdbc.user=sdnctl -org.onap.ccsdk.sli.jdbc.password=gamma +org.onap.ccsdk.sli.jdbc.database={{index $.Values "mariadb-galera" "config" "mysqlDatabase"}} +org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER} +org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD} org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01 org.onap.ccsdk.sli.jdbc.connection.timeout=50 org.onap.ccsdk.sli.jdbc.request.timeout=100 diff --git a/kubernetes/sdnc/charts/ueb-listener/resources/config/ueb-listener.properties b/kubernetes/sdnc/charts/ueb-listener/resources/config/ueb-listener.properties index 86e51317f2..946773b18b 100644 --- a/kubernetes/sdnc/charts/ueb-listener/resources/config/ueb-listener.properties +++ b/kubernetes/sdnc/charts/ueb-listener/resources/config/ueb-listener.properties @@ -2,10 +2,10 @@ org.onap.ccsdk.sli.northbound.uebclient.asdc-address=sdc-be.{{.Release.Namespace org.onap.ccsdk.sli.northbound.uebclient.consumer-group=sdc-OpenSource-Env1-sdnc-dockero org.onap.ccsdk.sli.northbound.uebclient.consumer-id=sdc-COpenSource-Env11-sdnc-dockero org.onap.ccsdk.sli.northbound.uebclient.environment-name=AUTO -org.onap.ccsdk.sli.northbound.uebclient.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U -org.onap.ccsdk.sli.northbound.uebclient.user=sdnc -org.onap.ccsdk.sli.northbound.uebclient.sdnc-user=admin -org.onap.ccsdk.sli.northbound.uebclient.sdnc-passwd={{.Values.config.odlPassword}} +org.onap.ccsdk.sli.northbound.uebclient.password=${UEB_PASSWORD} +org.onap.ccsdk.sli.northbound.uebclient.user=${UEB_USER} +org.onap.ccsdk.sli.northbound.uebclient.sdnc-user=${ODL_USER} +org.onap.ccsdk.sli.northbound.uebclient.sdnc-passwd=${ODL_PASSWORD} org.onap.ccsdk.sli.northbound.uebclient.asdc-api-base-url=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations/ org.onap.ccsdk.sli.northbound.uebclient.asdc-api-namespace=org:onap:ccsdk org.onap.ccsdk.sli.northbound.uebclient.spool.incoming=/opt/onap/sdnc/ueb-listener/spool/incoming diff --git a/kubernetes/sdnc/charts/ueb-listener/templates/deployment.yaml b/kubernetes/sdnc/charts/ueb-listener/templates/deployment.yaml index 154d36c411..da72e1e558 100644 --- a/kubernetes/sdnc/charts/ueb-listener/templates/deployment.yaml +++ b/kubernetes/sdnc/charts/ueb-listener/templates/deployment.yaml @@ -32,10 +32,36 @@ spec: spec: initContainers: - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: SDNC_DB_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: SDNC_DB_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: UEB_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ueb-creds" "key" "login") | indent 10 }} + - name: UEB_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ueb-creds" "key" "password") | indent 10 }} + - name: ODL_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }} + - name: ODL_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: config-input + - mountPath: /config + name: properties + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + - command: - /root/ready.py args: - --container-name - - {{ .Values.config.mariadbGalera.chartName }} + - {{ include "common.mariadbService" . }} - --container-name - {{ .Values.config.sdncChartName }} - --container-name @@ -87,9 +113,12 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: properties + - name: config-input configMap: name: {{ include "common.fullname" . }} defaultMode: 0644 + - name: properties + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdnc/charts/ueb-listener/templates/secret.yaml b/kubernetes/sdnc/charts/ueb-listener/templates/secret.yaml new file mode 100644 index 0000000000..dee311c336 --- /dev/null +++ b/kubernetes/sdnc/charts/ueb-listener/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/sdnc/charts/ueb-listener/values.yaml b/kubernetes/sdnc/charts/ueb-listener/values.yaml index b4b42fdbc5..03fbf52f9b 100644 --- a/kubernetes/sdnc/charts/ueb-listener/values.yaml +++ b/kubernetes/sdnc/charts/ueb-listener/values.yaml @@ -21,6 +21,41 @@ global: readinessImage: readiness-check:2.0.2 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + # envsusbt + envsubstImage: dibi/envsubst + mariadbGalera: + #This flag allows SO to instantiate its own mariadb-galera cluster + #If shared instance is used, this chart assumes that DB already exists + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-secret + name: '{{ include "common.release" . }}-sdnc-ueb-listener-db-secret' + type: basicAuth + # This is a nasty trick that allows you override this secret using external one + # with the same field that is used to pass this to subchart + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-ueb-listener-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}' + login: '{{ index .Values "mariadb-galera" "config" "userName" }}' + password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}' + passwordPolicy: required + - uid: odl-creds + type: basicAuth + externalSecret: '{{ .Values.config.odlCredsExternalSecret }}' + login: '{{ .Values.config.odlUser }}' + password: '{{ .Values.config.odlPassword }}' + passwordPolicy: required + - uid: ueb-creds + type: basicAuth + externalSecret: '{{ .Values.config.odlCredsExternalSecret }}' + login: '{{ .Values.config.uebUser }}' + password: '{{ .Values.config.uebPassword }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -40,11 +75,30 @@ config: sdcbeChartName: sdc-be msgRouterContainerName: message-router configDir: /opt/onap/sdnc/data/properties + uebUser: sdnc + uebPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + # uebCredsExternalSecret: some secret + odlUser: admin odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U - mariadbGalera: - chartName: mariadb-galera - serviceName: mariadb-galera + # odlCredsExternalSecret: some secret + +mariadb-galera: + # '&mariadbConfig' means we "store" the values for later use in the file + # with '*mariadbConfig' pointer. + config: + userCredentialsExternalSecret: '{{ include "common.release" . }}-sdnc-ueb-listener-db-secret' + userName: sdnctl + userPassword: gamma + mysqlDatabase: sdnctl + nameOverride: ueb-listener-galera + service: + name: ueb-listener-galera + portName: ueb-listener-galera internalPort: 3306 + replicaCount: 1 + persistence: + enabled: true + mountSubPath: ueb-listener/maria/data # default number of instances replicaCount: 1 |