diff options
Diffstat (limited to 'kubernetes')
16 files changed, 90 insertions, 49 deletions
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl index 5de526288e..310d9ae662 100644 --- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl @@ -274,6 +274,10 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }} env: + {{- range $cred := .Values.credentials }} + - name: {{ $cred.name }} + {{- include "common.secret.envFromSecretFast" (dict "global" $ "uid" $cred.uid "key" $cred.key) | indent 10 }} + {{- end }} {{- if $certDir }} - name: DCAE_CA_CERTPATH value: {{ $certDir }}/cacert.pem @@ -317,6 +321,8 @@ spec: volumeMounts: - mountPath: /app-config name: app-config + - mountPath: /app-config-input + name: app-config-input {{- if $logDir }} - mountPath: {{ $logDir}} name: component-log @@ -324,7 +330,7 @@ spec: {{- if $certDir }} - mountPath: {{ $certDir }} name: tls-info - {{- if and .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration -}} + {{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}} {{- include "common.certManager.volumeMountsReadOnly" . | nindent 8 -}} {{- end -}} {{- end }} @@ -422,7 +428,7 @@ spec: {{- if $certDir }} - emptyDir: {} name: tls-info - {{ if and .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration -}} + {{ if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}} {{ include "common.certManager.volumesReadOnly" . | nindent 6 }} {{- end }} {{- end }} @@ -443,7 +449,7 @@ spec: */}} {{- define "dcaegen2-services-common._certPostProcessor" -}} {{- $certDir := default "" .Values.certDirectory . -}} - {{- if and $certDir .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration -}} + {{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}} {{- $cmpv2Certificate := (index .Values.certificates 0) -}} {{- $cmpv2CertificateDir := $cmpv2Certificate.mountPath -}} {{- $certType := "pem" -}} @@ -480,3 +486,16 @@ spec: value: {{ $keystoreDestinationPaths | quote }} {{- end }} {{- end -}} + +{{/* + Template returns string "true" if CMPv2 certificates should be used and nothing (so it can be used in with statements) + when they shouldn't. Example use: + {{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}} + +*/}} +{{- define "dcaegen2-services-common.shouldUseCmpv2Certificates" -}} + {{- $certDir := default "" .Values.certDirectory . -}} + {{- if (and $certDir .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration .Values.useCmpv2Certificates) -}} + true + {{- end -}} +{{- end -}} diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/certificates.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/certificates.yaml index 0db2138a4f..12a05885ca 100644 --- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/certificates.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/certificates.yaml @@ -14,6 +14,6 @@ # limitations under the License. */}} -{{ if and .Values.certDirectory .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }} +{{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}} {{ include "certManagerCertificate.certificate" . }} {{ end }} diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml index bb65f37f73..223789a75f 100644 --- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml @@ -65,8 +65,13 @@ secrets: passwordPolicy: required # CMPv2 certificate -# It is used only when global parameter cmpv2Enabled is true +# It is used only when: +# - certDirectory is set +# - global cmpv2Enabled flag is set to true +# - global CertManagerIntegration flag is set to true +# - flag useCmpv2Certificates is set to true # Disabled by default +useCmpv2Certificates: false certificates: - mountPath: /etc/ves-hv/ssl/external commonName: dcae-hv-ves-collector diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/certificates.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/certificates.yaml index 0db2138a4f..12a05885ca 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/certificates.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/certificates.yaml @@ -14,6 +14,6 @@ # limitations under the License. */}} -{{ if and .Values.certDirectory .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }} +{{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}} {{ include "certManagerCertificate.certificate" . }} {{ end }} diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml index a675db6797..9e08ea1a69 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml @@ -58,8 +58,13 @@ certDirectory: /opt/app/dcae-certificate tlsServer: true # CMPv2 certificate -# It is used only when global parameter cmpv2Enabled is true +# It is used only when: +# - certDirectory is set +# - global cmpv2Enabled flag is set to true +# - global CertManagerIntegration flag is set to true +# - flag useCmpv2Certificates is set to true # Disabled by default +useCmpv2Certificates: false certificates: - mountPath: /opt/app/dcae-certificate/external commonName: dcae-ves-collector diff --git a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml index 28e9c1369c..346534ce57 100644 --- a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml @@ -119,8 +119,7 @@ spec: livenessProbe: httpGet: path: /sdc2/rest/healthCheck - port: {{ .Values.liveness.port }} - scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} @@ -128,9 +127,9 @@ spec: failureThreshold: {{ .Values.liveness.failureThreshold }} {{ end }} readinessProbe: - exec: - command: - - "/var/lib/jetty/ready-probe.sh" + httpGet: + path: /sdc2/rest/healthCheck + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} @@ -138,9 +137,9 @@ spec: failureThreshold: {{ .Values.readiness.failureThreshold }} resources: {{ include "common.resources" . | nindent 12 }} startupProbe: - exec: - command: - - "/var/lib/jetty/ready-probe.sh" + httpGet: + path: /sdc2/rest/healthCheck + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }} periodSeconds: {{ .Values.startup.periodSeconds }} timeoutSeconds: {{ .Values.startup.timeoutSeconds }} @@ -160,12 +159,12 @@ spec: fieldPath: status.podIP volumeMounts: - name: sdc-environments-output - mountPath: /var/lib/jetty/chef-solo/environments/ + mountPath: /app/jetty/chef-solo/environments/ - name: sdc-environments-output - mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12 + mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - name: sdc-environments-output - mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks + mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime @@ -178,7 +177,7 @@ spec: lifecycle: postStart: exec: - command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/catalog-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] + command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/app/jetty/config/catalog-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] # side car containers - name: {{ include "common.name" . }}-filebeat-onap image: {{ include "repositoryGenerator.image.logging" . }} diff --git a/kubernetes/sdc/components/sdc-be/templates/job.yaml b/kubernetes/sdc/components/sdc-be/templates/job.yaml index b9db3f93c8..aaf8fada28 100644 --- a/kubernetes/sdc/components/sdc-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/job.yaml @@ -64,7 +64,7 @@ spec: - name: {{ include "common.fullname" . }}-environments mountPath: /home/onap/chef-solo/environments/ - name: sdc-logs - mountPath: /var/lib/jetty/logs + mountPath: /home/onap/logs env: - name: ENVNAME value: {{ .Values.env.name }} diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml index fc3b53fc50..3e5c58b0bc 100644 --- a/kubernetes/sdc/components/sdc-be/values.yaml +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -35,8 +35,8 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-backend-all-plugins:1.8.5 -backendInitImage: onap/sdc-backend-init:1.8.5 +image: onap/sdc-backend-all-plugins:1.9.0 +backendInitImage: onap/sdc-backend-init:1.9.0 pullPolicy: Always @@ -90,7 +90,6 @@ liveness: failureThreshold: 3 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container - port: api enabled: true readiness: @@ -111,6 +110,7 @@ service: type: NodePort name: sdc-be both_tls_and_plain: true + internalPort: 8080 msb: - port: 8443 url: "/sdc/v1" diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml index 3422f9d14d..2308f95fb2 100644 --- a/kubernetes/sdc/components/sdc-cs/values.yaml +++ b/kubernetes/sdc/components/sdc-cs/values.yaml @@ -38,8 +38,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-cassandra:1.8.5 -cassandraInitImage: onap/sdc-cassandra-init:1.8.5 +image: onap/sdc-cassandra:1.9.0 +cassandraInitImage: onap/sdc-cassandra-init:1.9.0 pullPolicy: Always config: diff --git a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml index 0a5c0a3445..407d61c904 100644 --- a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml @@ -148,12 +148,12 @@ spec: value: {{ .Values.config.javaOptions }} volumeMounts: - name: sdc-environments-output - mountPath: /var/lib/jetty/chef-solo/environments/ + mountPath: /app/jetty/chef-solo/environments/ - name: sdc-environments-output - mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12 + mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - name: sdc-environments-output - mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks + mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime @@ -161,7 +161,7 @@ spec: - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-configs - mountPath: /var/lib/jetty/config/catalog-fe/plugins-configuration.yaml + mountPath: /app/jetty/config/catalog-fe/plugins-configuration.yaml subPath: plugins-configuration.yaml - name: {{ include "common.fullname" . }}-logback mountPath: /tmp/logback.xml @@ -169,7 +169,7 @@ spec: lifecycle: postStart: exec: - command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/catalog-fe/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] + command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/app/jetty/config/catalog-fe/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] # side car containers - name: {{ include "common.name" . }}-filebeat-onap image: {{ include "repositoryGenerator.image.logging" . }} diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml index dde22b5b55..82afc4d3db 100644 --- a/kubernetes/sdc/components/sdc-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-fe/values.yaml @@ -47,7 +47,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-frontend:1.8.5 +image: onap/sdc-frontend:1.9.0 pullPolicy: Always config: diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml index 7251006d38..257f8b79a5 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml @@ -122,9 +122,9 @@ spec: - containerPort: {{ .Values.service.internalPort2 }} {{ if eq .Values.liveness.enabled true }} livenessProbe: - exec: - command: - - "/var/lib/jetty/ready-probe.sh" + httpGet: + path: /onboarding-api/v1.0/healthcheck + port: {{ .Values.service.internalPort2 }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} @@ -132,18 +132,18 @@ spec: failureThreshold: {{ .Values.liveness.failureThreshold }} {{ end }} readinessProbe: - exec: - command: - - "/var/lib/jetty/ready-probe.sh" + httpGet: + path: /onboarding-api/v1.0/healthcheck + port: {{ .Values.service.internalPort2 }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} successThreshold: {{ .Values.readiness.successThreshold }} failureThreshold: {{ .Values.readiness.failureThreshold }} startupProbe: - exec: - command: - - "/var/lib/jetty/ready-probe.sh" + httpGet: + path: /onboarding-api/v1.0/healthcheck + port: {{ .Values.service.internalPort2 }} initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }} periodSeconds: {{ .Values.startup.periodSeconds }} timeoutSeconds: {{ .Values.startup.timeoutSeconds }} @@ -173,12 +173,12 @@ spec: value: {{ .Values.cert.certDir }} volumeMounts: - name: sdc-environments-output - mountPath: /var/lib/jetty/chef-solo/environments/ + mountPath: /app/jetty/chef-solo/environments/ - name: sdc-environments-output - mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12 + mountPath: /app/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - name: sdc-environments-output - mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks + mountPath: /app/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime @@ -193,7 +193,7 @@ spec: lifecycle: postStart: exec: - command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/onboarding-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] + command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/app/jetty/config/onboarding-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] # side car containers - name: {{ include "common.name" . }}-filebeat-onap image: {{ include "repositoryGenerator.image.logging" . }} diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml index f26a0208b9..f09958e811 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml @@ -59,8 +59,8 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-onboard-backend:1.8.5 -onboardingInitImage: onap/sdc-onboard-cassandra-init:1.8.5 +image: onap/sdc-onboard-backend:1.9.0 +onboardingInitImage: onap/sdc-onboard-cassandra-init:1.9.0 pullPolicy: Always # flag to enable debugging - application support required @@ -141,7 +141,7 @@ persistence: ##Certificate storage persistence ##This is temporary solution for SDC-1980 cert: - certDir: /var/lib/jetty/cert + certDir: /app/jetty/cert persistence: enabled: true size: 10Mi diff --git a/kubernetes/sdc/requirements.yaml b/kubernetes/sdc/requirements.yaml index 2f2cb6c373..1f9b2d1600 100644 --- a/kubernetes/sdc/requirements.yaml +++ b/kubernetes/sdc/requirements.yaml @@ -37,4 +37,4 @@ dependencies: - name: sdc-helm-validator version: ~8.x-0 repository: 'file://components/sdc-helm-validator' - condition: sdc-helm-validator.enabled + condition: sdcHelmValidator.enabled diff --git a/kubernetes/sdc/resources/config/environments/AUTO.json b/kubernetes/sdc/resources/config/environments/AUTO.json index 79428f73c6..d01f8557f3 100755 --- a/kubernetes/sdc/resources/config/environments/AUTO.json +++ b/kubernetes/sdc/resources/config/environments/AUTO.json @@ -46,6 +46,14 @@ "VnfRepo": { "vnfRepoPort": "{{.Values.config.environment.vnfRepoPort}}", "vnfRepoHost": "refrepo.{{include "common.namespace" .}}" + }, + "HelmValidator": { + "validator_enabled": "{{.Values.sdcHelmValidator.enabled}}", + "helm_version": "{{.Values.sdcHelmValidator.helmVersion}}", + "deployable": "{{.Values.sdcHelmValidator.deployable}}", + "lintable": "{{.Values.sdcHelmValidator.lintable}}", + "strict_lintable": "{{.Values.sdcHelmValidator.strictLintable}}", + "validator_url": "{{.Values.sdcHelmValidator.url}}" } }, "override_attributes": { diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml index b7476a584e..cd3dc1e5fd 100644 --- a/kubernetes/sdc/values.yaml +++ b/kubernetes/sdc/values.yaml @@ -63,5 +63,10 @@ cassandra: # dependency / sub-chart configuration sdc-wfd: enabled: true -sdc-helm-validator: +sdcHelmValidator: enabled: true + helmVersion: 3.5.2 + deployable: true + lintable: false + strictLintable: false + url: http://sdc-helm-validator:8080/validate |