diff options
Diffstat (limited to 'kubernetes/so/charts')
13 files changed, 400 insertions, 3 deletions
diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/Chart.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/Chart.yaml new file mode 100644 index 0000000000..c4fb9a49d5 --- /dev/null +++ b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP SO ETSI NFVO NS LCM +name: so-etsi-nfvo-ns-lcm +version: 6.0.0 diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml new file mode 100644 index 0000000000..13d72d891b --- /dev/null +++ b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml @@ -0,0 +1,47 @@ +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +aai: + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}} + version: v19 + endpoint: https://aai.{{ include "common.namespace" . }}:8443 +spring: + security: + usercredentials: + - username: ${ETSI_NFVO_USERNAME} + password: ${ETSI_NFVO_PASSWORD} + role: ETSI-NFVO-Client +server: + port: {{ .Values.containerPort }} + tomcat: + max-threads: 50 +mso: + key: {{ .Values.mso.key }} +so: + adapters: + sol003-adapter: + url: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1 + auth: {{ .Values.so.sol003.adapter.auth }} +etsi-catalog-manager: + base: + {{- if .Values.global.msbEnabled }} + endpoint: https://msb-iag:443/api + http: + client: + ssl: + trust-store: ${TRUSTSTORE} + trust-store-password: ${TRUSTSTORE_PASSWORD} + {{- else }} + endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api + {{- end }} diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/configmap.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/configmap.yaml new file mode 100644 index 0000000000..3b2e50cd0c --- /dev/null +++ b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/configmap.yaml @@ -0,0 +1,41 @@ +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: + LOG_PATH: {{ index .Values.logPath }} + APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-app-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/deployment.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/deployment.yaml new file mode 100644 index 0000000000..0d16ded26d --- /dev/null +++ b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/deployment.yaml @@ -0,0 +1,92 @@ +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ index .Values.replicaCount }} + minReadySeconds: {{ index .Values.minReadySeconds }} + strategy: + type: {{ index .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ index .Values.updateStrategy.maxSurge }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }} + containers: + - name: {{ include "common.name" . }} + command: + - sh + args: + - -c + - export ETSI_NFVO_PASSWORD=`htpasswd -bnBC 10 "" $ETSI_NFVO_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`; ./start-app.sh + image: {{ include "common.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + env: + - name: TRUSTSTORE + value: {{ .Values.global.client.certs.truststore }} + - name: TRUSTSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-client-certs-secret + key: trustStorePassword + {{- if eq .Values.global.security.aaf.enabled true }} + - name: KEYSTORE + value: {{ .Values.global.client.certs.keystore }} + - name: KEYSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-client-certs-secret + key: keyStorePassword + {{- end }} + - name: ETSI_NFVO_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "login") | indent 14 }} + - name: ETSI_NFVO_PASSWORD_INPUT + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "password") | indent 14 }} + envFrom: + - configMapRef: + name: {{ include "common.fullname" . }}-configmap + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 12 }} + - name: logs + mountPath: /app/logs + - name: config + mountPath: /app/config + readOnly: true + - name: {{ include "common.fullname" . }}-truststore + mountPath: /app/client + readonly: true + livenessProbe: + tcpSocket: + port: {{ index .Values.livenessProbe.port }} + initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} + periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} + successThreshold: {{ index .Values.livenessProbe.successThreshold}} + failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} + ports: {{ include "common.containerPorts" . | nindent 12 }} + volumes: {{ include "so.certificate.volumes" . | nindent 8 }} + - name: logs + emptyDir: {} + - name: config + configMap: + name: {{ include "common.fullname" . }}-app-configmap + - name: {{ include "common.fullname" . }}-truststore + secret: + secretName: {{ include "common.release" . }}-so-truststore-secret + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/ingress.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/ingress.yaml new file mode 100644 index 0000000000..443e76b76e --- /dev/null +++ b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/ingress.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.ingress" . }} diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/secret.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/secret.yaml new file mode 100644 index 0000000000..493cfe5f88 --- /dev/null +++ b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/service.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/service.yaml new file mode 100644 index 0000000000..a1290de24b --- /dev/null +++ b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/service.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/values.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/values.yaml new file mode 100644 index 0000000000..20f5de8a60 --- /dev/null +++ b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/values.yaml @@ -0,0 +1,105 @@ +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefixExt: 304 + repository: nexus3.onap.org:10001 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + persistence: + mountPath: /dockerdata-nfs + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: "so-onap-certs" + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + - uid: etsi-nfvo-nslcm-creds + name: '{{ include "common.release" . }}-so-etsi-nfvo-nslcm-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.etsi.nfvo.nslcm.credsExternalSecret) . }}' + login: '{{ .Values.etsi.nfvo.nslcm.username }}' + password: '{{ .Values.etsi.nfvo.nslcm.password }}' + +################################################################# +# Application configuration defaults. +################################################################# +repository: nexus3.onap.org:10001 +image: onap/so/so-etsi-nfvo-ns-lcm:1.7.1 +pullPolicy: Always + +etsi: + nfvo: + nslcm: + username: so-etsi-nfvo-ns-lcm +replicaCount: 1 +minReadySeconds: 10 +containerPort: 9095 +logPath: ./logs/so-etsi-nfvo-ns-lcm/ +app: so-etsi-nfvo-ns-lcm +service: + type: ClusterIP + name: so-etsi-nfvo-ns-lcm + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + ports: + - name: nfvo-nslcm-port + port: 9095 +updateStrategy: + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + memory: 4Gi + cpu: 2000m + requests: + memory: 1Gi + cpu: 500m + large: + limits: + memory: 8Gi + cpu: 4000m + requests: + memory: 2Gi + cpu: 1000m + unlimited: {} +livenessProbe: + port: 9095 + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +ingress: + enabled: false + service: + - baseaddr: "soetsinfvonslcm" + name: "so-etsi-nfvo-ns-lcm" + port: 9095 + config: + ssl: "redirect" +nodeSelector: {} +tolerations: [] +affinity: {} diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/04-create-nfvo-db.sh b/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/04-create-nfvo-db.sh new file mode 100755 index 0000000000..3ed03aa0b9 --- /dev/null +++ b/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/04-create-nfvo-db.sh @@ -0,0 +1,37 @@ +#!/bin/sh +# ============LICENSE_START======================================================= +# Copyright (C) 2020 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +echo "Creating nfvo database . . ." 1>/tmp/mariadb-nfvodb.log 2>&1 + +prepare_password() +{ + echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g" +} + +NFVO_DB_PASSWORD=`prepare_password $NFVO_DB_PASSWORD` + +mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1 +CREATE DATABASE /*!32312 IF NOT EXISTS*/ nfvo /*!40100 DEFAULT CHARACTER SET latin1 */; +DROP USER IF EXISTS '${NFVO_DB_USER}'; +CREATE USER '${NFVO_DB_USER}'; +GRANT ALL on nfvo.* to '${NFVO_DB_USER}' identified by '${NFVO_DB_PASSWORD}' with GRANT OPTION; +FLUSH PRIVILEGES; +EOF + +echo "Created nfvo database . . ." 1>>/tmp/mariadb-nfvodb.log 2>&1 diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/04-create-so-user.sh b/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh index c4048002cf..a8f772b947 100755 --- a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/04-create-so-user.sh +++ b/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh @@ -30,6 +30,7 @@ GRANT USAGE ON *.* TO '${DB_USER}'@'%' IDENTIFIED BY '${DB_PASSWORD}'; GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON requestdb.* TO '${DB_USER}'@'%'; GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON catalogdb.* TO '${DB_USER}'@'%'; GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON camundabpmn.* TO '${DB_USER}'@'%'; +GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON nfvo.* TO '${DB_USER}'@'%'; FLUSH PRIVILEGES; EOF diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/05-create-so-admin.sh b/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh index e9d7c6fefa..adb28fe8e6 100755 --- a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/05-create-so-admin.sh +++ b/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh @@ -30,6 +30,7 @@ GRANT USAGE ON *.* TO '${DB_ADMIN}'@'%' IDENTIFIED BY '${DB_ADMIN_PASSWORD}'; GRANT ALL PRIVILEGES ON camundabpmn.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION; GRANT ALL PRIVILEGES ON requestdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION; GRANT ALL PRIVILEGES ON catalogdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION; +GRANT ALL PRIVILEGES ON nfvo.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION; FLUSH PRIVILEGES; EOF diff --git a/kubernetes/so/charts/so-mariadb/templates/job.yaml b/kubernetes/so/charts/so-mariadb/templates/job.yaml index ec589ea33e..f1081ad549 100644 --- a/kubernetes/so/charts/so-mariadb/templates/job.yaml +++ b/kubernetes/so/charts/so-mariadb/templates/job.yaml @@ -51,7 +51,7 @@ spec: command: - /bin/bash - -c - - mysqldump -vv --user=${DB_USER} --password=${DB_PASS} --host=${DB_HOST} --port=${DB_PORT} --databases --single-transaction --quick --lock-tables=false catalogdb requestdb > /var/data/mariadb/backup-`date +%s`.sql + - mysqldump -vv --user=${DB_USER} --password=${DB_PASS} --host=${DB_HOST} --port=${DB_PORT} --databases --single-transaction --quick --lock-tables=false catalogdb requestdb nfvo > /var/data/mariadb/backup-`date +%s`.sql volumeMounts: - mountPath: /etc/localtime name: localtime @@ -156,6 +156,10 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "login") | indent 10 }} - name: CATALOG_DB_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "password") | indent 10 }} + - name: NFVO_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nfvo-db-creds" "key" "login") | indent 10 }} + - name: NFVO_DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nfvo-db-creds" "key" "password") | indent 10 }} volumeMounts: - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/so/charts/so-mariadb/values.yaml b/kubernetes/so/charts/so-mariadb/values.yaml index 5e7b2fef76..37f5f6535b 100755 --- a/kubernetes/so/charts/so-mariadb/values.yaml +++ b/kubernetes/so/charts/so-mariadb/values.yaml @@ -71,8 +71,11 @@ secrets: externalSecret: '{{ tpl (default "" .Values.db.catalog.dbCredsExternalSecret) . }}' login: '{{ .Values.db.catalog.userName }}' password: '{{ .Values.db.catalog.password }}' - - + - uid: nfvo-db-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.nfvo.dbCredsExternalSecret) . }}' + login: '{{ .Values.db.nfvo.userName }}' + password: '{{ .Values.db.nfvo.password }}' ################################################################# # Application configuration defaults. @@ -108,6 +111,9 @@ db: userName: cataloguser password: catalog123 # dbCredsExternalSecret: some secret + nfvo: + userName: nfvouser + # dbCredsExternalSecret: some secret # application configuration config: |