diff options
Diffstat (limited to 'kubernetes')
54 files changed, 501 insertions, 194 deletions
diff --git a/kubernetes/aai b/kubernetes/aai -Subproject ed292323735ea0b366960474d15fcfa23b209d0 +Subproject ab137ca81f5d4f9eb3d442f37f8e7ea52d7757f diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl index 8b430ef2bd..0c7660eb1f 100644 --- a/kubernetes/common/common/templates/_service.tpl +++ b/kubernetes/common/common/templates/_service.tpl @@ -54,15 +54,20 @@ annotations: {{- end }} {{- if $msb_informations }} msb.onap.org/service-info: '[ +{{- range $index, $msb_information := $msb_informations }} +{{- if ne $index 0 }} + , +{{- end }} { - "serviceName": "{{ include "common.servicename" $dot }}", - "version": "{{ default "v1" $msb_informations.version }}", - "url": "{{ default "/" $msb_informations.url }}", - "protocol": "{{ default "REST" $msb_informations.protocol }}", - "port": "{{ $msb_informations.port }}", - "visualRange":"{{ default "1" $msb_informations.visualRange }}" + "serviceName": "{{ default (include "common.servicename" $dot) $msb_information.serviceName }}", + "version": "{{ default "v1" $msb_information.version }}", + "url": "{{ default "/" $msb_information.url }}", + "protocol": "{{ default "REST" $msb_information.protocol }}", + "port": "{{ $msb_information.port }}", + "visualRange":"{{ default "1" $msb_information.visualRange }}" } - ]' +{{- end }} + ]' {{- end}} {{- end }} name: {{ include "common.servicename" $dot }}{{ if $suffix }}{{ print "-" $suffix }}{{ end }} diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh index 81533b9b4c..657b5f9448 100755 --- a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh @@ -23,9 +23,10 @@ SPATH="$( dirname "$( which "$0" )" )" usage() { cat << ==usage -$0 [cluster_domain] [helm_chart_args ...] +$0 [cluster_domain] [lb_ip] [helm_chart_args] ... [cluster_domain] Default value simpledemo.onap.org - [helm_chart_args...] Optional arguments passed to helm install command + [lb_ip] Default value LoadBalancer IP + [helm_chart_args] ... Optional arguments passed to helm install command $0 --help This message $0 --info Display howto configure target machine ==usage @@ -44,7 +45,31 @@ Extra DNS server already deployed: ==infodeploy } + +list_node_with_external_addrs() +{ + local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}') + for worker in $WORKER_NODES; do + local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }') + local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }') + if [ $internal_ip != $external_ip ]; then + echo $external_ip + break + fi + done +} + +ingress_controller_ip() { + local metal_ns=$(kubectl get ns --no-headers --output=custom-columns=NAME:metadata.name |grep metallb-system) + if [ -z $metal_ns ]; then + echo $CLUSTER_IP + else + list_node_with_external_addrs + fi +} + deploy() { + local ingress_ip=$(ingress_controller_ip) pushd "$SPATH/bind9dns" > /dev/null if [ $# -eq 0 ]; then local cl_domain="simpledemo.onap.org" @@ -52,7 +77,11 @@ deploy() { local cl_domain=$1 shift fi - helm install . --set dnsconf.wildcard="$cl_domain=$CLUSTER_IP" $@ + if [ $# -ne 0 ]; then + ingress_ip=$1 + shift + fi + helm install . --set dnsconf.wildcard="$cl_domain=$ingress_ip" $@ popd > /dev/null target_machine_notice_info } @@ -60,7 +89,7 @@ deploy() { if [[ $# -eq 1 ]] && [[ $1 == "-h" || $1 == "--help" ]]; then usage elif [[ $# -eq 1 ]] && [[ $1 == "--info" ]]; then - target_machine_notice_info + target_machine_notice_info else deploy $@ fi diff --git a/kubernetes/contrib/ingress-nginx-post-inst/nginx_ingress_cluster_config.yaml b/kubernetes/contrib/ingress-nginx-post-inst/nginx_ingress_cluster_config.yaml index 19f514f55d..d579333157 100644 --- a/kubernetes/contrib/ingress-nginx-post-inst/nginx_ingress_cluster_config.yaml +++ b/kubernetes/contrib/ingress-nginx-post-inst/nginx_ingress_cluster_config.yaml @@ -268,29 +268,6 @@ spec: timeoutSeconds: 10 --- -kind: Service -apiVersion: v1 -metadata: - name: ingress-nginx - namespace: ingress-nginx - labels: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx -spec: - externalTrafficPolicy: Local - type: LoadBalancer - selector: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - ports: - - name: http - port: 80 - targetPort: http - - name: https - port: 443 - targetPort: https - ---- apiVersion: v1 kind: Service diff --git a/kubernetes/contrib/ingress-nginx-post-inst/nginx_ingress_enable_optional_load_balacer_service.yaml b/kubernetes/contrib/ingress-nginx-post-inst/nginx_ingress_enable_optional_load_balacer_service.yaml index c051f83951..57c0034775 100644 --- a/kubernetes/contrib/ingress-nginx-post-inst/nginx_ingress_enable_optional_load_balacer_service.yaml +++ b/kubernetes/contrib/ingress-nginx-post-inst/nginx_ingress_enable_optional_load_balacer_service.yaml @@ -6,8 +6,6 @@ metadata: labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - annotations: - service.beta.kubernetes.io/aws-load-balancer-type: nlb spec: externalTrafficPolicy: Local type: LoadBalancer diff --git a/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh b/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh new file mode 100755 index 0000000000..6e412a3688 --- /dev/null +++ b/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh @@ -0,0 +1,85 @@ +#!/bin/bash -e +# +# Copyright 2020 Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +usage() { +cat << ==usage +$0 Automatic configuration using external addresess from nodes +$0 --help This message +$0 -h This message +$0 [cluster_ip1] ... [cluster_ipn] Cluster address or ip ranges +==usage +} + + +find_nodes_with_external_addrs() +{ + local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}') + for worker in $WORKER_NODES; do + local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }') + local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }') + if [ $internal_ip != $external_ip ]; then + echo $external_ip + fi + done +} + +generate_config_map() +{ +cat <<CNFEOF | kubectl apply -f - +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: metallb-system + name: config +data: + config: | + address-pools: + - name: default + protocol: layer2 + addresses: +$(for value in "$@"; do echo -e " - $value"; done) +CNFEOF +} + +generate_config_from_single_addr() { + generate_config_map "$1 - $1" +} + +install_metallb() { + kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/namespace.yaml + kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/metallb.yaml + # Only when install + kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)" +} + +automatic_configuration() { + install_metallb + generate_config_from_single_addr $(find_nodes_with_external_addrs) +} + +manual_configuration() { + install_metallb + generate_config_map $@ +} + +if [[ $# -eq 1 ]] && [[ $1 == "-h" || $1 == "--help" ]]; then + usage +elif [[ $# -eq 0 ]]; then + automatic_configuration +else + manual_configuration $@ +fi diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml index 17d0fc4254..5a2a595ca6 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml @@ -21,12 +21,13 @@ tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.ves external_port: 0 external_port_tls: {{ .Values.config.address.ves.portSecure }} auth_method: "certBasicAuth" -component_name: "dcae-ves-collector-tls" -dns_component_name: "dcae-ves-collector-tls" +component_name: "dcae-ves-collector" +dns_component_name: "dcae-ves-collector" enable_tls: true ves_other_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_OTHER_OUTPUT/" ves_heartbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_HEARTBEAT_OUTPUT/" ves_fault_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_FAULT_OUTPUT/" ves_measurement_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/" ves_pnfRegistration_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_PNFREG_OUTPUT/" -ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/"
\ No newline at end of file +ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/" +user_list: "sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6|demouser,$2a$10$1cc.COcqV/d3iT2N7BjPG.S6ZKv2jpb9a5MV.o7lMih/GpjJRX.Ce" diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml index c113d643af..dda75dd874 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== #================================================================================= -# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada # Modifications (c) 2020 Nokia. All rights reserved. # ================================================================================ @@ -23,11 +23,11 @@ tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.ves external_port_tls: 0 external_port: {{ .Values.config.address.ves.port }} auth_method: "noAuth" -component_name: "dcae-ves-collector" -dns_component_name: "dcae-ves-collector" +component_name: "dcae-ves-collector-http" +dns_component_name: "dcae-ves-collector-http" ves_other_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_OTHER_OUTPUT/" ves_heartbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_HEARTBEAT_OUTPUT/" ves_fault_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_FAULT_OUTPUT/" ves_measurement_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/" ves_pnfRegistration_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_PNFREG_OUTPUT/" -ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/"
\ No newline at end of file +ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/" diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index c2261d1ded..19b59722a2 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -109,7 +109,7 @@ mongo: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.3 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.4 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml index ba8648a5be..cbde9a157b 100644 --- a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml @@ -45,7 +45,7 @@ readiness: periodSeconds: 10 # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.healthcheck-container:1.3.0 +image: onap/org.onap.dcaegen2.deployments.healthcheck-container:1.3.1 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml index d9e00ace0f..f2320a1387 100644 --- a/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml @@ -31,13 +31,13 @@ global: enabled: false config: - nifiJarsIndexURL: http://dcaemod-genprocessor/nifi-jars + nifiJarsIndexURL: http://dcaemod-genprocessor:8080/nifi-jars distributorAPIURL: /distributor curlImage: curlimages/curl:7.68.0 # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.designtool-web:1.0.0 +image: onap/org.onap.dcaegen2.platform.mod.designtool-web:1.0.2 service: type: ClusterIP diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml index 3d9c377885..16bb8a9ff3 100644 --- a/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml @@ -32,25 +32,25 @@ global: config: nifiRegistryURL: http://dcaemod-nifi-registry:18080/nifi-registry-api - onboardingAPIURL: http://dcaemod-onboarding-api/onboarding + onboardingAPIURL: http://dcaemod-onboarding-api:8080/onboarding # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.distributorapi:1.0.0 +image: onap/org.onap.dcaegen2.platform.mod.distributorapi:1.0.1 service: type: ClusterIP name: dcaemod-distributor-api ports: - name: http - port: 80 + port: 8080 ingress: enabled: true service: - baseaddr: "distributor" name: dcaemod-distributor-api - port: 80 + port: 8080 config: ssl: "none" diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml index 6b15abe909..a4afe05c95 100644 --- a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml @@ -24,6 +24,21 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + initContainers: + # apps run as uid 1000, gid 1000 + # the volume is mounted with root permissions + # this initContainer changes ownership to uid 1000 gid 1000 + # (tried using a securityContext in the pod spec, but it didn't seem to work) + - name: set-permissions + image: busybox:latest + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + - -c + - chown -R 1000:1000 /genprocessor-data + volumeMounts: + - mountPath: /genprocessor-data + name: genprocessor-data containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml index 7096a16a1b..37bb861235 100644 --- a/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml @@ -30,26 +30,26 @@ global: enabled: false config: - onboardingAPIURL: http://dcaemod-onboarding-api/onboarding + onboardingAPIURL: http://dcaemod-onboarding-api:8080/onboarding # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.genprocessor-job:1.0.0 -httpImage: onap/org.onap.dcaegen2.platform.mod.genprocessor-http:1.0.0 +image: onap/org.onap.dcaegen2.platform.mod.genprocessor-job:1.0.1 +httpImage: onap/org.onap.dcaegen2.platform.mod.genprocessor-http:1.0.1 service: type: ClusterIP name: dcaemod-genprocessor ports: - name: http - port: 80 + port: 8080 ingress: enabled: true service: - baseaddr: "nifi-jars" name: dcaemod-genprocessor - port: 80 + port: 8080 config: ssl: "none" diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml index 656fd69742..28e79a1593 100644 --- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml @@ -47,13 +47,13 @@ service: name: dcaemod-onboarding-api ports: - name: http - port: 80 + port: 8080 ingress: enabled: true service: - baseaddr: "onboarding" name: dcaemod-onboarding-api - port: 80 + port: 8080 config: ssl: "none" @@ -93,7 +93,7 @@ postgres: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.0 +image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.1 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml index a56552e6c0..d5da039ad1 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml @@ -72,7 +72,7 @@ readiness: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.1 +image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.2 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml index da9e41eebf..78721169d4 100644 --- a/kubernetes/dmaap/components/message-router/values.yaml +++ b/kubernetes/dmaap/components/message-router/values.yaml @@ -72,11 +72,11 @@ service: name: message-router both_tls_and_plain: true msb: - port: api - url: "/" - version: "v1" - protocol: "REST" - visualRange: "1" + - port: 3904 + url: "/" + version: "v1" + protocol: "REST" + visualRange: "1" ports: - name: api port: 3905 diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml index 353f2a7c70..af0d4730ac 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml @@ -60,7 +60,7 @@ mariadb-galera: flavor: small repository: nexus3.onap.org:10001 -image: onap/modeling/etsicatalog:1.0.4 +image: onap/modeling/etsicatalog:1.0.5 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql index 1c6a845925..a5c94bc5e1 100644 --- a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql +++ b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql @@ -26,7 +26,7 @@ while the OOM K8s version has these service split up. update fn_app set app_url = 'http://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'http://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App'; --dmaap-bc => the dmaap-bc doesn't open a node port.. update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl'; ---sdc-be => 8443:30204, 8080:30205 +--sdc-be => 8443:30204 --sdc-fe => 8181:30206, 9443:30207 update fn_app set app_url = 'https://{{.Values.config.sdcFeHostName}}:{{.Values.config.sdcFePort}}/sdc1/portal', app_rest_endpoint = 'https://sdc-be:8443/api/v3' where app_name = 'SDC'; --pap => 8443:30219 diff --git a/kubernetes/robot b/kubernetes/robot -Subproject 60271b7510ea9d57ed56cd9958d1c07f5ceaf3c +Subproject 7f37c3cd610edd911a8b68e2118212d9ec8149d diff --git a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml index 87fed417e6..84f6d0b51d 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml @@ -13,23 +13,14 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - name: {{ include "common.name" . }}-readiness @@ -60,19 +51,41 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-update-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" + env: + - name: KEYSTORE_PASS + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-sdc-cs-secrets + key: keystore_password + - name: TRUSTSTORE_PASS + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-sdc-cs-secrets + key: truststore_password + volumeMounts: + - name: {{ include "common.fullname" . }}-environments + mountPath: /config-input/ + - name: sdc-environments-output + mountPath: /config-output/ containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - - containerPort: {{ .Values.service.internalPort2 }} + ports: {{ include "common.containerPorts" . | nindent 10 }} {{ if eq .Values.liveness.enabled true }} livenessProbe: httpGet: path: /sdc2/rest/healthCheck - port: {{ .Values.service.internalPort }} - scheme: HTTPS + port: {{ .Values.liveness.port }} + scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} @@ -84,8 +97,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} env: - name: ENVNAME value: {{ .Values.global.env.name }} @@ -98,8 +110,14 @@ spec: fieldRef: fieldPath: status.podIP volumeMounts: - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ + - name: sdc-cert + mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12 + subPath: org.onap.sdc.p12 + - name: sdc-cert + mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks + subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true @@ -128,6 +146,9 @@ spec: - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime + - name: sdc-cert + secret: + secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap @@ -140,7 +161,9 @@ spec: configMap: name: {{ include "common.release" . }}-sdc-environments-configmap defaultMode: 0755 - - name: {{ include "common.fullname" . }}-logs + - name: sdc-environments-output + emptyDir: { medium: "Memory" } + - name: {{ include "common.fullname" . }}-logs emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-be/templates/job.yaml b/kubernetes/sdc/charts/sdc-be/templates/job.yaml index 4b5ec51976..a4b44a1a54 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/job.yaml +++ b/kubernetes/sdc/charts/sdc-be/templates/job.yaml @@ -18,18 +18,16 @@ kind: Job metadata: name: {{ include "common.fullname" . }}-config-backend namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-job - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} spec: backoffLimit: 20 template: metadata: labels: - app: {{ include "common.name" . }}-job - release: {{ include "common.release" . }} + app.kubernetes.io/name: {{ include "common.name" . }}-job + helm.sh/chart: {{ include "common.chart" . }} + app.kubernetes.io/instance: {{ include "common.release" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} spec: restartPolicy: Never initContainers: diff --git a/kubernetes/sdc/charts/sdc-be/templates/service.yaml b/kubernetes/sdc/charts/sdc-be/templates/service.yaml index 39e1d77642..a0d0f5b438 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/service.yaml +++ b/kubernetes/sdc/charts/sdc-be/templates/service.yaml @@ -13,54 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "sdc", - "version": "v1", - "url": "/sdc/v1", - "protocol": "REST", - "port": "{{ .Values.service.internalPort2 }}", - "visualRange":"1" - }, - { - "serviceName": "sdc-deprecated", - "version": "v1", - "url": "/sdc/v1", - "protocol": "REST", - "port": "{{ .Values.service.internalPort2 }}", - "visualRange":"1", - "path":"/sdc/v1" - } - ]' -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - - port: {{ .Values.service.internalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName }}2 - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName }}2 - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} +{{ include "common.service" . }} diff --git a/kubernetes/sdc/charts/sdc-be/values.yaml b/kubernetes/sdc/charts/sdc-be/values.yaml index b6bc635071..a40b27d2aa 100644 --- a/kubernetes/sdc/charts/sdc-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-backend:1.6.3 -backendInitImage: onap/sdc-backend-init:1.6.3 +image: onap/sdc-backend:1.6.4 +backendInitImage: onap/sdc-backend-init:1.6.4 pullPolicy: Always # flag to enable debugging - application support required @@ -53,6 +53,7 @@ liveness: timeoutSeconds: 5 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container + port: api enabled: true readiness: @@ -63,22 +64,35 @@ readiness: service: type: NodePort name: sdc-be - portName: sdc-be - nodePort: "04" - internalPort: 8443 - externalPort: 8443 - nodePort2: "05" - internalPort2: 8080 - externalPort2: 8080 + both_tls_and_plain: true + msb: + - port: 8080 + url: "/sdc/v1" + version: "v1" + protocol: "REST" + visualRange: "1" + serviceName: sdc + - port: 8080 + url: "/sdc/v1" + version: "v1" + protocol: "REST" + visualRange: "1" + serviceName: sdc-deprecated + ports: + - name: api + port: 8443 + plain_port: 8080 + port_protocol: http + nodePort: '04' ingress: enabled: false service: - baseaddr: "sdcbe" name: "sdc-be" - port: 8080 + port: 8443 config: - ssl: "none" + ssl: "redirect" # Resource Limit flavor -By Default using small diff --git a/kubernetes/sdc/charts/sdc-cs/values.yaml b/kubernetes/sdc/charts/sdc-cs/values.yaml index ddc194654d..6c63927cf5 100644 --- a/kubernetes/sdc/charts/sdc-cs/values.yaml +++ b/kubernetes/sdc/charts/sdc-cs/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-cassandra:1.6.3 -cassandraInitImage: onap/sdc-cassandra-init:1.6.3 +image: onap/sdc-cassandra:1.6.4 +cassandraInitImage: onap/sdc-cassandra-init:1.6.4 pullPolicy: Always diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml index 6072148d07..de80c7a0de 100644 --- a/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml @@ -59,7 +59,30 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - + - name: {{ include "common.name" . }}-update-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" + env: + - name: KEYSTORE_PASS + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-sdc-cs-secrets + key: keystore_password + - name: TRUSTSTORE_PASS + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-sdc-cs-secrets + key: truststore_password + volumeMounts: + - name: {{ include "common.fullname" . }}-environments + mountPath: /config-input/ + - name: sdc-environments-output + mountPath: /config-output/ containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -91,8 +114,14 @@ spec: fieldRef: fieldPath: status.podIP volumeMounts: - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ + - name: sdc-cert + mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12 + subPath: org.onap.sdc.p12 + - name: sdc-cert + mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks + subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true @@ -132,6 +161,9 @@ spec: - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime + - name: sdc-cert + secret: + secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap @@ -144,7 +176,9 @@ spec: configMap: name: {{ include "common.release" . }}-sdc-environments-configmap defaultMode: 0755 - - name: {{ include "common.fullname" . }}-logs + - name: sdc-environments-output + emptyDir: { medium: "Memory" } + - name: {{ include "common.fullname" . }}-logs emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml b/kubernetes/sdc/charts/sdc-dcae-be/values.yaml index 051c076ea1..d1fe131f82 100644 --- a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-be/values.yaml @@ -27,9 +27,9 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dcae-be:1.3.3 +image: onap/dcae-be:1.3.4 pullPolicy: Always -backendInitImage: onap/dcae-tools:v1.3.3 +backendInitImage: onap/dcae-tools:1.3.4 # flag to enable debugging - application support required debugEnabled: false diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml index f3c44f0e54..77a835ccb7 100644 --- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml @@ -59,6 +59,30 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-update-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" + env: + - name: KEYSTORE_PASS + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-sdc-cs-secrets + key: keystore_password + - name: TRUSTSTORE_PASS + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-sdc-cs-secrets + key: truststore_password + volumeMounts: + - name: {{ include "common.fullname" . }}-environments + mountPath: /config-input/ + - name: sdc-environments-output + mountPath: /config-output/ containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -89,8 +113,14 @@ spec: fieldRef: fieldPath: status.podIP volumeMounts: - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ + - name: sdc-cert + mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.p12 + subPath: org.onap.sdc.p12 + - name: sdc-cert + mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.trust.jks + subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true @@ -126,6 +156,9 @@ spec: - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime + - name: sdc-cert + secret: + secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap @@ -138,7 +171,9 @@ spec: configMap: name: {{ include "common.release" . }}-sdc-environments-configmap defaultMode: 0755 - - name: {{ include "common.fullname" . }}-logs + - name: sdc-environments-output + emptyDir: { medium: "Memory" } + - name: {{ include "common.fullname" . }}-logs emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml index c3a2159d2e..ad46842393 100644 --- a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dcae-dt:1.3.3 +image: onap/dcae-dt:1.3.4 pullPolicy: IfNotPresent config: javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-dt/logback-spring.xml diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml index a70f485153..d5861fadfc 100644 --- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml @@ -59,6 +59,30 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-update-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" + env: + - name: KEYSTORE_PASS + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-sdc-cs-secrets + key: keystore_password + - name: TRUSTSTORE_PASS + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-sdc-cs-secrets + key: truststore_password + volumeMounts: + - name: {{ include "common.fullname" . }}-environments + mountPath: /config-input/ + - name: sdc-environments-output + mountPath: /config-output/ containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -89,8 +113,14 @@ spec: fieldRef: fieldPath: status.podIP volumeMounts: - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ + - name: sdc-cert + mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12 + subPath: org.onap.sdc.p12 + - name: sdc-cert + mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks + subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true @@ -130,6 +160,9 @@ spec: - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime + - name: sdc-cert + secret: + secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap @@ -142,7 +175,9 @@ spec: configMap: name: {{ include "common.release" . }}-sdc-environments-configmap defaultMode: 0755 - - name: {{ include "common.fullname" . }}-logs + - name: sdc-environments-output + emptyDir: { medium: "Memory" } + - name: {{ include "common.fullname" . }}-logs emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml index 28181d1c6a..b6572f5d3d 100644 --- a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dcae-fe:1.3.3 +image: onap/dcae-fe:1.3.4 pullPolicy: Always config: javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-fe/logback-spring.xml diff --git a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml index 8e19489f9a..7a11ef927e 100644 --- a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml @@ -46,6 +46,30 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-update-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" + env: + - name: KEYSTORE_PASS + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-sdc-cs-secrets + key: keystore_password + - name: TRUSTSTORE_PASS + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-sdc-cs-secrets + key: truststore_password + volumeMounts: + - name: {{ include "common.fullname" . }}-environments + mountPath: /config-input/ + - name: sdc-environments-output + mountPath: /config-output/ containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -79,8 +103,14 @@ spec: - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} volumeMounts: - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ + - name: sdc-cert + mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12 + subPath: org.onap.sdc.p12 + - name: sdc-cert + mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks + subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true @@ -112,6 +142,9 @@ spec: - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime + - name: sdc-cert + secret: + secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap @@ -128,7 +161,9 @@ spec: configMap: name: {{ include "common.release" . }}-sdc-environments-configmap defaultMode: 0755 - - name: {{ include "common.fullname" . }}-logs + - name: sdc-environments-output + emptyDir: { medium: "Memory" } + - name: {{ include "common.fullname" . }}-logs emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-fe/values.yaml b/kubernetes/sdc/charts/sdc-fe/values.yaml index 64ccaa81b1..f5d1956f18 100644 --- a/kubernetes/sdc/charts/sdc-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-fe/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-frontend:1.6.3 +image: onap/sdc-frontend:1.6.4 pullPolicy: Always config: diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml index 75779a319c..3db3685b86 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml @@ -46,6 +46,30 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-update-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" + env: + - name: KEYSTORE_PASS + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-sdc-cs-secrets + key: keystore_password + - name: TRUSTSTORE_PASS + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-sdc-cs-secrets + key: truststore_password + volumeMounts: + - name: {{ include "common.fullname" . }}-environments + mountPath: /config-input/ + - name: sdc-environments-output + mountPath: /config-output/ containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -93,8 +117,14 @@ spec: - name: SDC_CERT_DIR value: {{ .Values.cert.certDir }} volumeMounts: - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ + - name: sdc-cert + mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12 + subPath: org.onap.sdc.p12 + - name: sdc-cert + mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks + subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true @@ -125,6 +155,9 @@ spec: - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime + - name: sdc-cert + secret: + secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap @@ -137,6 +170,8 @@ spec: configMap: name: {{ include "common.release" . }}-sdc-environments-configmap defaultMode: 0755 + - name: sdc-environments-output + emptyDir: { medium: "Memory" } - name: {{ include "common.fullname" . }}-logs emptyDir: {} - name: {{ include "common.fullname" . }}-cert-storage diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml index b15f784dee..946cb3491f 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-onboard-backend:1.6.3 -onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.3 +image: onap/sdc-onboard-backend:1.6.4 +onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml index 7490b47cef..be2eeb6e96 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml @@ -115,5 +115,16 @@ spec: - name: SERVER_SSL_TRUST_PASSWORD valueFrom: secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: truststore_password} + volumeMounts: + - name: sdc-cert + mountPath: /keystore + subPath: org.onap.sdc.p12 + - name: sdc-cert + mountPath: /truststore + subPath: org.onap.sdc.trust.jks + volumes: + - name: sdc-cert + secret: + secretName: sdc-cert imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml index 78fdb32dcc..8bab2c84ea 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/workflow-backend:1.6.2 -configInitImage: onap/workflow-init:1.6.2 +image: onap/workflow-backend:1.6.4 +configInitImage: onap/workflow-init:1.6.4 pullPolicy: Always initJob: diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml index f419d61291..180c427f1e 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml @@ -90,6 +90,12 @@ spec: - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true + - name: sdc-cert + mountPath: /var/lib/jetty/etc/org.onap.sdc.p12 + subPath: org.onap.sdc.p12 + - name: sdc-cert + mountPath: /var/lib/jetty/etc/org.onap.sdc.trust.jks + subPath: org.onap.sdc.trust.jks resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -116,6 +122,9 @@ spec: - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime + - name: sdc-cert + secret: + secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml index 6b0669b5b6..359c33ab61 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/workflow-frontend:1.6.2 +image: onap/workflow-frontend:1.6.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdc/resources/cert/org.onap.sdc.p12 b/kubernetes/sdc/resources/cert/org.onap.sdc.p12 Binary files differnew file mode 100644 index 0000000000..446856071b --- /dev/null +++ b/kubernetes/sdc/resources/cert/org.onap.sdc.p12 diff --git a/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks b/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks Binary files differnew file mode 100644 index 0000000000..e6686cc08c --- /dev/null +++ b/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks diff --git a/kubernetes/sdc/resources/config/environments/AUTO.json b/kubernetes/sdc/resources/config/environments/AUTO.json index 57d774e59b..2bd165b723 100755 --- a/kubernetes/sdc/resources/config/environments/AUTO.json +++ b/kubernetes/sdc/resources/config/environments/AUTO.json @@ -104,6 +104,10 @@ "username": "user1@sdc.com", "password": "password==" } + }, + "jetty": { + "keystore_pwd": "${KEYSTORE_PASS}", + "truststore_pwd": "${TRUSTSTORE_PASS}" } } } diff --git a/kubernetes/sdc/templates/secrets.yaml b/kubernetes/sdc/templates/secrets.yaml index ba2ec86951..6187104ce6 100644 --- a/kubernetes/sdc/templates/secrets.yaml +++ b/kubernetes/sdc/templates/secrets.yaml @@ -35,4 +35,18 @@ data: truststore_password: "{{ .Values.global.secrets.truststore_password }}" keystore_password: "{{ .Values.global.secrets.keystore_password }}" # workflow - wf_external_user_password: "{{ .Values.global.secrets.wf_external_user_password }}"
\ No newline at end of file + wf_external_user_password: "{{ .Values.global.secrets.wf_external_user_password }}" +--- +apiVersion: v1 +kind: Secret +metadata: + name: sdc-cert + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/cert/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml index dfbd8c80df..5701a91f27 100644 --- a/kubernetes/sdc/values.yaml +++ b/kubernetes/sdc/values.yaml @@ -23,8 +23,8 @@ global: #Should be the password of shared cassandra instance/chart cs_password: Y2Fzc2FuZHJh cs_truststore_password: XS5dW3hndHplXWhCaHoqd3ldfW0jbGYq - truststore_password: XS5dW3hndHplXWhCaHoqd3ldfW0jbGYq - keystore_password: IXBwSi5KdlduMGhHaClvVkZdKFtLdile + truststore_password: eitLRWo7dCssS05eaWltU2lTODllI3Aw + keystore_password: PyhrUCFZdXIhWyohWTUhRV5mKFpLYzMx wf_external_user_password: S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ== ubuntuInitRepository: oomk8s ubuntuInitImage: ubuntu-init:1.0.0 @@ -41,6 +41,7 @@ global: dataCenter: Pod security: disableHttp: true + envsubstImage: dibi/envsubst config: logstashServiceName: log-ls logstashPort: 5044 diff --git a/kubernetes/so/charts/so-bpmn-infra/values.yaml b/kubernetes/so/charts/so-bpmn-infra/values.yaml index f1e35fe13a..1d2c5f17b1 100755 --- a/kubernetes/so/charts/so-bpmn-infra/values.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/values.yaml @@ -54,7 +54,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/bpmn-infra:1.5.3 +image: onap/so/bpmn-infra:1.6.0 pullPolicy: Always db: diff --git a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml index a3d5e2f363..b616abcc06 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml +++ b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml @@ -54,7 +54,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/catalog-db-adapter:1.5.3 +image: onap/so/catalog-db-adapter:1.6.0 pullPolicy: Always db: diff --git a/kubernetes/so/charts/so-monitoring/values.yaml b/kubernetes/so/charts/so-monitoring/values.yaml index f096d99637..910b694245 100644 --- a/kubernetes/so/charts/so-monitoring/values.yaml +++ b/kubernetes/so/charts/so-monitoring/values.yaml @@ -57,7 +57,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/so-monitoring:1.5.3 +image: onap/so/so-monitoring:1.6.0 pullPolicy: Always db: diff --git a/kubernetes/so/charts/so-openstack-adapter/values.yaml b/kubernetes/so/charts/so-openstack-adapter/values.yaml index 1ab46561d6..ea8dd0d45d 100755 --- a/kubernetes/so/charts/so-openstack-adapter/values.yaml +++ b/kubernetes/so/charts/so-openstack-adapter/values.yaml @@ -51,7 +51,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/openstack-adapter:1.5.3 +image: onap/so/openstack-adapter:1.6.0 pullPolicy: Always repository: nexus3.onap.org:10001 diff --git a/kubernetes/so/charts/so-request-db-adapter/values.yaml b/kubernetes/so/charts/so-request-db-adapter/values.yaml index 7215ddcee9..2f890421e6 100755 --- a/kubernetes/so/charts/so-request-db-adapter/values.yaml +++ b/kubernetes/so/charts/so-request-db-adapter/values.yaml @@ -52,7 +52,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/request-db-adapter:1.5.3 +image: onap/so/request-db-adapter:1.6.0 pullPolicy: Always db: diff --git a/kubernetes/so/charts/so-sdc-controller/values.yaml b/kubernetes/so/charts/so-sdc-controller/values.yaml index 1f978dec03..a38e256615 100755 --- a/kubernetes/so/charts/so-sdc-controller/values.yaml +++ b/kubernetes/so/charts/so-sdc-controller/values.yaml @@ -52,7 +52,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/sdc-controller:1.5.3 +image: onap/so/sdc-controller:1.6.0 pullPolicy: Always db: diff --git a/kubernetes/so/charts/so-sdnc-adapter/values.yaml b/kubernetes/so/charts/so-sdnc-adapter/values.yaml index 1d82321238..a4b2496662 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/values.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/values.yaml @@ -52,7 +52,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/sdnc-adapter:1.5.3 +image: onap/so/sdnc-adapter:1.6.0 pullPolicy: Always db: diff --git a/kubernetes/so/charts/so-vfc-adapter/values.yaml b/kubernetes/so/charts/so-vfc-adapter/values.yaml index c907b4e1d0..aa4923a9bd 100755 --- a/kubernetes/so/charts/so-vfc-adapter/values.yaml +++ b/kubernetes/so/charts/so-vfc-adapter/values.yaml @@ -52,7 +52,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/vfc-adapter:1.5.3 +image: onap/so/vfc-adapter:1.6.0 pullPolicy: Always db: diff --git a/kubernetes/so/charts/so-vnfm-adapter/values.yaml b/kubernetes/so/charts/so-vnfm-adapter/values.yaml index 1e4ecbc33a..72efcb4b78 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/values.yaml +++ b/kubernetes/so/charts/so-vnfm-adapter/values.yaml @@ -40,7 +40,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/vnfm-adapter:1.5.3 +image: onap/so/vnfm-adapter:1.6.0 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 90c27da2ad..8a83427c4b 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -132,8 +132,7 @@ dbCreds: adminName: so_admin repository: nexus3.onap.org:10001 -image: onap/so/api-handler-infra:1.5.3 - +image: onap/so/api-handler-infra:1.6.0 pullPolicy: Always replicaCount: 1 minReadySeconds: 10 |