summaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml75
-rw-r--r--kubernetes/aaf/charts/aaf-cass/templates/pv.yaml26
-rw-r--r--kubernetes/aaf/charts/aaf-cass/templates/pvc.yaml25
-rw-r--r--kubernetes/aaf/charts/aaf-cass/templates/service.yaml37
-rw-r--r--kubernetes/aaf/charts/aaf-cass/values.yaml64
-rw-r--r--kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml129
-rw-r--r--kubernetes/aaf/charts/aaf-cm/templates/service.yaml23
-rw-r--r--kubernetes/aaf/charts/aaf-cm/values.yaml52
-rw-r--r--kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml129
-rw-r--r--kubernetes/aaf/charts/aaf-fs/templates/service.yaml23
-rw-r--r--kubernetes/aaf/charts/aaf-fs/values.yaml50
-rw-r--r--kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml129
-rw-r--r--kubernetes/aaf/charts/aaf-gui/templates/service.yaml23
-rw-r--r--kubernetes/aaf/charts/aaf-gui/values.yaml54
-rw-r--r--kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pv.yaml46
-rw-r--r--kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pvc.yaml44
-rw-r--r--kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml106
-rw-r--r--kubernetes/aaf/charts/aaf-hello/templates/secret.yaml15
-rw-r--r--kubernetes/aaf/charts/aaf-hello/templates/service.yaml21
-rw-r--r--kubernetes/aaf/charts/aaf-hello/values.yaml83
-rw-r--r--kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml129
-rw-r--r--kubernetes/aaf/charts/aaf-locate/templates/ingress.yaml2
-rw-r--r--kubernetes/aaf/charts/aaf-locate/templates/service.yaml23
-rw-r--r--kubernetes/aaf/charts/aaf-locate/values.yaml51
-rw-r--r--kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml129
-rw-r--r--kubernetes/aaf/charts/aaf-oauth/templates/ingress.yaml2
-rw-r--r--kubernetes/aaf/charts/aaf-oauth/templates/service.yaml23
-rw-r--r--kubernetes/aaf/charts/aaf-oauth/values.yaml54
-rw-r--r--kubernetes/aaf/charts/aaf-service/templates/deployment.yaml136
-rw-r--r--kubernetes/aaf/charts/aaf-service/templates/service.yaml23
-rw-r--r--kubernetes/aaf/charts/aaf-service/values.yaml54
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml11
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml26
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml30
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml11
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml39
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml25
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml24
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml37
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/templates/pv-data.yaml25
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/templates/pv-dbus.yaml25
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/templates/pvc-data.yaml24
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/templates/pvc-dbus.yaml28
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/values.yaml20
-rw-r--r--kubernetes/aaf/templates/_deployment.tpl67
-rw-r--r--kubernetes/aaf/templates/_initContainers.tpl122
-rw-r--r--kubernetes/aaf/templates/pv-config.yaml40
-rw-r--r--kubernetes/aaf/templates/pv-status.yaml40
-rw-r--r--kubernetes/aaf/templates/pvc-config.yaml43
-rw-r--r--kubernetes/aaf/templates/pvc-status.yaml43
-rw-r--r--kubernetes/aaf/values.yaml68
m---------kubernetes/aai0
-rw-r--r--kubernetes/appc/charts/appc-cdt/values.yaml2
-rwxr-xr-xkubernetes/cds/charts/cds-blueprints-processor/values.yaml2
-rwxr-xr-xkubernetes/cds/charts/cds-command-executor/values.yaml2
-rwxr-xr-xkubernetes/cds/charts/cds-py-executor/Chart.yaml18
-rwxr-xr-xkubernetes/cds/charts/cds-py-executor/requirements.yaml18
-rwxr-xr-xkubernetes/cds/charts/cds-py-executor/templates/deployment.yaml90
-rw-r--r--kubernetes/cds/charts/cds-py-executor/templates/secret.yaml15
-rwxr-xr-xkubernetes/cds/charts/cds-py-executor/templates/service.yaml15
-rwxr-xr-xkubernetes/cds/charts/cds-py-executor/values.yaml120
-rw-r--r--kubernetes/cds/charts/cds-sdc-listener/values.yaml2
-rw-r--r--kubernetes/cds/charts/cds-ui/values.yaml8
-rw-r--r--kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml16
-rw-r--r--kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml16
-rw-r--r--kubernetes/clamp/charts/clamp-backend/values.yaml21
-rw-r--r--kubernetes/clamp/charts/clamp-dash-kibana/templates/ingress.yaml15
-rw-r--r--kubernetes/clamp/charts/clamp-dash-kibana/values.yaml6
-rwxr-xr-xkubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bootstrap-database.sh28
-rw-r--r--kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-db.sql11
-rw-r--r--kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql (renamed from kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-tables.sql)0
-rw-r--r--kubernetes/clamp/charts/mariadb/templates/configmap.yaml15
-rw-r--r--kubernetes/clamp/charts/mariadb/templates/deployment.yaml21
-rw-r--r--kubernetes/clamp/charts/mariadb/templates/secrets.yaml14
-rw-r--r--kubernetes/clamp/charts/mariadb/values.yaml19
-rw-r--r--kubernetes/clamp/templates/secrets.yaml16
-rw-r--r--kubernetes/clamp/values.yaml29
-rw-r--r--kubernetes/cli/values.yaml2
-rw-r--r--kubernetes/common/certInitializer/Chart.yaml18
-rw-r--r--[-rwxr-xr-x]kubernetes/common/certInitializer/requirements.yaml (renamed from kubernetes/common/music/charts/music-tomcat/requirements.yaml)5
-rw-r--r--kubernetes/common/certInitializer/templates/_certInitializer.yaml152
-rw-r--r--kubernetes/common/certInitializer/templates/configmap.yaml (renamed from kubernetes/nbi/templates/configmap-aaf-add-config.yaml)13
-rw-r--r--kubernetes/common/certInitializer/templates/secret.yaml17
-rw-r--r--kubernetes/common/certInitializer/values.yaml42
-rw-r--r--kubernetes/common/common/templates/_aafconfig.tpl14
-rw-r--r--kubernetes/common/common/templates/_secret.tpl1
-rw-r--r--kubernetes/common/dgbuilder/templates/ingress.yaml15
-rwxr-xr-xkubernetes/common/music/charts/music-tomcat/resources/config/music.properties32
-rwxr-xr-xkubernetes/common/music/charts/music-tomcat/templates/deployment.yaml115
-rwxr-xr-xkubernetes/common/music/charts/music-tomcat/templates/service.yaml42
-rwxr-xr-xkubernetes/common/music/charts/music-tomcat/values.yaml114
-rw-r--r--[-rwxr-xr-x]kubernetes/common/music/charts/music/Chart.yaml (renamed from kubernetes/common/music/charts/music-tomcat/Chart.yaml)4
-rwxr-xr-xkubernetes/common/music/charts/music/resources/config/logback.xml302
-rwxr-xr-xkubernetes/common/music/charts/music/resources/config/music-sb.properties13
-rwxr-xr-xkubernetes/common/music/charts/music/resources/config/music.properties24
-rwxr-xr-xkubernetes/common/music/charts/music/resources/config/startup.sh67
-rw-r--r--kubernetes/common/music/charts/music/resources/keys/org.onap.music.jksbin0 -> 3635 bytes
-rw-r--r--kubernetes/common/music/charts/music/resources/keys/truststoreONAPall.jksbin0 -> 117990 bytes
-rw-r--r--[-rwxr-xr-x]kubernetes/common/music/charts/music/templates/configmap.yaml (renamed from kubernetes/common/music/charts/music-tomcat/templates/configmap.yaml)8
-rw-r--r--kubernetes/common/music/charts/music/templates/deployment.yaml119
-rw-r--r--kubernetes/common/music/charts/music/templates/secrets.yaml15
-rw-r--r--kubernetes/common/music/charts/music/templates/service.yaml15
-rw-r--r--kubernetes/common/music/charts/music/values.yaml178
-rw-r--r--kubernetes/common/music/charts/zookeeper/.helmignore21
-rw-r--r--kubernetes/common/music/charts/zookeeper/Chart.yaml15
-rw-r--r--kubernetes/common/music/charts/zookeeper/OWNERS6
-rw-r--r--kubernetes/common/music/charts/zookeeper/README.md140
-rw-r--r--kubernetes/common/music/charts/zookeeper/templates/NOTES.txt7
-rw-r--r--kubernetes/common/music/charts/zookeeper/templates/config-jmx-exporter.yaml19
-rw-r--r--kubernetes/common/music/charts/zookeeper/templates/job-chroots.yaml62
-rw-r--r--kubernetes/common/music/charts/zookeeper/templates/poddisruptionbudget.yaml17
-rw-r--r--kubernetes/common/music/charts/zookeeper/templates/pv.yaml45
-rw-r--r--kubernetes/common/music/charts/zookeeper/templates/service-headless.yaml21
-rw-r--r--kubernetes/common/music/charts/zookeeper/templates/service.yaml23
-rw-r--r--kubernetes/common/music/charts/zookeeper/templates/statefulset.yaml182
-rw-r--r--kubernetes/common/music/charts/zookeeper/values.yaml282
-rw-r--r--kubernetes/common/music/values.yaml2
-rw-r--r--kubernetes/common/network-name-gen/values.yaml2
-rwxr-xr-xkubernetes/contrib/components/awx/charts/awx-postgres/templates/deployment.yaml2
-rwxr-xr-xkubernetes/contrib/components/netbox/charts/netbox-postgres/templates/deployment.yaml2
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-pgaas-initdb-inputs.yaml2
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml280
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml2
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml24
-rw-r--r--kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml7
-rw-r--r--kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml16
-rw-r--r--kubernetes/dcaegen2/components/dcae-dashboard/values.yaml13
-rw-r--r--kubernetes/dcaegen2/components/dcae-inventory-api/resources/config/config.json4
-rw-r--r--kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml25
-rw-r--r--kubernetes/dcaegen2/components/dcae-inventory-api/templates/secret.yaml16
-rw-r--r--kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml25
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/values.yaml1
-rw-r--r--kubernetes/dmaap/components/message-router/values.yaml2
-rw-r--r--kubernetes/msb/charts/kube2msb/values.yaml4
-rw-r--r--kubernetes/msb/charts/msb-eag/values.yaml2
-rw-r--r--kubernetes/msb/charts/msb-iag/values.yaml2
-rw-r--r--kubernetes/msb/resources/config/certificates/ca.crt22
-rw-r--r--kubernetes/msb/resources/config/certificates/cert.crt22
-rw-r--r--kubernetes/multicloud/charts/multicloud-k8s/values.yaml2
-rw-r--r--kubernetes/nbi/requirements.yaml3
-rw-r--r--kubernetes/nbi/templates/deployment.yaml12
-rw-r--r--kubernetes/nbi/templates/ingress.yaml15
-rw-r--r--kubernetes/nbi/values.yaml20
-rwxr-xr-xkubernetes/onap/values.yaml2
-rw-r--r--kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/ingress.yaml15
-rwxr-xr-xkubernetes/oof/charts/oof-has/charts/oof-has-api/values.yaml10
-rwxr-xr-xkubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml2
-rwxr-xr-xkubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml2
-rwxr-xr-xkubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml2
-rwxr-xr-xkubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml2
-rwxr-xr-xkubernetes/oof/charts/oof-has/resources/config/conductor.conf11
-rwxr-xr-xkubernetes/oof/charts/oof-has/templates/job-healthcheck.yaml2
-rwxr-xr-xkubernetes/oof/charts/oof-has/templates/job-onboard.yaml7
-rwxr-xr-xkubernetes/oof/charts/oof-has/values.yaml6
-rw-r--r--kubernetes/oof/values.yaml2
-rw-r--r--kubernetes/policy/charts/drools/values.yaml2
-rw-r--r--kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties2
-rw-r--r--kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml11
-rw-r--r--kubernetes/portal/charts/portal-app/values.yaml2
-rw-r--r--kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql2
-rw-r--r--kubernetes/portal/charts/portal-sdk/values.yaml2
m---------kubernetes/robot0
-rw-r--r--kubernetes/sdc/charts/sdc-be/values.yaml4
-rw-r--r--kubernetes/sdc/charts/sdc-cs/values.yaml4
-rw-r--r--kubernetes/sdc/charts/sdc-dcae-dt/values.yaml5
-rw-r--r--kubernetes/sdc/charts/sdc-dcae-fe/values.yaml2
-rw-r--r--kubernetes/sdc/charts/sdc-fe/values.yaml2
-rw-r--r--kubernetes/sdc/charts/sdc-onboarding-be/values.yaml4
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-be/values.yaml4
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-fe/values.yaml2
-rw-r--r--kubernetes/sdnc/charts/dmaap-listener/values.yaml2
-rw-r--r--kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml2
-rw-r--r--kubernetes/sdnc/charts/sdnc-portal/templates/ingress.yaml15
-rw-r--r--kubernetes/sdnc/charts/sdnc-portal/values.yaml8
-rw-r--r--kubernetes/sdnc/charts/ueb-listener/values.yaml2
-rw-r--r--kubernetes/sdnc/templates/configmap.yaml13
-rw-r--r--kubernetes/sdnc/templates/statefulset.yaml69
-rw-r--r--kubernetes/sdnc/values.yaml19
-rw-r--r--kubernetes/uui/charts/uui-server/values.yaml2
-rw-r--r--kubernetes/uui/values.yaml2
-rw-r--r--kubernetes/vid/values.yaml4
-rw-r--r--kubernetes/vnfsdk/resources/config/configuration.xml35
-rw-r--r--kubernetes/vnfsdk/templates/configmap.yaml2
-rw-r--r--kubernetes/vnfsdk/templates/deployment.yaml33
-rw-r--r--kubernetes/vnfsdk/templates/job.yaml6
-rw-r--r--kubernetes/vnfsdk/templates/secrets.yaml16
-rw-r--r--kubernetes/vnfsdk/values.yaml25
187 files changed, 2646 insertions, 3463 deletions
diff --git a/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml
index eb785e2d9b..309a9f38c6 100644
--- a/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml
+++ b/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml
@@ -1,4 +1,5 @@
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,23 +13,14 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- replicas: {{ .Values.global.aaf.cass.replicas }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- name: fix-permission
@@ -37,47 +29,38 @@ spec:
args:
- -c
- |
- chmod -R 775 /opt/app/aaf/status
chown -R 1000:1000 /opt/app/aaf/status
- chmod -R 775 /var/lib/cassandra
chown -R 1000:1000 /var/lib/cassandra
image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- - mountPath: /opt/app/aaf/status
- name: aaf-status-vol
- mountPath: /var/lib/cassandra
name: aaf-cass-vol
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 30m
+ memory: 100Mi
containers:
- name: {{ include "common.name" . }}
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.cass.image}}
+ image: {{ include "common.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
# installing with cmd "onap" will not only initialize the DB, but add ONAP bootstrap data as well
command: ["/bin/bash","/opt/app/aaf/cass_init/cmd.sh","onap"]
- lifecycle:
- preStop:
- exec:
- command: ["/bin/sh","-c","rm /opt/app/aaf/status/aaf-cass"]
- ports:
- - name: storage
- containerPort: {{.Values.global.aaf.cass.storage_port}}
- - name: ssl-storage
- containerPort: {{.Values.global.aaf.cass.ssl_storage_port}}
- - name: native-trans
- containerPort: {{.Values.global.aaf.cass.native_trans_port}}
- - name: rpc
- containerPort: {{.Values.global.aaf.cass.rpc_port}}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
env:
- name: CASSANDRA_CLUSTER_NAME
- value: {{.Values.global.aaf.cass.cluster_name}}
+ value: {{ .Values.config.cluster_name }}
- name: CASSANDRA_DC
- value: {{.Values.global.aaf.cass.dc}}
+ value: {{ .Values.config.dc }}
- name: CQLSH
value: "/opt/cassandra/bin/cqlsh"
- name: HEAP_NEWSIZE
- value: {{.Values.global.aaf.cass.heap_new_size}}
+ value: {{ .Values.config.heap_new_size }}
- name: MAX_HEAP_SIZE
- value: {{.Values.global.aaf.cass.max_heap_size}}
+ value: {{ .Values.config.max_heap_size }}
- name: MY_POD_NAME
valueFrom:
fieldRef:
@@ -93,44 +76,36 @@ spec:
volumeMounts:
- mountPath: /var/lib/cassandra
name: aaf-cass-vol
- - mountPath: /opt/app/aaf/status
- name: aaf-status-vol
- mountPath: /etc/localtime
name: localtime
readOnly: true
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{.Values.global.aaf.cass.native_trans_port}}
+ port: tcp-cql
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{.Values.global.aaf.cass.native_trans_port}}
+ port: tcp-cql
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 10 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
volumes:
- name: localtime
hostPath:
path: /etc/localtime
- - name: aaf-status-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-status
- name: aaf-cass-vol
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}-data
+ claimName: {{ include "common.fullname" . }}
{{- else }}
emptyDir: {}
{{- end }}
diff --git a/kubernetes/aaf/charts/aaf-cass/templates/pv.yaml b/kubernetes/aaf/charts/aaf-cass/templates/pv.yaml
index 0f0a30585b..187e9b75de 100644
--- a/kubernetes/aaf/charts/aaf-cass/templates/pv.yaml
+++ b/kubernetes/aaf/charts/aaf-cass/templates/pv.yaml
@@ -1,5 +1,6 @@
{{/*
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -14,27 +15,4 @@
# limitations under the License.
*/}}
-{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) }}
-{{- if eq "True" (include "common.needPV" .) }}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-data
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: {{ include "common.release" . }}
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
- storageClassName: "{{ include "common.fullname" . }}-data"
-{{- end -}}
-{{- end -}}
+{{ include "common.PV" . }}
diff --git a/kubernetes/aaf/charts/aaf-cass/templates/pvc.yaml b/kubernetes/aaf/charts/aaf-cass/templates/pvc.yaml
index 3cc43560e4..e56c98751c 100644
--- a/kubernetes/aaf/charts/aaf-cass/templates/pvc.yaml
+++ b/kubernetes/aaf/charts/aaf-cass/templates/pvc.yaml
@@ -1,5 +1,6 @@
{{/*
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -14,26 +15,4 @@
# limitations under the License.
*/}}
-{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" .}}-data
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
- storageClassName: {{ include "common.storageClass" . }}
-{{- end -}}
+{{ include "common.PVC" . }}
diff --git a/kubernetes/aaf/charts/aaf-cass/templates/service.yaml b/kubernetes/aaf/charts/aaf-cass/templates/service.yaml
index d5c615f55d..8f80ee12a2 100644
--- a/kubernetes/aaf/charts/aaf-cass/templates/service.yaml
+++ b/kubernetes/aaf/charts/aaf-cass/templates/service.yaml
@@ -1,4 +1,5 @@
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,38 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-# annotations:
-# service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
-spec:
- type: {{ .Values.service.type }}
- ports:
- - name: storage
- protocol: TCP
- port: {{.Values.global.aaf.cass.storage_port}}
- containerPort: {{.Values.global.aaf.cass.storage_port}}
- - name: ssl-storage
- protocol: TCP
- port: {{.Values.global.aaf.cass.ssl_storage_port}}
- containerPort: {{.Values.global.aaf.cass.ssl_storage_port}}
- - name: native-trans
- protocol: TCP
- port: {{.Values.global.aaf.cass.native_trans_port}}
- containerPort: {{.Values.global.aaf.cass.native_trans_port}}
- - name: rpc
- protocol: TCP
- port: {{.Values.global.aaf.cass.rpc_port}}
- containerPort: {{.Values.global.aaf.cass.rpc_port}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- clusterIP: None
+{{ include "common.service" . }}
diff --git a/kubernetes/aaf/charts/aaf-cass/values.yaml b/kubernetes/aaf/charts/aaf-cass/values.yaml
index 9f6ec565f4..3d9f21e297 100644
--- a/kubernetes/aaf/charts/aaf-cass/values.yaml
+++ b/kubernetes/aaf/charts/aaf-cass/values.yaml
@@ -1,5 +1,5 @@
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications © 2020 AT&T
+# Modifications © 2020 AT&T, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -19,7 +19,7 @@ flavor: small
# Application configuration defaults.
#################################################################
# application configuration
-config: {}
+replicaCount: 1
nodeSelector: {}
@@ -32,6 +32,15 @@ liveness:
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: tcp-cql
+
+image: onap/aaf/aaf_cass:2.1.20
+
+config:
+ cluster_name: osaaf
+ heap_new_size: 512M
+ max_heap_size: 1024M
+ dc: dc1
readiness:
initialDelaySeconds: 5
@@ -40,39 +49,36 @@ readiness:
service:
name: aaf-cass
type: ClusterIP
- portName: aaf-cass
- #targetPort
- internalPort: 7000
- #port
- externalPort: 7000
-
- internalPort2: 7001
- externalPort2: 7001
- internalPort3: 9042
- externalPort3: 9042
- internalPort4: 9160
- externalPort4: 9160
+ ports:
+ - name: tcp-intra
+ port: 7000
+ - name: tls
+ port: 7001
+ - name: tcp-cql
+ port: 9042
+ - name: tcp-thrift
+ port: 9160
ingress:
enabled: false
# Configure resource requests and limits
resources:
- small:
- limits:
- cpu: 2100m
- memory: 1792Mi
- requests:
- cpu: 30m
- memory: 1280Mi
- large:
- limits:
- cpu: 4
- memory: 12000Mi
- requests:
- cpu: 40m
- memory: 9000Mi
- unlimited: {}
+ small:
+ limits:
+ cpu: 2100m
+ memory: 1792Mi
+ requests:
+ cpu: 30m
+ memory: 1280Mi
+ large:
+ limits:
+ cpu: 4
+ memory: 12000Mi
+ requests:
+ cpu: 40m
+ memory: 9000Mi
+ unlimited: {}
persistence:
enabled: true
diff --git a/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml
index b823acd3d5..5074c8bc08 100644
--- a/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml
+++ b/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,128 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
-spec:
- replicas: {{ .Values.global.aaf.cm.replicas }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - |
- chmod -R 775 /opt/app/aaf/status
- chown -R 1000:1000 /opt/app/aaf/status
- chmod -R 775 /opt/app/osaaf
- chown -R 1000:1000 /opt/app/osaaf
- image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /opt/app/aaf/status
- name: aaf-status-vol
- - mountPath: /opt/app/osaaf
- name: aaf-config-vol
- - name: {{ include "common.name" . }}-config-container
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service aaf-locate remove && bin/agent.sh"]
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- env:
- - name: aaf_env
- value: "{{ .Values.global.aaf.aaf_env }}"
- - name: cadi_latitude
- value: "{{ .Values.global.aaf.cadi_latitude }}"
- - name: cadi_longitude
- value: "{{ .Values.global.aaf.cadi_longitude }}"
- - name: cadi_x509_issuers
- value: "{{ .Values.global.aaf.cadi_x509_issuers }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}"
- - name: aaf_locator_container
- value: "oom"
- - name: aaf_release
- value: "{{ .Values.global.aaf.aaf_release }}"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
- - name: aaf_locator_public_fqdn
- value: "{{.Values.global.aaf.public_fqdn}}"
- - name: aaf_locator_name
- value: "{{.Values.global.aaf.aaf_locator_name}}"
- - name: aaf_locator_name_oom
- value: "{{.Values.global.aaf.aaf_locator_name_oom}}"
- - name: cm_always_ignore_ips
- value: "true"
- - name: CASSANDRA_CLUSTER
- value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}"
-# - name: CASSANDRA_USER
-# value: ""
-# - name: CASSANDRA_PASSWORD
-# value: ""
-# - name: CASSANDRA_PORT
-# value: ""
- containers:
- - name: {{ include "common.name" . }}
- command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-cm aaf-locate && exec bin/cm"]
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.cm.internal_port }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.cm.internal_port }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: aaf-status-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-status
- - name: aaf-config-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-config
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ include "aaf.deployment" . }}
diff --git a/kubernetes/aaf/charts/aaf-cm/templates/service.yaml b/kubernetes/aaf/charts/aaf-cm/templates/service.yaml
index 28462f2edf..e54c4f3057 100644
--- a/kubernetes/aaf/charts/aaf-cm/templates/service.yaml
+++ b/kubernetes/aaf/charts/aaf-cm/templates/service.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Orange
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,22 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- ports:
- - port: {{ .Values.global.aaf.cm.internal_port }}
- nodePort: {{ .Values.global.aaf.cm.public_port }}
- name: aaf-cm
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- type: "NodePort"
+{{ include "common.service" . }}
diff --git a/kubernetes/aaf/charts/aaf-cm/values.yaml b/kubernetes/aaf/charts/aaf-cm/values.yaml
index befbdc191d..c391369db6 100644
--- a/kubernetes/aaf/charts/aaf-cm/values.yaml
+++ b/kubernetes/aaf/charts/aaf-cm/values.yaml
@@ -19,6 +19,13 @@ flavor: small
# Application configuration defaults.
#################################################################
# application image
+replicaCount: 1
+
+binary: cm
+
+sequence_order:
+ - service
+ - locate
nodeSelector: {}
@@ -26,24 +33,25 @@ affinity: {}
# probe configuration parameters
liveness:
- initialDelaySeconds: 120
+ initialDelaySeconds: 30
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: api
readiness:
initialDelaySeconds: 5
periodSeconds: 10
+ port: api
service:
name: aaf-cm
type: ClusterIP
- portName: aaf-cm
- #targetPort
- internalPort: 8150
- #port
- externalPort: 8150
+ ports:
+ - name: api
+ protocol: http
+ port: 8150
ingress:
enabled: false
@@ -52,22 +60,22 @@ ingress:
name: "aaf-cm"
port: 8150
config:
- ssl: "none"
+ ssl: "redirect"
# Configure resource requests and limits
resources:
- small:
- limits:
- cpu: 400m
- memory: 300Mi
- requests:
- cpu: 1m
- memory: 200Mi
- large:
- limits:
- cpu: 400m
- memory: 1Gi
- requests:
- cpu: 40m
- memory: 600Mi
- unlimited: {}
+ small:
+ limits:
+ cpu: 400m
+ memory: 300Mi
+ requests:
+ cpu: 1m
+ memory: 200Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1Gi
+ requests:
+ cpu: 40m
+ memory: 600Mi
+ unlimited: {}
diff --git a/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml
index 2e8e41e637..c36750809c 100644
--- a/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml
+++ b/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Orange
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,128 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
-spec:
- replicas: {{ .Values.global.aaf.fs.replicas }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - |
- chmod -R 775 /opt/app/aaf/status
- chown -R 1000:1000 /opt/app/aaf/status
- chmod -R 775 /opt/app/osaaf
- chown -R 1000:1000 /opt/app/osaaf
- image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /opt/app/osaaf
- name: aaf-config-vol
- - mountPath: /opt/app/aaf/status
- name: aaf-status-vol
- - name: {{ include "common.name" . }}-config-container
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service aaf-locate remove && bin/agent.sh"]
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- env:
- - name: aaf_env
- value: "{{ .Values.global.aaf.aaf_env }}"
- - name: cadi_latitude
- value: "{{ .Values.global.aaf.cadi_latitude }}"
- - name: cadi_longitude
- value: "{{ .Values.global.aaf.cadi_longitude }}"
- - name: cadi_x509_issuers
- value: "{{ .Values.global.aaf.cadi_x509_issuers }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}"
- - name: aaf_locator_container
- value: "oom"
- - name: aaf_release
- value: "{{ .Values.global.aaf.aaf_release }}"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
- - name: aaf_locator_public_fqdn
- value: "{{.Values.global.aaf.public_fqdn}}"
- - name: aaf_locator_name
- value: "{{.Values.global.aaf.aaf_locator_name}}"
- - name: aaf_locator_name_oom
- value: "{{.Values.global.aaf.aaf_locator_name_oom}}"
- - name: cm_always_ignore_ips
- value: "true"
- - name: CASSANDRA_CLUSTER
- value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}"
-# - name: CASSANDRA_USER
-# value: ""
-# - name: CASSANDRA_PASSWORD
-# value: ""
-# - name: CASSANDRA_PORT
-# value: ""
- containers:
- - name: {{ include "common.name" . }}
- command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-fs aaf-locate && exec bin/fs"]
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: aaf-status-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-status
- - name: aaf-config-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-config
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ include "aaf.deployment" . }}
diff --git a/kubernetes/aaf/charts/aaf-fs/templates/service.yaml b/kubernetes/aaf/charts/aaf-fs/templates/service.yaml
index b81635f74d..e54c4f3057 100644
--- a/kubernetes/aaf/charts/aaf-fs/templates/service.yaml
+++ b/kubernetes/aaf/charts/aaf-fs/templates/service.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Orange
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,22 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- ports:
- - port: {{ .Values.global.aaf.fs.internal_port }}
- nodePort: {{ .Values.global.aaf.fs.public_port }}
- name: aaf-hello
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- type: "NodePort"
+{{ include "common.service" . }}
diff --git a/kubernetes/aaf/charts/aaf-fs/values.yaml b/kubernetes/aaf/charts/aaf-fs/values.yaml
index 4b12bd0deb..6ddc07278b 100644
--- a/kubernetes/aaf/charts/aaf-fs/values.yaml
+++ b/kubernetes/aaf/charts/aaf-fs/values.yaml
@@ -1,5 +1,5 @@
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications © 2020 AT&T
+# Modifications © 2020 AT&T, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -21,6 +21,13 @@ flavor: small
# application image
pullPolicy: Always
+replicaCount: 1
+
+binary: fs
+
+sequence_order:
+ - service
+ - locate
nodeSelector: {}
@@ -33,19 +40,20 @@ liveness:
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: api
readiness:
initialDelaySeconds: 5
periodSeconds: 10
+ port: api
service:
name: aaf-fs
type: ClusterIP
- portName: aaf-fs
- #targetPort
- internalPort: 8096
- #port
- externalPort: 8096
+ ports:
+ - name: api
+ port: 8096
+ protocol: http
ingress:
enabled: false
@@ -58,18 +66,18 @@ ingress:
# Configure resource requests and limits
resources:
- small:
- limits:
- cpu: 200m
- memory: 110Mi
- requests:
- cpu: 1m
- memory: 80Mi
- large:
- limits:
- cpu: 500m
- memory: 700Mi
- requests:
- cpu: 100m
- memory: 400Mi
- unlimited: {}
+ small:
+ limits:
+ cpu: 200m
+ memory: 110Mi
+ requests:
+ cpu: 1m
+ memory: 80Mi
+ large:
+ limits:
+ cpu: 500m
+ memory: 700Mi
+ requests:
+ cpu: 100m
+ memory: 400Mi
+ unlimited: {}
diff --git a/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml
index cbf68aad37..c36750809c 100644
--- a/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml
+++ b/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Orange
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,128 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
-spec:
- replicas: {{ .Values.global.aaf.gui.replicas }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - |
- chmod -R 775 /opt/app/aaf/status
- chown -R 1000:1000 /opt/app/aaf/status
- chmod -R 775 /opt/app/osaaf
- chown -R 1000:1000 /opt/app/osaaf
- image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /opt/app/osaaf
- name: aaf-config-vol
- - mountPath: /opt/app/aaf/status
- name: aaf-status-vol
- - name: {{ include "common.name" . }}-config-container
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service aaf-locate remove && bin/agent.sh"]
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- env:
- - name: aaf_env
- value: "{{ .Values.global.aaf.aaf_env }}"
- - name: cadi_latitude
- value: "{{ .Values.global.aaf.cadi_latitude }}"
- - name: cadi_longitude
- value: "{{ .Values.global.aaf.cadi_longitude }}"
- - name: cadi_x509_issuers
- value: "{{ .Values.global.aaf.cadi_x509_issuers }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}"
- - name: aaf_locator_container
- value: "oom"
- - name: aaf_release
- value: "{{ .Values.global.aaf.aaf_release }}"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
- - name: aaf_locator_public_fqdn
- value: "{{.Values.global.aaf.public_fqdn}}"
- - name: aaf_locator_name
- value: "{{.Values.global.aaf.aaf_locator_name}}"
- - name: aaf_locator_name_oom
- value: "{{.Values.global.aaf.aaf_locator_name_oom}}"
- - name: cm_always_ignore_ips
- value: "true"
- - name: CASSANDRA_CLUSTER
- value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}"
-# - name: CASSANDRA_USER
-# value: ""
-# - name: CASSANDRA_PASSWORD
-# value: ""
-# - name: CASSANDRA_PORT
-# value: ""
- containers:
- - name: {{ include "common.name" . }}
- command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-gui aaf-locate && exec bin/gui"]
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.gui.internal_port }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.gui.internal_port }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: aaf-status-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-status
- - name: aaf-config-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-config
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ include "aaf.deployment" . }}
diff --git a/kubernetes/aaf/charts/aaf-gui/templates/service.yaml b/kubernetes/aaf/charts/aaf-gui/templates/service.yaml
index 7dc4468598..e54c4f3057 100644
--- a/kubernetes/aaf/charts/aaf-gui/templates/service.yaml
+++ b/kubernetes/aaf/charts/aaf-gui/templates/service.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Orange
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,22 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- ports:
- - port: {{ .Values.global.aaf.gui.internal_port }}
- nodePort: {{ .Values.global.aaf.gui.public_port }}
- name: aaf-gui
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- type: "NodePort"
+{{ include "common.service" . }}
diff --git a/kubernetes/aaf/charts/aaf-gui/values.yaml b/kubernetes/aaf/charts/aaf-gui/values.yaml
index bc013d07f7..f418fd5b41 100644
--- a/kubernetes/aaf/charts/aaf-gui/values.yaml
+++ b/kubernetes/aaf/charts/aaf-gui/values.yaml
@@ -20,6 +20,13 @@ flavor: small
# application image
pullPolicy: Always
+replicaCount: 1
+
+binary: gui
+
+sequence_order:
+ - service
+ - locate
nodeSelector: {}
@@ -27,25 +34,26 @@ affinity: {}
# probe configuration parameters
liveness:
- initialDelaySeconds: 120
+ initialDelaySeconds: 30
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: gui
readiness:
initialDelaySeconds: 5
periodSeconds: 10
+ port: gui
service:
name: aaf-gui
type: NodePort
- portName: aaf-gui
- #targetPort
- internalPort: 8200
- #port
- externalPort: 8200
- nodePort: 51
+ ports:
+ - name: gui
+ protocol: http
+ port: 8200
+ nodePort: 51
ingress:
enabled: false
@@ -54,22 +62,22 @@ ingress:
name: "aaf-gui"
port: 8200
config:
- ssl: "none"
+ ssl: "redirect"
# Configure resource requests and limits
resources:
- small:
- limits:
- cpu: 200m
- memory: 280Mi
- requests:
- cpu: 1m
- memory: 170Mi
- large:
- limits:
- cpu: 200m
- memory: 1Gi
- requests:
- cpu: 100m
- memory: 500Mi
- unlimited: {}
+ small:
+ limits:
+ cpu: 200m
+ memory: 280Mi
+ requests:
+ cpu: 1m
+ memory: 170Mi
+ large:
+ limits:
+ cpu: 200m
+ memory: 1Gi
+ requests:
+ cpu: 100m
+ memory: 500Mi
+ unlimited: {}
diff --git a/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pv.yaml b/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pv.yaml
deleted file mode 100644
index d2b4f0c76f..0000000000
--- a/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pv.yaml
+++ /dev/null
@@ -1,46 +0,0 @@
-{{- if ne 0 (int .Values.global.aaf.hello.replicas) }}
-{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) -}}
-#########
-## ============LICENSE_START====================================================
-## org.onap.aaf
-## ===========================================================================
-## Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
-## ===========================================================================
-## Licensed under the Apache License, Version 2.0 (the "License");
-## you may not use this file except in compliance with the License.
-## You may obtain a copy of the License at
-##
-## http://www.apache.org/licenses/LICENSE-2.0
-##
-## Unless required by applicable law or agreed to in writing, software
-## distributed under the License is distributed on an "AS IS" BASIS,
-## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-## See the License for the specific language governing permissions and
-## limitations under the License.
-## ============LICENSE_END====================================================
-##
-
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.release" . }}-aaf-hello-pv
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ .Chart.Name }}-hello
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: {{ include "common.release" . }}
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
- storageClassName: "{{ include "common.fullname" . }}-data"
-{{- end -}}
-{{- end -}}
-{{- end -}}
diff --git a/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pvc.yaml b/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pvc.yaml
deleted file mode 100644
index fc148f63d6..0000000000
--- a/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pvc.yaml
+++ /dev/null
@@ -1,44 +0,0 @@
-{{- if ne 0 (int .Values.global.aaf.hello.replicas) }}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-#########
-## ============LICENSE_START====================================================
-## org.onap.aaf
-## ===========================================================================
-## Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
-## ===========================================================================
-## Licensed under the Apache License, Version 2.0 (the "License");
-## you may not use this file except in compliance with the License.
-## You may obtain a copy of the License at
-##
-## http://www.apache.org/licenses/LICENSE-2.0
-##
-## Unless required by applicable law or agreed to in writing, software
-## distributed under the License is distributed on an "AS IS" BASIS,
-## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-## See the License for the specific language governing permissions and
-## limitations under the License.
-## ============LICENSE_END====================================================
-##
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.release" . }}-aaf-hello-pvc
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.config.accessMode }}
- resources:
- requests:
- storage: {{ .Values.persistence.config.size }}
- storageClassName: {{ include "common.storageClass" . }}
-{{- end -}}
-{{- end -}}
diff --git a/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml
index 1e120bd0ad..891b829f43 100644
--- a/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml
+++ b/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml
@@ -1,4 +1,5 @@
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -11,112 +12,49 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
-metadata:
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- replicas: {{ .Values.global.aaf.hello.replicas }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: aaf-hello-vol
- {{- if and .Values.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-hello-pvc
- {{- else }}
- emptyDir: {}
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- initContainers:
- - name: fix-permission
- command: ["/bin/sh","-c","chmod -R 775 /opt/app/osaaf/local && chown -R 1000:1000 /opt/app/osaaf"]
- image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: "/opt/app/osaaf/local"
- name: aaf-hello-vol
- - name: {{ include "common.name" . }}-config-container
- image: {{ .Values.global.repository }}/{{.Values.aaf_init.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c","cd /opt/app/aaf_config && bin/agent.sh"]
-# command: ["bash","-c","cd /opt/app/aaf_config && echo Sleeping && sleep 480"]
-# command: ["bash","-c","chown 1000:1000 /opt/app/osaaf && cd /opt/app/aaf_config && sleep 480"]
- volumeMounts:
- - mountPath: "/opt/app/osaaf/local"
- name: aaf-hello-vol
- env:
- - name: APP_FQI
- value: "{{ .Values.aaf_init.fqi }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}"
- - name: aaf_locator_container
- value: "oom"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
-# This should the APP's FQDN to be put in Locator
-# This MUST match what is entered for AAF Certificate Artifacts
- - name: aaf_locator_fqdn
- value: "{{.Values.aaf_init.fqdn}}"
-# Hello specific. Clients don't don't need this, unless Registering with AAF Locator
-# This should be the APP's PUBLIC FQDN, if applicable
- - name: aaf_locator_public_fqdn
- value: "{{.Values.aaf_init.locator_public_fqdn}}"
- - name: LATITUDE
- value: "{{ .Values.aaf_init.cadi_latitude }}"
- - name: LONGITUDE
- value: "{{ .Values.aaf_init.cadi_longitude }}"
-# Note: We want to put this in Secrets or at LEAST ConfigMaps
- - name: "DEPLOY_FQI"
- value: "deployer@people.osaaf.org"
-# Note: want to put this on Nodes, evenutally
- - name: "DEPLOY_PASSWORD"
- value: "demo123456!"
+ initContainers: {{ include "common.aaf-config" (dict "aafRoot" .Values.aaf_init "dot" .) | nindent 6 }}
# CONTAINER Definition
containers:
- name: {{ include "common.name" . }}
command: ["bash","-c","cd /opt/app/aaf && if [ ! -d /opt/app/osaaf/etc ]; then cp -Rf etc logs /opt/app/osaaf; fi && exec bin/hello"]
- image: {{ .Values.global.repository }}/{{.Values.service.image }}
+ image: {{ .Values.global.repository }}/{{.Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: "/opt/app/osaaf/local"
- name: aaf-hello-vol
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ volumeMounts: {{ include "common.aaf-config-volume-mountpath" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.port }}
+ port: {{ .Values.liveness.port }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
+ {{- end }}
readinessProbe:
tcpSocket:
- port: {{ .Values.service.port }}
+ port: {{ .Values.readiness.port }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
+ volumes: {{ include "common.aaf-config-volumes" (dict "aafRoot" .Values.aaf_init "dot" .) | nindent 6 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aaf/charts/aaf-hello/templates/secret.yaml b/kubernetes/aaf/charts/aaf-hello/templates/secret.yaml
new file mode 100644
index 0000000000..f8c32e0670
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-hello/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/aaf/charts/aaf-hello/templates/service.yaml b/kubernetes/aaf/charts/aaf-hello/templates/service.yaml
index 5ba4f68be9..8f80ee12a2 100644
--- a/kubernetes/aaf/charts/aaf-hello/templates/service.yaml
+++ b/kubernetes/aaf/charts/aaf-hello/templates/service.yaml
@@ -1,4 +1,5 @@
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,22 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- ports:
- - port: {{ .Values.service.port }}
- nodePort: {{ .Values.service.public_port }}
- name: aaf-hello
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- type: "NodePort"
+{{ include "common.service" . }}
diff --git a/kubernetes/aaf/charts/aaf-hello/values.yaml b/kubernetes/aaf/charts/aaf-hello/values.yaml
index 0400dcc1fd..aeb659082d 100644
--- a/kubernetes/aaf/charts/aaf-hello/values.yaml
+++ b/kubernetes/aaf/charts/aaf-hello/values.yaml
@@ -12,6 +12,8 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+global:
+ aafEnabled: true
flavor: small
@@ -22,47 +24,58 @@ flavor: small
aaf_init:
# You might want this in your own app. For AAF, we store in global
# replicas: 1
- image: onap/aaf/aaf_agent:2.1.20
- fqi: "aaf@aaf.osaaf.org"
+ fqi: aaf@aaf.osaaf.org
# This MUST match what is put in AAF's "Artifact" for Certificates
- fqdn: "aaf-hello"
+ fqdn: aaf-hello
# What is put in Locator for External Access
- locator_public_fqdn: "aaf.osaaf.org"
- app_ns: "org.osaaf.aaf"
- deploy_fqi: "deployer@people.osaaf.org"
+ public_fqdn: aaf.osaaf.org
cadi_latitude: "38.0"
cadi_longitude: "-72.0"
+ credsPath: /opt/app/osaaf/local
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ secret_uid: &aaf_secret_uid nbi-aaf-deploy-creds
+ permission_user: 1000
+ permission_group: 999
-service:
- image: onap/aaf/aaf_hello:2.1.20
- port: "8130"
- public_port: "31119"
+replicaCount: 0
-persistence:
- enabled: false
- #existingClaim:
- # You will want "Reatan" in non-Hello Example.
- volumeReclaimPolicy: Delete
- accessMode: ReadWriteMany
- size: 40M
- mountPath: /dockerdata-nfs
- mountSubPath: aaf/hello
+image: onap/aaf/aaf_hello:2.1.20
+
+service:
+ name: aaf-hello
+ type: ClusterIP
+ ports:
+ - name: api
+ protocol: http
+ port: 8130
nodeSelector: {}
affinity: {}
+secrets:
+ - uid: *aaf_secret_uid
+ type: basicAuth
+ externalSecret: '{{ ternary (tpl (default "" .Values.aaf_init.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}'
+ login: '{{ .Values.aaf_init.aafDeployFqi }}'
+ password: '{{ .Values.aaf_init.aafDeployPass }}'
+ passwordPolicy: required
+
# probe configuration parameters
liveness:
- initialDelaySeconds: 120
+ initialDelaySeconds: 30
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: api
readiness:
initialDelaySeconds: 5
periodSeconds: 10
+ port: api
ingress:
enabled: false
@@ -75,18 +88,18 @@ ingress:
# Configure resource requests and limits
resources:
- small:
- limits:
- cpu: 200m
- memory: 500Mi
- requests:
- cpu: 10m
- memory: 200Mi
- large:
- limits:
- cpu: 400m
- memory: 1Gi
- requests:
- cpu: 20m
- memory: 500Mi
- unlimited: {}
+ small:
+ limits:
+ cpu: 200m
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 200Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1Gi
+ requests:
+ cpu: 20m
+ memory: 500Mi
+ unlimited: {}
diff --git a/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml
index cc7f19176f..5074c8bc08 100644
--- a/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml
+++ b/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,128 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
-spec:
- replicas: {{ .Values.global.aaf.locate.replicas }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - |
- chmod -R 775 /opt/app/aaf/status
- chown -R 1000:1000 /opt/app/aaf/status
- chmod -R 775 /opt/app/osaaf
- chown -R 1000:1000 /opt/app/osaaf
- image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /opt/app/aaf/status
- name: aaf-status-vol
- - mountPath: /opt/app/osaaf
- name: aaf-config-vol
- - name: {{ include "common.name" . }}-config-container
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service remove && bin/agent.sh"]
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- env:
- - name: aaf_env
- value: "{{ .Values.global.aaf.aaf_env }}"
- - name: cadi_latitude
- value: "{{ .Values.global.aaf.cadi_latitude }}"
- - name: cadi_longitude
- value: "{{ .Values.global.aaf.cadi_longitude }}"
- - name: cadi_x509_issuers
- value: "{{ .Values.global.aaf.cadi_x509_issuers }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}"
- - name: aaf_locator_container
- value: "oom"
- - name: aaf_release
- value: "{{ .Values.global.aaf.aaf_release }}"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
- - name: aaf_locator_public_fqdn
- value: "{{.Values.global.aaf.public_fqdn}}"
- - name: aaf_locator_name
- value: "{{.Values.global.aaf.aaf_locator_name}}"
- - name: aaf_locator_name_oom
- value: "{{.Values.global.aaf.aaf_locator_name_oom}}"
- - name: cm_always_ignore_ips
- value: "true"
- - name: CASSANDRA_CLUSTER
- value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}"
-# - name: CASSANDRA_USER
-# value: ""
-# - name: CASSANDRA_PASSWORD
-# value: ""
-# - name: CASSANDRA_PORT
-# value: ""
- containers:
- - name: {{ include "common.name" . }}
- command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-locate aaf-service && exec bin/locate"]
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.locate.internal_port }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.locate.internal_port }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: aaf-status-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-status
- - name: aaf-config-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-config
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ include "aaf.deployment" . }}
diff --git a/kubernetes/aaf/charts/aaf-locate/templates/ingress.yaml b/kubernetes/aaf/charts/aaf-locate/templates/ingress.yaml
index 40b4bba0ce..1b33c1f8d1 100644
--- a/kubernetes/aaf/charts/aaf-locate/templates/ingress.yaml
+++ b/kubernetes/aaf/charts/aaf-locate/templates/ingress.yaml
@@ -1,4 +1,2 @@
{{ include "common.ingress" . }}
-
-
diff --git a/kubernetes/aaf/charts/aaf-locate/templates/service.yaml b/kubernetes/aaf/charts/aaf-locate/templates/service.yaml
index 8aead90d29..e54c4f3057 100644
--- a/kubernetes/aaf/charts/aaf-locate/templates/service.yaml
+++ b/kubernetes/aaf/charts/aaf-locate/templates/service.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Orange
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,22 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- ports:
- - port: {{ .Values.global.aaf.locate.internal_port }}
- nodePort: {{ .Values.global.aaf.locate.public_port }}
- name: aaf-locate
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- type: "NodePort"
+{{ include "common.service" . }}
diff --git a/kubernetes/aaf/charts/aaf-locate/values.yaml b/kubernetes/aaf/charts/aaf-locate/values.yaml
index 2083f1af3d..47b2f205e5 100644
--- a/kubernetes/aaf/charts/aaf-locate/values.yaml
+++ b/kubernetes/aaf/charts/aaf-locate/values.yaml
@@ -18,6 +18,12 @@ flavor: small
# Application configuration defaults.
#################################################################
# application image
+replicaCount: 1
+
+binary: locate
+
+sequence_order:
+ - service
nodeSelector: {}
@@ -25,24 +31,25 @@ affinity: {}
# probe configuration parameters
liveness:
- initialDelaySeconds: 120
+ initialDelaySeconds: 30
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: api
readiness:
initialDelaySeconds: 5
periodSeconds: 10
+ port: api
service:
name: aaf-locate
type: ClusterIP
- portName: aaf-locate
- #targetPort
- internalPort: 8095
- #port
- externalPort: 31111
+ ports:
+ - name: api
+ protocol: http
+ port: 8095
ingress:
enabled: false
@@ -51,22 +58,22 @@ ingress:
name: "aaf-locate"
port: 8095
config:
- ssl: "none"
+ ssl: "redirect"
# Configure resource requests and limits
resources:
- small:
- limits:
- cpu: 100m
- memory: 320Mi
- requests:
- cpu: 1m
- memory: 210Mi
- large:
- limits:
- cpu: 400m
- memory: 1Gi
- requests:
- cpu: 40m
- memory: 500Mi
- unlimited: {}
+ small:
+ limits:
+ cpu: 100m
+ memory: 320Mi
+ requests:
+ cpu: 1m
+ memory: 210Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1Gi
+ requests:
+ cpu: 40m
+ memory: 500Mi
+ unlimited: {}
diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml
index 6ce3abd241..5074c8bc08 100644
--- a/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml
+++ b/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,128 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
-spec:
- replicas: {{ .Values.global.aaf.oauth.replicas }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - |
- chmod -R 775 /opt/app/aaf/status
- chown -R 1000:1000 /opt/app/aaf/status
- chmod -R 775 /opt/app/osaaf
- chown -R 1000:1000 /opt/app/osaaf
- image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /opt/app/aaf/status
- name: aaf-status-vol
- - mountPath: /opt/app/osaaf
- name: aaf-config-vol
- - name: {{ include "common.name" . }}-config-container
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service remove && bin/agent.sh"]
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- env:
- - name: aaf_env
- value: "{{ .Values.global.aaf.aaf_env }}"
- - name: cadi_latitude
- value: "{{ .Values.global.aaf.cadi_latitude }}"
- - name: cadi_longitude
- value: "{{ .Values.global.aaf.cadi_longitude }}"
- - name: cadi_x509_issuers
- value: "{{ .Values.global.aaf.cadi_x509_issuers }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}"
- - name: aaf_locator_container
- value: "oom"
- - name: aaf_release
- value: "{{ .Values.global.aaf.aaf_release }}"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
- - name: aaf_locator_public_fqdn
- value: "{{.Values.global.aaf.public_fqdn}}"
- - name: aaf_locator_name
- value: "{{.Values.global.aaf.aaf_locator_name}}"
- - name: aaf_locator_name_oom
- value: "{{.Values.global.aaf.aaf_locator_name_oom}}"
- - name: cm_always_ignore_ips
- value: "true"
- - name: CASSANDRA_CLUSTER
- value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}"
-# - name: CASSANDRA_USER
-# value: ""
-# - name: CASSANDRA_PASSWORD
-# value: ""
-# - name: CASSANDRA_PORT
-# value: ""
- containers:
- - name: {{ include "common.name" . }}
- command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-oauth aaf-service && exec bin/oauth"]
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.oauth.internal_port }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.oauth.internal_port }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: aaf-status-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-status
- - name: aaf-config-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-config
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ include "aaf.deployment" . }}
diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/ingress.yaml b/kubernetes/aaf/charts/aaf-oauth/templates/ingress.yaml
new file mode 100644
index 0000000000..1b33c1f8d1
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-oauth/templates/ingress.yaml
@@ -0,0 +1,2 @@
+
+{{ include "common.ingress" . }}
diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml b/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml
index 52c2d10568..e54c4f3057 100644
--- a/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml
+++ b/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Orange
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,22 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- ports:
- - port: {{ .Values.global.aaf.oauth.internal_port }}
- nodePort: {{ .Values.global.aaf.oauth.public_port }}
- name: aaf-oauth
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- type: "NodePort"
+{{ include "common.service" . }}
diff --git a/kubernetes/aaf/charts/aaf-oauth/values.yaml b/kubernetes/aaf/charts/aaf-oauth/values.yaml
index deadf2976f..7604b86393 100644
--- a/kubernetes/aaf/charts/aaf-oauth/values.yaml
+++ b/kubernetes/aaf/charts/aaf-oauth/values.yaml
@@ -19,30 +19,40 @@ flavor: small
# Application configuration defaults.
#################################################################
# application image
+
+replicaCount: 1
+
+binary: oauth
+
+sequence_order:
+ - service
+ - locate
+
nodeSelector: {}
affinity: {}
# probe configuration parameters
liveness:
- initialDelaySeconds: 120
+ initialDelaySeconds: 30
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: api
readiness:
initialDelaySeconds: 5
periodSeconds: 10
+ port: api
service:
name: aaf-oauth
type: ClusterIP
- portName: aaf-oauth
- #targetPort
- internalPort: 8140
- #port
- externalPort: 8140
+ ports:
+ - name: api
+ protocol: http
+ port: 8140
ingress:
enabled: false
@@ -51,22 +61,22 @@ ingress:
name: "aaf-oauth"
port: 8140
config:
- ssl: "none"
+ ssl: "redirect"
# Configure resource requests and limits
resources:
- small:
- limits:
- cpu: 40m
- memory: 320Mi
- requests:
- cpu: 1m
- memory: 210Mi
- large:
- limits:
- cpu: 400m
- memory: 600Mi
- requests:
- cpu: 40m
- memory: 200Mi
- unlimited: {}
+ small:
+ limits:
+ cpu: 40m
+ memory: 320Mi
+ requests:
+ cpu: 1m
+ memory: 210Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 600Mi
+ requests:
+ cpu: 40m
+ memory: 200Mi
+ unlimited: {}
diff --git a/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml
index 555f4ac815..5074c8bc08 100644
--- a/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml
+++ b/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,135 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
-spec:
- replicas: {{ .Values.global.aaf.service.replicas }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - |
- chmod -R 775 /opt/app/aaf/status
- chown -R 1000:1000 /opt/app/aaf/status
- chmod -R 775 /opt/app/osaaf
- chown -R 1000:1000 /opt/app/osaaf
- image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /opt/app/aaf/status
- name: aaf-status-vol
- - mountPath: /opt/app/osaaf
- name: aaf-config-vol
- - name: {{ include "common.name" . }}-config-container
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config nc aaf-cass.{{ .Release.Namespace }} 9042 sleep 15 remove && bin/agent.sh"]
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- env:
- - name: aaf_env
- value: "{{ .Values.global.aaf.aaf_env }}"
- - name: cadi_latitude
- value: "{{ .Values.global.aaf.cadi_latitude }}"
- - name: cadi_longitude
- value: "{{ .Values.global.aaf.cadi_longitude }}"
- - name: cadi_x509_issuers
- value: "{{ .Values.global.aaf.cadi_x509_issuers }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}"
- - name: aaf_locator_container
- value: "oom"
- - name: aaf_release
- value: "{{ .Values.global.aaf.aaf_release }}"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
- - name: aaf_locator_public_fqdn
- value: "{{.Values.global.aaf.public_fqdn}}"
- - name: aaf_locator_name
- value: "{{.Values.global.aaf.aaf_locator_name}}"
- - name: aaf_locator_name_oom
- value: "{{.Values.global.aaf.aaf_locator_name_oom}}"
- - name: cm_always_ignore_ips
- value: "true"
- - name: CASSANDRA_CLUSTER
- value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}"
-# - name: CASSANDRA_USER
-# value: ""
-# - name: CASSANDRA_PASSWORD
-# value: ""
-# - name: CASSANDRA_PORT
-# value: ""
- containers:
- - name: {{ include "common.name" . }}
- command: ["/bin/bash","-c","cd /opt/app/aaf && bin/pod_wait.sh aaf-service aaf-cass && exec bin/service"]
- image: {{.Values.global.repository}}/{{.Values.global.aaf.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: cm_always_ignore_ips
- value: "true"
- lifecycle:
- preStop:
- exec:
- command: ["/bin/sh","-c","rm /opt/app/aaf/status/aaf-service* && echo $HOSTNAME >> aaf-service.hosts"]
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.service.internal_port }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.service.internal_port }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: aaf-status-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-status
- - name: aaf-config-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-config
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ include "aaf.deployment" . }}
diff --git a/kubernetes/aaf/charts/aaf-service/templates/service.yaml b/kubernetes/aaf/charts/aaf-service/templates/service.yaml
index e02c685549..e54c4f3057 100644
--- a/kubernetes/aaf/charts/aaf-service/templates/service.yaml
+++ b/kubernetes/aaf/charts/aaf-service/templates/service.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Orange
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,22 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- ports:
- - port: {{ .Values.global.aaf.service.internal_port }}
- nodePort: {{ .Values.global.aaf.service.public_port }}
- name: aaf-service
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- type: "NodePort"
+{{ include "common.service" . }}
diff --git a/kubernetes/aaf/charts/aaf-service/values.yaml b/kubernetes/aaf/charts/aaf-service/values.yaml
index 5f3c1878dd..c2d96032cc 100644
--- a/kubernetes/aaf/charts/aaf-service/values.yaml
+++ b/kubernetes/aaf/charts/aaf-service/values.yaml
@@ -20,30 +20,38 @@ flavor: small
#################################################################
# application image
+replicaCount: 1
+
+binary: service
+
+sequence_order:
+ - cass
+
nodeSelector: {}
affinity: {}
# probe configuration parameters
liveness:
- initialDelaySeconds: 120
+ initialDelaySeconds: 30
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: api
readiness:
initialDelaySeconds: 5
periodSeconds: 10
+ port: api
service:
name: aaf-service
- type: NodePort
- portName: aaf-service
- #targetPort
- internalPort: 8100
- #port
- externalPort: 31110
+ type: ClusterIP
+ ports:
+ - name: api
+ port: 8100
+ protocol: http
ingress:
enabled: false
@@ -52,22 +60,22 @@ ingress:
name: "aaf-service"
port: 8100
config:
- ssl: "none"
+ ssl: "redirect"
# Configure resource requests and limits
resources:
- small:
- limits:
- cpu: 250m
- memory: 360Mi
- requests:
- cpu: 10m
- memory: 250Mi
- large:
- limits:
- cpu: 400m
- memory: 1Gi
- requests:
- cpu: 40m
- memory: 300Mi
- unlimited: {}
+ small:
+ limits:
+ cpu: 250m
+ memory: 360Mi
+ requests:
+ cpu: 10m
+ memory: 250Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1Gi
+ requests:
+ cpu: 40m
+ memory: 300Mi
+ unlimited: {}
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml
index 5ade9a81d6..8d1faf7e32 100644
--- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml
@@ -18,15 +18,8 @@
apiVersion: v1
kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-{{- end -}} \ No newline at end of file
+{{- end -}}
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml
index c816b16914..23fe79d716 100644
--- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml
@@ -18,21 +18,11 @@
apiVersion: batch/v1
kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-init
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-job
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
backoffLimit: 2
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}-job
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
restartPolicy: Never
containers:
@@ -58,19 +48,17 @@ spec:
- name: {{ include "common.fullname" . }}-tpmconfig
mountPath: "/abrmd/cred/"
readOnly: true
- resources:
-{{ toYaml .Values.resources | indent 10 }}
- nodeSelector:
- {{- if .Values.nodeSelector }}
-{{ toYaml .Values.nodeSelector | indent 8 }}
+ resources: {{ toYaml .Values.resources | nindent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
{{- end -}}
{{- if .Values.global.tpm.enabled }}
{{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
+ resources: {{ include "common.resources" . | nindent 10 }}
volumes:
- name: {{ include "common.fullname" . }}-data
persistentVolumeClaim:
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml
index 0beda0fefc..c624ccfc4d 100644
--- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml
@@ -16,24 +16,15 @@
{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}}
-apiVersion: apps/v1beta1
+apiVersion: apps/v1
kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
serviceName:
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
@@ -50,6 +41,13 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
containers:
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
name: {{ include "common.name" . }}
@@ -66,8 +64,7 @@ spec:
- mountPath: /etc/localtime
name: localtime
readOnly: true
- resources:
-{{ toYaml .Values.resources | indent 10 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
nodeSelector:
{{- if .Values.nodeSelector }}
{{ toYaml .Values.nodeSelector | indent 8 }}
@@ -76,8 +73,7 @@ spec:
{{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
volumes:
- name: localtime
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml
index dc5176127a..99176fcdf6 100644
--- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml
@@ -18,15 +18,8 @@
apiVersion: v1
kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-{{- end -}} \ No newline at end of file
+{{- end -}}
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml
index 3d248eef51..fb48c7df4a 100644
--- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml
@@ -18,22 +18,12 @@
apiVersion: batch/v1
kind: Job
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
replicas: {{ .Values.replicaCount }}
serviceName:
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
restartPolicy: Never
initContainers:
@@ -52,6 +42,13 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
{{ else }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -69,6 +66,13 @@ spec:
readOnly: true
- name: {{ include "common.fullname" . }}-data
mountPath: /distcenter/data
+ resources:
+ limits:
+ cpu: 1
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
{{- end }}
containers:
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -82,15 +86,12 @@ spec:
readOnly: true
- name: {{ include "common.fullname" . }}-data
mountPath: /distcenter/data
- resources:
-{{ toYaml .Values.resources | indent 10 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 8 }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
volumes:
- name: localtime
@@ -98,7 +99,7 @@ spec:
path: /etc/localtime
- name: {{ include "common.fullname" . }}-data
persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-sshsm-data
+ claimName: {{ include "common.release" . }}-aaf-sshsm
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml
index 00005a58b1..bf0ef74be2 100644
--- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml
@@ -15,28 +15,5 @@
*/}}
{{- if .Values.global.distcenter.enabled -}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) }}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-data
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
-{{- end -}}
+{{ include "common.PV" . }}
{{- end -}}
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml
index ede08205b5..a13b7f353b 100644
--- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml
@@ -15,27 +15,5 @@
*/}}
{{- if .Values.global.distcenter.enabled -}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
- storageClassName: {{ include "common.storageClass" . }}
-{{- end -}}
+{{ include "common.PVC" . }}
{{- end -}}
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml
index a67760c368..a64f483d74 100644
--- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml
@@ -18,22 +18,11 @@
apiVersion: batch/v1
kind: Job
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
replicas: {{ .Values.replicaCount }}
- serviceName:
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
restartPolicy: Never
initContainers:
@@ -51,6 +40,13 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
{{- if .Values.global.tpm.enabled }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -66,6 +62,13 @@ spec:
volumeMounts:
- name: {{ include "common.fullname" . }}-dbus
mountPath: /var/run/dbus
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
{{- end }}
containers:
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -98,8 +101,7 @@ spec:
- name: {{ include "common.fullname" . }}-secrets
mountPath: /testca/secrets
readOnly: true
- resources:
-{{ toYaml .Values.resources | indent 10 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
nodeSelector:
{{- if .Values.nodeSelector }}
{{ toYaml .Values.nodeSelector | indent 8 }}
@@ -108,8 +110,7 @@ spec:
{{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
volumes:
- name: localtime
@@ -117,7 +118,7 @@ spec:
path: /etc/localtime
- name: {{ include "common.fullname" . }}-data
persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-sshsm-data
+ claimName: {{ include "common.release" . }}-aaf-sshsm
- name: {{ include "common.fullname" . }}-dbus
persistentVolumeClaim:
claimName: {{ include "common.release" . }}-aaf-sshsm-dbus
diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pv-data.yaml b/kubernetes/aaf/charts/aaf-sshsm/templates/pv-data.yaml
index 3b50792473..b566b11458 100644
--- a/kubernetes/aaf/charts/aaf-sshsm/templates/pv-data.yaml
+++ b/kubernetes/aaf/charts/aaf-sshsm/templates/pv-data.yaml
@@ -14,27 +14,4 @@
# limitations under the License.
*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) }}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-data
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}-data
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.dataMountSubPath }}
-{{- end -}}
-{{- end -}}
+{{ include "common.PV" (dict "dot" . "persistenceInfos" .Values.persistence.data) }}
diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pv-dbus.yaml b/kubernetes/aaf/charts/aaf-sshsm/templates/pv-dbus.yaml
index e76baa2d36..b3e7f9fabd 100644
--- a/kubernetes/aaf/charts/aaf-sshsm/templates/pv-dbus.yaml
+++ b/kubernetes/aaf/charts/aaf-sshsm/templates/pv-dbus.yaml
@@ -14,27 +14,4 @@
# limitations under the License.
*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) }}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-dbus
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}-dbus
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-dbus"
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.dbusMountSubPath }}
-{{- end -}}
-{{- end -}}
+{{ include "common.PV" (dict "dot" . "suffix" "dbus" "persistenceInfos" .Values.persistence.dbus) }}
diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-data.yaml b/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-data.yaml
index 2a5fc98bfa..b8971cc03c 100644
--- a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-data.yaml
+++ b/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-data.yaml
@@ -14,26 +14,4 @@
# limitations under the License.
*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-data
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
- storageClassName: {{ include "common.storageClass" . }}
-{{- end -}}
+{{ include "common.PVC" (dict "dot" . "persistenceInfos" .Values.persistence.data) }}
diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-dbus.yaml b/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-dbus.yaml
index cf223670b5..7297d6f81d 100644
--- a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-dbus.yaml
+++ b/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-dbus.yaml
@@ -14,30 +14,4 @@
# limitations under the License.
*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-dbus
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
-{{- if eq "True" (include "common.needPV" .) }}
- storageClassName: "{{ include "common.fullname" . }}-dbus"
-{{- else }}
- storageClassName: {{ include "common.storageClass" . }}
-{{- end }}
-{{- end -}}
+{{ include "common.PVC" (dict "dot" . "suffix" "dbus" "persistenceInfos" .Values.persistence.dbus) }}
diff --git a/kubernetes/aaf/charts/aaf-sshsm/values.yaml b/kubernetes/aaf/charts/aaf-sshsm/values.yaml
index 55d38a094c..5600213e11 100644
--- a/kubernetes/aaf/charts/aaf-sshsm/values.yaml
+++ b/kubernetes/aaf/charts/aaf-sshsm/values.yaml
@@ -32,12 +32,20 @@ global:
persistence:
enabled: true
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- size: 10Mi
- mountPath: /dockerdata-nfs
- dataMountSubPath: sshsm/data
- dbusMountSubPath: sshsm/dbus
+ data:
+ enabled: true
+ size: 10Mi
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ mountSubPath: sshsm/data
+ dbus:
+ enabled: true
+ size: 10Mi
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ mountSubPath: sshsm/dbus
+
+
# Configure resource requests and limits
resources:
diff --git a/kubernetes/aaf/templates/_deployment.tpl b/kubernetes/aaf/templates/_deployment.tpl
new file mode 100644
index 0000000000..bf6931a8e3
--- /dev/null
+++ b/kubernetes/aaf/templates/_deployment.tpl
@@ -0,0 +1,67 @@
+{*/
+# Copyright © 2020 AT&T, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}
+
+{{- define "aaf.deployment" -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec: {{ include "aaf.initContainers" . | nindent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ workingDir: /opt/app/aaf
+ command: ["bin/{{ .Values.binary }}"]
+ image: {{ include "common.repository" . }}/{{.Values.global.aaf.image}}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ volumeMounts:
+ - mountPath: "/opt/app/osaaf"
+ name: aaf-config-vol
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{.Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: aaf-config-vol
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{- end -}}
diff --git a/kubernetes/aaf/templates/_initContainers.tpl b/kubernetes/aaf/templates/_initContainers.tpl
new file mode 100644
index 0000000000..43c511fd6d
--- /dev/null
+++ b/kubernetes/aaf/templates/_initContainers.tpl
@@ -0,0 +1,122 @@
+{*/
+# Copyright © 2020 AT&T, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}
+
+{{- define "aaf.permissionFixer" -}}
+- name: fix-permission
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ chown -R 1000:1000 /opt/app/aaf
+ chown -R 1000:1000 /opt/app/osaaf
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /opt/app/osaaf
+ name: aaf-config-vol
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+{{- end -}}
+
+{{- define "aaf.podConfiguration" }}
+- name: {{ include "common.name" . }}-config-container
+ image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/bash
+ args:
+ - -c
+ - |
+ cd /opt/app/aaf_config
+ bin/agent.sh
+ volumeMounts:
+ - mountPath: "/opt/app/osaaf"
+ name: aaf-config-vol
+ env:
+ - name: aaf_env
+ value: "{{ .Values.global.aaf.aaf_env }}"
+ - name: cadi_latitude
+ value: "{{ .Values.global.aaf.cadi_latitude }}"
+ - name: cadi_longitude
+ value: "{{ .Values.global.aaf.cadi_longitude }}"
+ - name: cadi_x509_issuers
+ value: "{{ .Values.global.aaf.cadi_x509_issuers }}"
+ - name: aaf_locate_url
+ value: "https://aaf-locate.{{ .Release.Namespace}}:8095"
+ - name: aaf_locator_container
+ value: "oom"
+ - name: aaf_release
+ value: "{{ .Values.global.aaf.aaf_release }}"
+ - name: aaf_locator_container_ns
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ - name: aaf_locator_public_fqdn
+ value: "{{.Values.global.aaf.public_fqdn}}"
+ - name: aaf_locator_name
+ value: "{{.Values.global.aaf.aaf_locator_name}}"
+ - name: aaf_locator_name_oom
+ value: "{{.Values.global.aaf.aaf_locator_name_oom}}"
+ - name: cm_always_ignore_ips
+ value: "true"
+ - name: CASSANDRA_CLUSTER
+ value: "aaf-cass.{{ .Release.Namespace }}"
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+{{- end -}}
+
+{{- define "aaf.initContainers" -}}
+initContainers:
+{{ include "aaf.permissionFixer" . }}
+{{- if .Values.sequence_order }}
+- name: {{ include "common.name" . }}-aaf-readiness
+ command:
+ - /root/ready.py
+ args:
+ {{- range $container := .Values.sequence_order }}
+ - --container-name
+ - aaf-{{ $container}}
+ {{- end }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+{{- end }}
+{{ include "aaf.podConfiguration" . }}
+{{- end }}
diff --git a/kubernetes/aaf/templates/pv-config.yaml b/kubernetes/aaf/templates/pv-config.yaml
deleted file mode 100644
index 5ed3e62aeb..0000000000
--- a/kubernetes/aaf/templates/pv-config.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-{{/*
-# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) }}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}-config
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.config.size}}
- accessModes:
- - {{ .Values.persistence.config.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.config.volumeReclaimPolicy }}
- hostPath:
- path: {{ .Values.persistence.config.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.config.mountSubPath }}
- storageClassName: "{{ include "common.fullname" . }}-config"
-{{- end -}}
-{{- end -}}
diff --git a/kubernetes/aaf/templates/pv-status.yaml b/kubernetes/aaf/templates/pv-status.yaml
deleted file mode 100644
index d8f5980b9b..0000000000
--- a/kubernetes/aaf/templates/pv-status.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-{{/*
-# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) }}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-status
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}-status
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.status.size}}
- accessModes:
- - {{ .Values.persistence.status.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.status.volumeReclaimPolicy }}
- hostPath:
- path: {{ .Values.persistence.status.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.status.mountSubPath }}
- storageClassName: "{{ include "common.fullname" . }}-status"
-{{- end -}}
-{{- end -}}
diff --git a/kubernetes/aaf/templates/pvc-config.yaml b/kubernetes/aaf/templates/pvc-config.yaml
deleted file mode 100644
index dc71dceff1..0000000000
--- a/kubernetes/aaf/templates/pvc-config.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-{{/*
-# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.release" . }}-aaf-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.config.accessMode }}
- resources:
- requests:
- storage: {{ .Values.persistence.config.size }}
-{{- if eq "True" (include "common.needPV" .) }}
- storageClassName: "{{ include "common.fullname" . }}-config"
-{{- else }}
- storageClassName: {{ include "common.storageClass" . }}
-{{- end }}
-{{- end -}}
diff --git a/kubernetes/aaf/templates/pvc-status.yaml b/kubernetes/aaf/templates/pvc-status.yaml
deleted file mode 100644
index 3cda088fba..0000000000
--- a/kubernetes/aaf/templates/pvc-status.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-{{/*
-# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.release" . }}-aaf-status
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.status.accessMode }}
- resources:
- requests:
- storage: {{ .Values.persistence.status.size }}
-{{- if eq "True" (include "common.needPV" .) }}
- storageClassName: "{{ include "common.fullname" . }}-status"
-{{- else }}
- storageClassName: {{ include "common.storageClass" . }}
-{{- end }}
-{{- end -}}
diff --git a/kubernetes/aaf/values.yaml b/kubernetes/aaf/values.yaml
index 5a1c5f2709..bedf243639 100644
--- a/kubernetes/aaf/values.yaml
+++ b/kubernetes/aaf/values.yaml
@@ -29,7 +29,7 @@ global:
loggingImage: beats/filebeat:5.5.0
# BusyBox image
busyboxRepository: registry.hub.docker.com
- busyboxImage: library/busybox:latest
+ busyboxImage: library/busybox:1.31
persistence:
enabled: true
# Standard OOM
@@ -58,50 +58,19 @@ global:
config:
image: onap/aaf/aaf_config:2.1.20
- cass:
- replicas: 1
- image: onap/aaf/aaf_cass:2.1.20
- fqdn: "aaf-cass"
- cluster_name: "osaaf"
- heap_new_size: "512M"
- max_heap_size: "1024M"
- storage_port: 7000
- ssl_storage_port: 7001
- native_trans_port: 9042
- rpc_port: 9160
- dc: "dc1"
+
service:
- replicas: 1
fqdn: "aaf-service"
internal_port: 8100
public_port: 31110
locate:
- replicas: 1
fqdn: "aaf-locate"
internal_port: 8095
public_port: 31111
oauth:
- replicas: 1
- fqdn: "aaf0oauth"
+ fqdn: "aaf-oauth"
internal_port: 8140
public_port: 31112
- gui:
- replicas: 1
- fqdn: "aaf-gui"
- internal_port: 8200
- public_port: 31113
- cm:
- replicas: 1
- fqdn: "aaf-cm"
- internal_port: 8150
- public_port: 31114
- fs:
- replicas: 1
- fqdn: "aaf-fs"
- internal_port: 8096
- public_port: 31115
- hello:
- replicas: 0
# Note: as hello is a sample app, find values in charts/aaf-hello/values.yaml
@@ -138,35 +107,6 @@ ingress:
config:
ssl: "none"
-## Persist data to a persitent volume
-persistence:
- enabled: true
- config:
- #existingClaim:
- volumeReclaimPolicy: Delete
- accessMode: ReadWriteMany
- size: 2Gi
- mountPath: /dockerdata-nfs
- mountSubPath: "config"
- logs:
- #existingClaim:
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteMany
- size: 2Gi
- mountPath: "/mnt/data/aaf/logs"
- status:
- volumeReclaimPolicy: Delete
- accessMode: ReadWriteMany
- size: 2M
- mountPath: /dockerdata-nfs
- mountSubPath: "status"
- cass:
- #existingClaim:
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- size: 10Gi
- mountPath: /dockerdata-nfs
- mountSubPath: "cass"
-
+persistence: {}
resources: {}
diff --git a/kubernetes/aai b/kubernetes/aai
-Subproject 2d6141ab8bd7bfe58f5da0483e578032226e7eb
+Subproject d687fd0c9efe31e93287da11e3e390984a5fb6c
diff --git a/kubernetes/appc/charts/appc-cdt/values.yaml b/kubernetes/appc/charts/appc-cdt/values.yaml
index 118d19c1b3..bd99bcac15 100644
--- a/kubernetes/appc/charts/appc-cdt/values.yaml
+++ b/kubernetes/appc/charts/appc-cdt/values.yaml
@@ -65,7 +65,7 @@ ingress:
name: "appc-cdt"
port: 18080
config:
- ssl: "none"
+ ssl: "redirect"
# Configure resource requests and limits
# ref: http://kubernetes.io/docs/user-guide/compute-resources/
diff --git a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml
index 6cd3c2b554..f120f12072 100755
--- a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml
+++ b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml
@@ -62,7 +62,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-blueprintsprocessor:0.7.1
+image: onap/ccsdk-blueprintsprocessor:0.7.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/cds/charts/cds-command-executor/values.yaml b/kubernetes/cds/charts/cds-command-executor/values.yaml
index 3f9fb87e13..2bc84bd299 100755
--- a/kubernetes/cds/charts/cds-command-executor/values.yaml
+++ b/kubernetes/cds/charts/cds-command-executor/values.yaml
@@ -40,7 +40,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-commandexecutor:0.7.1
+image: onap/ccsdk-commandexecutor:0.7.2
pullPolicy: Always
# application configuration
diff --git a/kubernetes/cds/charts/cds-py-executor/Chart.yaml b/kubernetes/cds/charts/cds-py-executor/Chart.yaml
new file mode 100755
index 0000000000..41b43c34a3
--- /dev/null
+++ b/kubernetes/cds/charts/cds-py-executor/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright (c) 2020 Bell Canada, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP CDS Py Executor
+name: cds-py-executor
+version: 6.0.0 \ No newline at end of file
diff --git a/kubernetes/cds/charts/cds-py-executor/requirements.yaml b/kubernetes/cds/charts/cds-py-executor/requirements.yaml
new file mode 100755
index 0000000000..676fe8f6b2
--- /dev/null
+++ b/kubernetes/cds/charts/cds-py-executor/requirements.yaml
@@ -0,0 +1,18 @@
+# Copyright (c) 2020 Bell Canada, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local' \ No newline at end of file
diff --git a/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml b/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml
new file mode 100755
index 0000000000..f9c3377dd8
--- /dev/null
+++ b/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml
@@ -0,0 +1,90 @@
+# Copyright (c) 2020 Bell Canada, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ command:
+ - bash
+ args:
+ - '-c'
+ - 'AUTH_TOKEN=`echo -n $API_USERNAME:$API_PASSWORD | base64` /opt/app/onap/python/start.sh'
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{- include "common.containerPorts" . | nindent 12 }}
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+ env:
+ - name: APP_PORT
+ value: {{ .Values.config.appPort }}
+ - name: AUTH_TYPE
+ value: {{ .Values.config.authType }}
+ - name: API_USERNAME
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "login") | nindent 12 }}
+ - name: API_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "password") | nindent 12 }}
+ - name: LOG_FILE
+ value: {{ .Values.config.logFile }}
+ - name: ARTIFACT_MANAGER_PORT
+ value: {{ .Values.config.artifactManagerPort }}
+ - name: ARTIFACT_MANAGER_SERVER_LOG_FILE
+ value: {{ .Values.config.artifactManagerLogFile }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: {{ .Values.persistence.deployedBlueprint }}
+ name: {{ include "common.fullname" . }}-blueprints
+ resources:
+{{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | nindent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | nindent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ # Py executor shares the blueprintsprocessor storage (for now) to
+ # share uploaded CBA files. In the future it will be deprecated
+ # when all parts of the CDS will make use of Artifact Manager
+ - name: {{ include "common.fullname" . }}-blueprints
+ persistentVolumeClaim:
+ claimName: {{ include "common.release" . }}-cds-blueprints
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml b/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml
new file mode 100644
index 0000000000..c36607b172
--- /dev/null
+++ b/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright (c) 2020 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }} \ No newline at end of file
diff --git a/kubernetes/cds/charts/cds-py-executor/templates/service.yaml b/kubernetes/cds/charts/cds-py-executor/templates/service.yaml
new file mode 100755
index 0000000000..1267791b6c
--- /dev/null
+++ b/kubernetes/cds/charts/cds-py-executor/templates/service.yaml
@@ -0,0 +1,15 @@
+# Copyright (c) 2020 Bell Canada, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.service" . }} \ No newline at end of file
diff --git a/kubernetes/cds/charts/cds-py-executor/values.yaml b/kubernetes/cds/charts/cds-py-executor/values.yaml
new file mode 100755
index 0000000000..206ae10a75
--- /dev/null
+++ b/kubernetes/cds/charts/cds-py-executor/values.yaml
@@ -0,0 +1,120 @@
+# Copyright (c) 2020 Bell Canada, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific lan`guage governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ # Change to an unused port prefix range to prevent port conflicts
+ # with other instances running within the same k8s cluster
+ nodePortPrefix: 302
+
+ # image repositories
+ repository: nexus3.onap.org:10001
+
+ # readiness check
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+
+ # image pull policy
+ pullPolicy: Always
+
+ persistence:
+ mountPath: /dockerdata-nfs
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/ccsdk-py-executor:0.7.2
+pullPolicy: Always
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ port: 50052
+ initialDelaySeconds: 20
+ periodSeconds: 20
+ timeoutSeconds: 20
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ port: 50052
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 20
+
+service:
+ type: ClusterIP
+ ports:
+ - port: 50052
+ name: executor-grpc
+ - port: 50053
+ name: manager-grpc
+
+secrets:
+ - uid: api-credentials
+ externalSecret: '{{ tpl (default "" .Values.config.authCredentialsExternalSecret) . }}'
+ type: basicAuth
+ login: '{{ .Values.config.apiUsername }}'
+ password: '{{ .Values.config.apiPassword }}'
+ passwordPolicy: required
+
+config:
+ # the api credentials below are used to authenticate communication with blueprint
+ # processor API. Py executor in this context is a client of the blueprint processor
+ apiUsername: ccsdkapps
+ apiPassword: ccsdkapps
+ env:
+ appPort: 50052
+ authType: tls-auth
+ logFile: /dev/stdout
+ artifactManagerPort: 50053
+ artifactManagerLogFile: /dev/stdout
+
+persistence:
+ enabled: true
+ mountSubPath: cds/blueprints/deploy
+ deployedBlueprint: /opt/app/onap/blueprints/deploy
+
+ingress:
+ enabled: false
+
+flavor: small
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 4Gi
+ unlimited: {}
diff --git a/kubernetes/cds/charts/cds-sdc-listener/values.yaml b/kubernetes/cds/charts/cds-sdc-listener/values.yaml
index b9c329a124..c784a82ba1 100644
--- a/kubernetes/cds/charts/cds-sdc-listener/values.yaml
+++ b/kubernetes/cds/charts/cds-sdc-listener/values.yaml
@@ -37,7 +37,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-sdclistener:0.7.1
+image: onap/ccsdk-sdclistener:0.7.2
name: sdc-listener
pullPolicy: Always
diff --git a/kubernetes/cds/charts/cds-ui/values.yaml b/kubernetes/cds/charts/cds-ui/values.yaml
index 5810f39672..d084307bbb 100644
--- a/kubernetes/cds/charts/cds-ui/values.yaml
+++ b/kubernetes/cds/charts/cds-ui/values.yaml
@@ -28,7 +28,7 @@ subChartsOnly:
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-cds-ui-server:0.7.1
+image: onap/ccsdk-cds-ui-server:0.7.2
pullPolicy: Always
# application configuration
@@ -88,9 +88,9 @@ ingress:
service:
- baseaddr: "cdsui"
name: "cds-ui"
- port: 8080
- config:
- ssl: "none"
+ port: 3000
+ config:
+ ssl: "redirect"
# Resource Limit flavor -By Default using small
flavor: small
diff --git a/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml b/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml
index fa00ffed1a..5e473bc12e 100644
--- a/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml
+++ b/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml
@@ -78,11 +78,17 @@ spec:
name: {{ include "common.fullname" . }}-config
subPath: sdc-controllers-config.json
env:
- - name: SPRING_APPLICATION_JSON
- valueFrom:
- configMapKeyRef:
- name: {{ template "common.fullname" . }}
- key: spring_application_json
+ - name: MYSQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: MYSQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ - name: MYSQL_DATABASE
+ value: {{ tpl .Values.db.databaseName .}}
+ - name: SPRING_APPLICATION_JSON
+ valueFrom:
+ configMapKeyRef:
+ name: {{ template "common.fullname" . }}
+ key: spring_application_json
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
diff --git a/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml b/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml
new file mode 100644
index 0000000000..57f88ce32d
--- /dev/null
+++ b/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml
@@ -0,0 +1,16 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/clamp/charts/clamp-backend/values.yaml b/kubernetes/clamp/charts/clamp-backend/values.yaml
index ca444aa175..f354ad14a7 100644
--- a/kubernetes/clamp/charts/clamp-backend/values.yaml
+++ b/kubernetes/clamp/charts/clamp-backend/values.yaml
@@ -23,11 +23,19 @@ global: # global defaults
readinessImage: readiness-check:2.0.0
persistence: {}
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+
flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-backend:5.0.4
+image: onap/clamp-backend:5.0.6
pullPolicy: Always
# flag to enable debugging - application support required
@@ -40,6 +48,9 @@ log:
#################################################################
# Application configuration defaults.
#################################################################
+
+db: {}
+
config:
log:
logstashServiceName: log-ls
@@ -47,8 +58,10 @@ config:
mysqlPassword: strong_pitchou
dataRootDir: /dockerdata-nfs
springApplicationJson: >
- {
- "spring.datasource.cldsdb.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/cldsdb4?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3",
+ {
+ "spring.datasource.username": "${MYSQL_USER}",
+ "spring.datasource.password": "${MYSQL_PASSWORD}",
+ "spring.datasource.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3",
"spring.profiles.active": "clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,legacy-operational-policy,default-dictionary-elements",
"clamp.config.files.sdcController": "file:/opt/clamp/sdc-controllers-config.json",
"clamp.config.dcae.inventory.url": "https4://inventory.{{ include "common.namespace" . }}:8080",
@@ -63,7 +76,7 @@ config:
"clamp.config.policy.pap.userName": "healthcheck",
"clamp.config.policy.pap.password": "zb!XztG34",
"clamp.config.cadi.aafLocateUrl": "https://aaf-locate.{{ include "common.namespace" . }}:8095"
- }
+ }
# default number of instances
replicaCount: 1
diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/ingress.yaml b/kubernetes/clamp/charts/clamp-dash-kibana/templates/ingress.yaml
new file mode 100644
index 0000000000..0cd8cfbd36
--- /dev/null
+++ b/kubernetes/clamp/charts/clamp-dash-kibana/templates/ingress.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.ingress" . }}
diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml b/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml
index 8e640a4b3a..96a30f9e5f 100644
--- a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml
+++ b/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml
@@ -87,6 +87,12 @@ service:
nodePort: 90
ingress:
enabled: false
+ service:
+ - baseaddr: "cdash-kibana"
+ name: "cdash-kibana"
+ port: 5601
+ config:
+ ssl: "redirect"
#resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bootstrap-database.sh b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bootstrap-database.sh
deleted file mode 100755
index 2e2ad2e1af..0000000000
--- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bootstrap-database.sh
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/bin/sh
-
-###
-# ============LICENSE_START=======================================================
-# ONAP CLAMP
-# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights
-# reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END============================================
-# ===================================================================
-#
-###
-
-mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < /docker-entrypoint-initdb.d/bulkload/create-db.sql
-## New model creation
-mysql -uroot -p$MYSQL_ROOT_PASSWORD -f cldsdb4 < /docker-entrypoint-initdb.d/bulkload/create-tables.sql
diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-db.sql b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-db.sql
deleted file mode 100644
index ea4d97c1b5..0000000000
--- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-db.sql
+++ /dev/null
@@ -1,11 +0,0 @@
-#
-# Create CLDS database objects (tables, etc.)
-#
-#
-CREATE DATABASE `cldsdb4`;
-USE `cldsdb4`;
-DROP USER 'clds';
-CREATE USER 'clds';
-GRANT ALL on cldsdb4.* to 'clds' identified by 'sidnnd83K' with GRANT OPTION;
-FLUSH PRIVILEGES;
-
diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-tables.sql b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql
index 1f153bce04..1f153bce04 100644
--- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-tables.sql
+++ b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql
diff --git a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml b/kubernetes/clamp/charts/mariadb/templates/configmap.yaml
index 705c38fa19..522c5f9bf8 100644
--- a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml
+++ b/kubernetes/clamp/charts/mariadb/templates/configmap.yaml
@@ -17,19 +17,6 @@
apiVersion: v1
kind: ConfigMap
metadata:
- name: clamp-entrypoint-initdb-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
name: clamp-entrypoint-bulkload-configmap
namespace: {{ include "common.namespace" . }}
labels:
@@ -38,7 +25,7 @@ metadata:
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }}
---
apiVersion: v1
kind: ConfigMap
diff --git a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml b/kubernetes/clamp/charts/mariadb/templates/deployment.yaml
index be46f89433..7d22930b6a 100644
--- a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml
+++ b/kubernetes/clamp/charts/mariadb/templates/deployment.yaml
@@ -52,19 +52,19 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: db-root-password
+ - name: MYSQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: MYSQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12 }}
+ - name: MYSQL_DATABASE
+ value: {{ tpl .Values.db.databaseName .}}
volumeMounts:
- - mountPath: /docker-entrypoint-initdb.d/bootstrap-database.sh
- name: docker-entrypoint-initdb
- subPath: bootstrap-database.sh
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - mountPath: /docker-entrypoint-initdb.d/bulkload/
+ - mountPath: /docker-entrypoint-initdb.d/
name: docker-entrypoint-bulkload
- mountPath: /etc/mysql/conf.d/conf1/
name: clamp-mariadb-conf
@@ -88,9 +88,6 @@ spec:
{{- else }}
emptyDir: {}
{{- end }}
- - name: docker-entrypoint-initdb
- configMap:
- name: clamp-entrypoint-initdb-configmap
- name: docker-entrypoint-bulkload
configMap:
name: clamp-entrypoint-bulkload-configmap
diff --git a/kubernetes/clamp/charts/mariadb/templates/secrets.yaml b/kubernetes/clamp/charts/mariadb/templates/secrets.yaml
index 8f3a21752d..57f88ce32d 100644
--- a/kubernetes/clamp/charts/mariadb/templates/secrets.yaml
+++ b/kubernetes/clamp/charts/mariadb/templates/secrets.yaml
@@ -13,16 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- db-root-password: {{ .Values.config.mysqlPassword | b64enc | quote }}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/clamp/charts/mariadb/values.yaml b/kubernetes/clamp/charts/mariadb/values.yaml
index 8bf6100563..df651dd9ea 100644
--- a/kubernetes/clamp/charts/mariadb/values.yaml
+++ b/kubernetes/clamp/charts/mariadb/values.yaml
@@ -20,18 +20,27 @@ global: # global defaults
nodePortPrefix: 302
persistence: {}
-
# application image
repository: nexus3.onap.org:10001
image: mariadb:10.3.12
pullPolicy: Always
flavor: small
-
#################################################################
-# Application configuration defaults.
+# Secrets metaconfig
#################################################################
-config:
- mysqlPassword: strong_pitchou
+secrets:
+ - uid: db-root-pass
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.db.rootCredsExternalSecret) . }}'
+ password: '{{ .Values.db.rootPass }}'
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+
+# Application configuration
+db: {}
# default number of instances
replicaCount: 1
diff --git a/kubernetes/clamp/templates/secrets.yaml b/kubernetes/clamp/templates/secrets.yaml
new file mode 100644
index 0000000000..57f88ce32d
--- /dev/null
+++ b/kubernetes/clamp/templates/secrets.yaml
@@ -0,0 +1,16 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml
index 0e6ad57c2e..9446ca8eb3 100644
--- a/kubernetes/clamp/values.yaml
+++ b/kubernetes/clamp/values.yaml
@@ -24,6 +24,33 @@ global: # global defaults
loggingImage: beats/filebeat:5.5.0
centralizedLoggingEnabled: false
+secrets:
+ - uid: db-root-pass
+ name: &dbRootPass '{{ include "common.release" . }}-clamp-db-root-pass'
+ type: password
+ password: '{{ .Values.db.rootPass }}'
+ - uid: db-secret
+ name: &dbUserPass '{{ include "common.release" . }}-clamp-db-user-pass'
+ type: basicAuth
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+
+db:
+ user: clds
+# password: sidnnd83K
+ databaseName: &dbName cldsdb4
+# rootPass: emrys user: testos
+
+clamp-backend:
+ db:
+ userCredsExternalSecret: *dbUserPass
+ databaseName: *dbName
+mariadb:
+ db:
+ rootCredsExternalSecret: *dbRootPass
+ userCredsExternalSecret: *dbUserPass
+ databaseName: *dbName
+
subChartsOnly:
enabled: true
@@ -31,7 +58,7 @@ flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-frontend:5.0.3
+image: onap/clamp-frontend:5.0.6
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml
index 90922791bc..e5484dff5b 100644
--- a/kubernetes/cli/values.yaml
+++ b/kubernetes/cli/values.yaml
@@ -71,7 +71,7 @@ ingress:
name: cli
port: 9090
config:
- ssl: "none"
+ ssl: "redirect"
# Configure resource requests and limits
# ref: http://kubernetes.io/docs/user-guide/compute-resources/
diff --git a/kubernetes/common/certInitializer/Chart.yaml b/kubernetes/common/certInitializer/Chart.yaml
new file mode 100644
index 0000000000..3b20045b1f
--- /dev/null
+++ b/kubernetes/common/certInitializer/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: Template used to obtain certificates in onap
+name: certInitializer
+version: 6.0.0
diff --git a/kubernetes/common/music/charts/music-tomcat/requirements.yaml b/kubernetes/common/certInitializer/requirements.yaml
index 7aed47bc52..237f1d1354 100755..100644
--- a/kubernetes/common/music/charts/music-tomcat/requirements.yaml
+++ b/kubernetes/common/certInitializer/requirements.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+# Copyright © 2018 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,8 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-
dependencies:
- name: common
version: ~6.x-0
- repository: '@local' \ No newline at end of file
+ repository: 'file://../common'
diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
new file mode 100644
index 0000000000..e4a878b420
--- /dev/null
+++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
@@ -0,0 +1,152 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+
+
+{{- define "common.certInitializer._aafConfigVolumeName" -}}
+ {{ include "common.fullname" . }}-aaf-config
+{{- end -}}
+
+{{- define "common.certInitializer._aafAddConfigVolumeName" -}}
+ {{ print "aaf-add-config" }}
+{{- end -}}
+
+{{/*
+ common templates to enable cert initialization for applictaions
+
+ In deployments/jobs/stateful include:
+ initContainers:
+ {{ include "common.certInitializer.initContainer" . | nindent XX }}
+
+ containers:
+ volumeMounts:
+ {{- include "common.certInitializer.volumeMount" . | nindent XX }}
+ volumes:
+ {{- include "common.certInitializer.volume" . | nindent XX}}
+*/}}
+{{- define "common.certInitializer._initContainer" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
+{{- $initName := default "certInitializer" -}}
+{{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}}
+{{- $subchartDot := mergeOverwrite (fromJson (toJson $dot)) (dict "Chart" (set (fromJson (toJson .Chart)) "Name" $initRoot.nameOverride) "Values" $initRoot) }}
+- name: {{ include "common.name" $dot }}-aaf-readiness
+ image: "{{ $dot.Values.global.readinessRepository }}/{{ $dot.Values.global.readinessImage }}"
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - aaf-locate
+ - --container-name
+ - aaf-cm
+ - --container-name
+ - aaf-service
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+- name: {{ include "common.name" $dot }}-aaf-config
+ image: {{ (default $dot.Values.repository $dot.Values.global.repository) }}/{{ $dot.Values.global.aafAgentImage }}
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: {{ $initRoot.mountPath }}
+ name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
+{{- if $initRoot.aaf_add_config }}
+ - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
+ mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh
+ subPath: aaf-add-config.sh
+{{- end }}
+ command:
+ - sh
+ - -c
+ - |
+ #!/usr/bin/env bash
+ /opt/app/aaf_config/bin/agent.sh
+{{- if $initRoot.aaf_add_config }}
+ /opt/app/aaf_config/bin/aaf-add-config.sh
+{{- end }}
+ env:
+ - name: APP_FQI
+ value: "{{ $initRoot.fqi }}"
+ - name: aaf_locate_url
+ value: "https://aaf-locate.{{ $dot.Release.Namespace}}:8095"
+ - name: aaf_locator_container
+ value: "oom"
+ - name: aaf_locator_container_ns
+ value: "{{ $dot.Release.Namespace }}"
+ - name: aaf_locator_fqdn
+ value: "{{ $initRoot.fqdn }}"
+ - name: aaf_locator_app_ns
+ value: "{{ $initRoot.app_ns }}"
+ - name: DEPLOY_FQI
+ {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "deployer-creds" "key" "login") | indent 6 }}
+ - name: DEPLOY_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "deployer-creds" "key" "password") | indent 6 }}
+ #Note: want to put this on Nodes, eventually
+ - name: cadi_longitude
+ value: "{{ default "52.3" $initRoot.cadi_longitude }}"
+ - name: cadi_latitude
+ value: "{{ default "13.2" $initRoot.cadi_latitude }}"
+ #Hello specific. Clients don't don't need this, unless Registering with AAF Locator
+ - name: aaf_locator_public_fqdn
+ value: "{{ $initRoot.public_fqdn | default "" }}"
+{{- end -}}
+
+{{- define "common.certInitializer._volumeMount" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
+- mountPath: {{ $initRoot.mountPath }}
+ name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
+{{- end -}}
+
+{{- define "common.certInitializer._volumes" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
+{{- $subchartDot := mergeOverwrite (fromJson (toJson $dot)) (dict "Chart" (set (fromJson (toJson .Chart)) "Name" $initRoot.nameOverride) "Values" $initRoot) }}
+- name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
+ emptyDir:
+ medium: Memory
+{{- if $initRoot.aaf_add_config }}
+- name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
+ configMap:
+ name: {{ include "common.fullname" $subchartDot }}-add-config
+ defaultMode: 0700
+{{- end -}}
+{{- end -}}
+
+{{- define "common.certInitializer.initContainer" -}}
+{{- $dot := default . .dot -}}
+ {{- if $dot.Values.global.aafEnabled }}
+ {{ include "common.certInitializer._initContainer" . }}
+ {{- end -}}
+{{- end -}}
+
+{{- define "common.certInitializer.volumeMount" -}}
+{{- $dot := default . .dot -}}
+ {{- if $dot.Values.global.aafEnabled }}
+ {{- include "common.certInitializer._volumeMount" . }}
+ {{- end -}}
+{{- end -}}
+
+{{- define "common.certInitializer.volumes" -}}
+{{- $dot := default . .dot -}}
+ {{- if $dot.Values.global.aafEnabled }}
+ {{- include "common.certInitializer._volumes" . }}
+ {{- end -}}
+{{- end -}}
diff --git a/kubernetes/nbi/templates/configmap-aaf-add-config.yaml b/kubernetes/common/certInitializer/templates/configmap.yaml
index fe099b140d..640dafd67e 100644
--- a/kubernetes/nbi/templates/configmap-aaf-add-config.yaml
+++ b/kubernetes/common/certInitializer/templates/configmap.yaml
@@ -1,6 +1,5 @@
-{{ if .Values.global.aafEnabled }}
{{/*
-# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies, Orange
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -15,14 +14,12 @@
# limitations under the License.
*/}}
-{{- if .Values.aafConfig.addconfig -}}
+{{ if .Values.aaf_add_config }}
apiVersion: v1
kind: ConfigMap
-{{- $suffix := "aaf-add-config" }}
+{{- $suffix := "add-config" }}
metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
data:
- aaf-add-config.sh: |-
- /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \
- {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop
-{{- end -}}
+ aaf-add-config.sh: |
+ {{ tpl .Values.aaf_add_config . | indent 4 }}
{{- end -}}
diff --git a/kubernetes/common/certInitializer/templates/secret.yaml b/kubernetes/common/certInitializer/templates/secret.yaml
new file mode 100644
index 0000000000..34932b713d
--- /dev/null
+++ b/kubernetes/common/certInitializer/templates/secret.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml
new file mode 100644
index 0000000000..b55ba5e2f3
--- /dev/null
+++ b/kubernetes/common/certInitializer/values.yaml
@@ -0,0 +1,42 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global:
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ aafEnabled: true
+
+pullPolicy: Always
+
+secrets:
+ - uid: deployer-creds
+ type: basicAuth
+ externalSecret: '{{ ternary (tpl (default "" .Values.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}'
+ login: '{{ .Values.aafDeployFqi }}'
+ password: '{{ .Values.aafDeployPass }}'
+ passwordPolicy: required
+
+aafDeployFqi: "changeme"
+fqdn: ""
+app_ns: "org.osaaf.aaf"
+fqi: ""
+fqi_namespace: ""
+public_fqdn: "aaf.osaaf.org"
+aafDeployFqi: "deployer@people.osaaf.org"
+aafDeployPass: demo123456!
+cadi_latitude: "38.0"
+cadi_longitude: "-72.0"
+aaf_add_config: ""
+mountPath: "/opt/app/osaaf"
diff --git a/kubernetes/common/common/templates/_aafconfig.tpl b/kubernetes/common/common/templates/_aafconfig.tpl
index 0c78cc11b9..e90f8aea5d 100644
--- a/kubernetes/common/common/templates/_aafconfig.tpl
+++ b/kubernetes/common/common/templates/_aafconfig.tpl
@@ -76,6 +76,13 @@
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
- name: {{ include "common.name" $dot }}-aaf-config
image: {{ (default $dot.Values.repository $dot.Values.global.repository) }}/{{ $dot.Values.global.aafAgentImage }}
imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
@@ -121,6 +128,13 @@
#Hello specific. Clients don't don't need this, unless Registering with AAF Locator
- name: aaf_locator_public_fqdn
value: "{{ $aafRoot.public_fqdn | default "" }}"
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
{{- end -}}
{{- end -}}
diff --git a/kubernetes/common/common/templates/_secret.tpl b/kubernetes/common/common/templates/_secret.tpl
index 064b0c16af..990c476f29 100644
--- a/kubernetes/common/common/templates/_secret.tpl
+++ b/kubernetes/common/common/templates/_secret.tpl
@@ -476,7 +476,6 @@ stringData:
{{- if eq $type "generic" }}
data:
{{- range $curFilePath := $secret.filePaths }}
- {{- fail (printf "%s" $curFilePath) }}
{{ tpl ($global.Files.Glob $curFilePath).AsSecrets $global | indent 2 }}
{{- end }}
{{- if $secret.filePath }}
diff --git a/kubernetes/common/dgbuilder/templates/ingress.yaml b/kubernetes/common/dgbuilder/templates/ingress.yaml
new file mode 100644
index 0000000000..0cd8cfbd36
--- /dev/null
+++ b/kubernetes/common/dgbuilder/templates/ingress.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.ingress" . }}
diff --git a/kubernetes/common/music/charts/music-tomcat/resources/config/music.properties b/kubernetes/common/music/charts/music-tomcat/resources/config/music.properties
deleted file mode 100755
index b977ca58ee..0000000000
--- a/kubernetes/common/music/charts/music-tomcat/resources/config/music.properties
+++ /dev/null
@@ -1,32 +0,0 @@
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-my.public.ip=localhost
-all.public.ips=localhost
-my.id=0
-all.ids=0
-### Host Info ###
-zookeeper.host={{.Values.properties.zookeeperHost}}
-cassandra.host={{.Values.properties.cassandraHost}}
-### User Info ###
-cassandra.user={{.Values.properties.cassandraUser}}
-cassandra.password={{.Values.properties.cassandraPassword}}
-### AAF Endpoint ###
-aaf.endpoint.url={{.Values.properties.aafEndpointUrl}}
-### Admin API ###
-# AAF UAT
-aaf.admin.url={{.Values.properties.aafAdminUrl}}
-# AAF PROD
-admin.aaf.role={{.Values.properties.adminAafRole}}
-music.namespace={{.Values.properties.musicNamespace}}
diff --git a/kubernetes/common/music/charts/music-tomcat/templates/deployment.yaml b/kubernetes/common/music/charts/music-tomcat/templates/deployment.yaml
deleted file mode 100755
index dcbd4e2d88..0000000000
--- a/kubernetes/common/music/charts/music-tomcat/templates/deployment.yaml
+++ /dev/null
@@ -1,115 +0,0 @@
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-zookeeper-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/ready.py
- args:
- - --container-name
- - zookeeper
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: {{ include "common.name" . }}-cassandra-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/job_complete.py
- args:
- - -j
- - "{{ include "common.release" . }}-music-cassandra-job-config"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
-# War Container
- - name: "{{ .Chart.Name }}-war"
- image: "{{ include "common.repository" . }}/{{ .Values.warImage }}"
- command: ["cp","/app/MUSIC.war","/webapps"]
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- volumeMounts:
- - mountPath: /webapps
- name: shared-data
- containers:
- # Tomcat Container
- - name: "{{ include "common.name" . }}"
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /usr/local/tomcat/webapps
- name: shared-data
- - name: properties-music
- mountPath: /opt/app/music/etc/music.properties
- subPath: music.properties
- resources:
-{{ include "common.resources" . | indent 12 }}
- volumes:
- - name: shared-data
- emptyDir: {}
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: properties-music
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/common/music/charts/music-tomcat/templates/service.yaml b/kubernetes/common/music/charts/music-tomcat/templates/service.yaml
deleted file mode 100755
index d808bf957a..0000000000
--- a/kubernetes/common/music/charts/music-tomcat/templates/service.yaml
+++ /dev/null
@@ -1,42 +0,0 @@
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
diff --git a/kubernetes/common/music/charts/music-tomcat/values.yaml b/kubernetes/common/music/charts/music-tomcat/values.yaml
deleted file mode 100755
index b91ffbd4e4..0000000000
--- a/kubernetes/common/music/charts/music-tomcat/values.yaml
+++ /dev/null
@@ -1,114 +0,0 @@
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- nodePortPrefixExt: 304
- repository: nexus3.onap.org:10001
-
- # readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
-
- # logging agent
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: library/tomcat:8.5
-pullPolicy: Always
-warImage: onap/music/music:3.0.24
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- usernameCassandra: cassandra1
- passwordCassandra: cassandra1
-
-# default number of instances
-replicaCount: 3
-
-job:
- host: cassandra
- port: 9042
- busybox:
- image: library/busybox:latest
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: NodePort
- name: music-tomcat
- externalPort: 8080
- internalPort: 8080
- nodePort: 76
- portName: tomcat
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 900m
- memory: 460Mi
- requests:
- cpu: 550m
- memory: 360Mi
- large:
- limits:
- cpu: 4
- memory: 2Gi
- requests:
- cpu: 2
- memory: 1Gi
- unlimited: {}
-
-
-
-properties:
- zookeeperHost: zookeeper
- cassandraHost: music-cassandra
- cassandraUser: nelson24
- cassandraPassword: nelson24
-
- # Admin API
- # ONAP AAF
- aafAdminUrl:
diff --git a/kubernetes/common/music/charts/music-tomcat/Chart.yaml b/kubernetes/common/music/charts/music/Chart.yaml
index ec3934a2c5..7264b93e8a 100755..100644
--- a/kubernetes/common/music/charts/music-tomcat/Chart.yaml
+++ b/kubernetes/common/music/charts/music/Chart.yaml
@@ -13,6 +13,6 @@
# limitations under the License.
apiVersion: v1
-description: ONAP - MUSIC Tomcat Container
-name: music-tomcat
+description: MUSIC api as a Service API Spring boot container.
+name: music
version: 6.0.0
diff --git a/kubernetes/common/music/charts/music/resources/config/logback.xml b/kubernetes/common/music/charts/music/resources/config/logback.xml
new file mode 100755
index 0000000000..51423e547d
--- /dev/null
+++ b/kubernetes/common/music/charts/music/resources/config/logback.xml
@@ -0,0 +1,302 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ============LICENSE_START==========================================
+ org.onap.music
+ ===================================================================
+ Copyright (c) 2017 AT&T Intellectual Property
+ ===================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+ ============LICENSE_END=============================================
+ ====================================================================
+-->
+
+<configuration scan="true" scanPeriod="3 seconds">
+ <!--<jmxConfigurator /> -->
+ <!-- directory path for all other type logs -->
+ <property name="logDir" value="/opt/app/music/logs" />
+
+ <!-- directory path for debugging type logs -->
+ <property name="debugDir" value="debug-logs" />
+
+ <!-- specify the component name -->
+ <!-- <property name="componentName" value="EELF"></property> -->
+ <property name="componentName" value="MUSIC"></property>
+
+ <!-- log file names -->
+ <property name="generalLogName" value="music" />
+ <property name="securityLogName" value="security" />
+ <property name="errorLogName" value="error" />
+ <property name="metricsLogName" value="metrics" />
+ <property name="auditLogName" value="audit" />
+ <property name="debugLogName" value="debug" />
+ <property name="defaultPattern" value="%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%n" />
+ <!-- <property name="applicationLoggerPattern" value="%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %msg%n" /> -->
+ <property name="applicationLoggerPattern" value="%d{yyyy-MM-dd HH:mm:ss} %-5level %X{keyspace} [transactionId:%X{transactionId}] - %msg%n" />
+ <property name="auditLoggerPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />
+ <property name="metricsLoggerPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVirtualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />
+ <!-- <property name="errorLoggerPattern" value= "%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %msg%n " /> -->
+ <property name="errorLoggerPattern" value="%d{yyyy-MM-dd HH:mm:ss} %-5level %X{keyspace} - %msg%n" />
+ <property name="debugLoggerPattern" value="%date{ISO8601,UTC}|%X{RequestId}| %msg%n" ></property>
+ <property name="logDirectory" value="${logDir}/${componentName}" />
+ <property name="debugLogDirectory" value="${debugDir}/${componentName}" />
+ <!-- Example evaluator filter applied against console appender -->
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <!-- <encoder>
+ <pattern>${defaultPattern}</pattern>
+ </encoder> -->
+ <!-- <filter class="org.onap.music.eelf.logging.CustomLoggingFilter" />-->
+ <encoder>
+ <pattern>%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %X{keyspace} %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <!-- ============================================================================ -->
+ <!-- EELF Appenders -->
+ <!-- ============================================================================ -->
+
+ <appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${generalLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>1GB</maxFileSize>
+ <maxHistory>5</maxHistory>
+ <totalSizeCap>5GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${applicationLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="EELF" />
+ </appender>
+
+ <!-- Sift Appender -->
+ <appender name="KSEELF" class="ch.qos.logback.classic.sift.SiftingAppender">
+ <!-- <discriminator class="org.onap.music.eelf.logging.AuxDiscriminator"> -->
+ <discriminator>
+ <key>keyspace</key>
+ <defaultValue>unknown</defaultValue>
+ </discriminator>
+ <sift>
+ <appender name="EELFSift" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${generalLogName}-keyspace.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${generalLogName}-${keyspace}.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxHistory>30</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${applicationLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+ </sift>
+ </appender>
+
+ <appender name="asyncKSEELF" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="KSEELF" />
+ </appender>
+
+
+
+
+ <!-- <appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${generalLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>1GB</maxFileSize>
+ <maxHistory>5</maxHistory>
+ <totalSizeCap>5GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${applicationLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="EELF" />
+ </appender> -->
+
+ <!-- EELF Security Appender. This appender is used to record security events
+ to the security log file. Security events are separate from other loggers
+ in EELF so that security log records can be captured and managed in a secure
+ way separate from the other logs. This appender is set to never discard any
+ events. -->
+ <appender name="EELFSecurity" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${securityLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${securityLogName}.%i.log.zip</fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>5MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%n </pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFSecurity" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <discardingThreshold>0</discardingThreshold>
+ <appender-ref ref="EELFSecurity" />
+ </appender>
+
+
+
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
+ these events as part of the application root log. -->
+
+ <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${auditLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${auditLogName}.%i.log.zip</fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>5MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${auditLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFAudit" />
+ </appender>
+
+ <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${metricsLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${metricsLogName}.%i.log.zip
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>5MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> -->
+ <pattern>${metricsLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+
+
+ <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFMetrics"/>
+ </appender>
+
+ <appender name="EELFError" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${errorLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${errorLogName}.%i.log.zip</fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>5MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${errorLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFError"/>
+ </appender>
+
+ <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${debugLogDirectory}/${debugLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${debugLogDirectory}/${debugLogName}.%i.log.zip</fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>5MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${debugLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFDebug" />
+ <includeCallerData>true</includeCallerData>
+ </appender>
+
+
+ <!-- ============================================================================ -->
+ <!-- EELF loggers -->
+ <!-- ============================================================================ -->
+ <logger name="com.att.eelf" level="{{.Values.logback.applicationLogLevel}}" additivity="false">
+ <appender-ref ref="asyncEELF" />
+ <appender-ref ref="asyncKSEELF" />
+ </logger>
+
+ <logger name="com.att.eelf.security" level="{{.Values.logback.securityLogLevel}}" additivity="false">
+ <appender-ref ref="asyncEELFSecurity" />
+ </logger>
+
+
+ <logger name="com.att.eelf.audit" level="{{.Values.logback.auditLogLevel}}" additivity="false">
+ <appender-ref ref="asyncEELFAudit" />
+ </logger>
+
+ <logger name="com.att.eelf.metrics" level="{{.Values.logback.metricsLogLevel}}" additivity="false">
+ <appender-ref ref="asyncEELFMetrics" />
+ </logger>
+
+
+ <logger name="com.att.eelf.error" level="{{.Values.logback.errorLogLevel}}" additivity="false">
+ <appender-ref ref="asyncEELFError" />
+ </logger>
+
+ <logger name="com.att.eelf.debug" level="debug" additivity="false">
+ <appender-ref ref="asyncEELFDebug" />
+
+ </logger>
+
+ <!-- Springboot??? -->
+ <!-- <logger name="org.springframework.web" level="DEBUG">
+ <appender-ref ref="asyncEELF" />
+ </logger> -->
+
+ <root level="{{.Values.logback.rootLogLevel}}">
+ <appender-ref ref="asyncEELF" />
+ <appender-ref ref="asyncKSEELF" />
+ <appender-ref ref="STDOUT" />
+ </root>
+
+ <!-- Conductor Specific additions to squash WARNING and INFO -->
+ <logger name="com.datastax.driver.core.Cluster" level="ERROR"/>
+ <logger name="org.onap.music.main.MusicCore" level="ERROR"/>
+</configuration>
+
diff --git a/kubernetes/common/music/charts/music/resources/config/music-sb.properties b/kubernetes/common/music/charts/music/resources/config/music-sb.properties
new file mode 100755
index 0000000000..751a351737
--- /dev/null
+++ b/kubernetes/common/music/charts/music/resources/config/music-sb.properties
@@ -0,0 +1,13 @@
+server.port=8443
+server.servlet.context-path=/MUSIC/rest
+spring.jackson.mapper.ACCEPT_CASE_INSENSITIVE_ENUMS=true
+#server.ssl.enabled=false
+server.tomcat.max-threads=100
+#logging.file=/opt/app/music/logs/MUSIC/music-app.log
+#logging.config=file:/opt/app/music/etc/logback.xml
+security.require-ssl=true
+server.ssl.key-store=/opt/app/aafcertman/org.onap.music.jks
+server.ssl.key-store-password=${KEYSTORE_PASSWORD}
+server.ssl.key-store-provider=SUN
+server.ssl.key-store-type=JKS
+
diff --git a/kubernetes/common/music/charts/music/resources/config/music.properties b/kubernetes/common/music/charts/music/resources/config/music.properties
new file mode 100755
index 0000000000..a7681d0a02
--- /dev/null
+++ b/kubernetes/common/music/charts/music/resources/config/music.properties
@@ -0,0 +1,24 @@
+lock.using={{.Values.properties.lockUsing}}
+cassandra.host={{.Values.properties.cassandraHost}}
+cassandra.port={{ .Values.properties.cassandraPort }}
+lock.lease.period={{.Values.properties.lockLeasePeriod}}
+cassandra.user=${CASSA_USER}
+cassandra.password=${CASSA_PASSWORD}
+cassandra.connecttimeoutms={{.Values.properties.cassandraConnecttimeoutms}}
+cassandra.readtimeoutms={{.Values.properties.cassandraReadtimeoutms}}
+cadi={{.Values.properties.cadi}}
+music.aaf.ns={{.Values.properties.musicAafNs}}
+keyspace.active={{.Values.properties.keyspaceActive}}
+transId.header.required={{.Values.properties.transIdRequired}}
+transId.header.prefix={{.Values.properties.transIdPrefix}}
+conversation.header.required={{.Values.properties.conversationRequired}}
+conversation.header.prefix={{.Values.properties.conversationPrefix}}
+clientId.header.required={{.Values.properties.clientIdRequired}}
+clientId.header.prefix={{.Values.properties.clientIdPrefix}}
+messageId.header.required={{.Values.properties.messageIdRequired}}
+messageId.header.prefix={{.Values.properties.messageIdPrefix}}
+retry.count={{.Values.properties.retryCount}}
+lock.daemon.sleeptime.ms={{.Values.properties.lockDaemonSleeptimeMs}}
+keyspaces.for.lock.cleanup={{.Values.properties.keyspaceForLockCleanup}}
+create.lock.wait.period.ms=0
+create.lock.wait.increment.ms=0
diff --git a/kubernetes/common/music/charts/music/resources/config/startup.sh b/kubernetes/common/music/charts/music/resources/config/startup.sh
new file mode 100755
index 0000000000..7ab32558b4
--- /dev/null
+++ b/kubernetes/common/music/charts/music/resources/config/startup.sh
@@ -0,0 +1,67 @@
+#!/bin/bash
+#
+# ============LICENSE_START==========================================
+# org.onap.music
+# ===================================================================
+# Copyright (c) 2019 AT&T Intellectual Property
+# ===================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END=============================================
+# ====================================================================
+
+echo "Running startup script to get password from certman"
+PWFILE=/opt/app/aafcertman/.password
+LOGFILE=/opt/app/music/logs/MUSIC/music-sb.log
+PROPS=/opt/app/music/etc/music-sb.properties
+LOGBACK=/opt/app/music/etc/logback.xml
+LOGGING=
+DEBUG_PROP=
+# Debug Setup. Uses env variables
+# DEBUG and DEBUG_PORT
+# DEBUG=true/false | DEBUG_PORT=<Port valie must be integer>
+if [ "${DEBUG}" == "true" ]; then
+ if [ "${DEBUG_PORT}" == "" ]; then
+ DEBUG_PORT=8000
+ fi
+ echo "Debug mode on"
+ DEBUG_PROP="-Xdebug -Xrunjdwp:server=y,transport=dt_socket,address=${DEBUG_PORT},suspend=n"
+fi
+
+# LOGBACK file: if /opt/app/music/etc/logback.xml exists thenuse that.
+if [ -f $LOGBACK ]; then
+ LOGGING="--logging.config=file:${LOGBACK}"
+fi
+
+# Get Passwords from /opt/app/aafcertman
+if [ -f $PWFILE ]; then
+ echo "Found ${PWFILE}" >> $LOGFILE
+ PASSWORD=$(cat ${PWFILE})
+else
+ PASSWORD=changeit
+ echo "#### Using Default Password for Certs" >> ${LOGFILE}
+fi
+
+# If music-sb.properties exists in /opt/app/music/etc then use that to override the application.properties
+if [ -f $PROPS ]; then
+ # Run with different Property file
+ #echo "java ${DEBUG_PROP} -jar MUSIC.jar --spring.config.location=file:${PROPS} ${LOGGING} 2>&1 | tee ${LOGFILE}"
+ java ${DEBUG_PROP} ${JAVA_OPTS} -jar MUSIC-SB.jar ${SPRING_OPTS} --spring.config.location=file:${PROPS} ${LOGGING} 2>&1 | tee ${LOGFILE}
+else
+ #echo "java ${DEBUG_PROP} -jar MUSIC.jar --server.ssl.key-store-password=${PASSWORD} ${LOGGING} 2>&1 | tee ${LOGFILE}"
+ java ${DEBUG_PROP} ${JAVA_OPTS} -jar MUSIC-SB.jar ${SPRING_OPTS} --server.ssl.key-store-password="${PASSWORD}" ${LOGGING} 2>&1 | tee ${LOGFILE}
+fi
+
+
+
+
diff --git a/kubernetes/common/music/charts/music/resources/keys/org.onap.music.jks b/kubernetes/common/music/charts/music/resources/keys/org.onap.music.jks
new file mode 100644
index 0000000000..35d27c3ef7
--- /dev/null
+++ b/kubernetes/common/music/charts/music/resources/keys/org.onap.music.jks
Binary files differ
diff --git a/kubernetes/common/music/charts/music/resources/keys/truststoreONAPall.jks b/kubernetes/common/music/charts/music/resources/keys/truststoreONAPall.jks
new file mode 100644
index 0000000000..ff844b109d
--- /dev/null
+++ b/kubernetes/common/music/charts/music/resources/keys/truststoreONAPall.jks
Binary files differ
diff --git a/kubernetes/common/music/charts/music-tomcat/templates/configmap.yaml b/kubernetes/common/music/charts/music/templates/configmap.yaml
index 15859345e8..4023f343df 100755..100644
--- a/kubernetes/common/music/charts/music-tomcat/templates/configmap.yaml
+++ b/kubernetes/common/music/charts/music/templates/configmap.yaml
@@ -1,5 +1,4 @@
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+# Copyright © 2017-2020 AT&T, Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,12 +11,9 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
apiVersion: v1
kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/common/music/charts/music/templates/deployment.yaml b/kubernetes/common/music/charts/music/templates/deployment.yaml
new file mode 100644
index 0000000000..c3b30b22b7
--- /dev/null
+++ b/kubernetes/common/music/charts/music/templates/deployment.yaml
@@ -0,0 +1,119 @@
+# Copyright © 2017-2020 AT&T, Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-cassandra-readiness
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/job_complete.py
+ args:
+ - -j
+ - "{{ include "common.release" . }}-music-cassandra-job-config"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: KEYSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "music-keystore-pw" "key" "password") | indent 12}}
+ - name: CASSA_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cassa-secret" "key" "login") | indent 12 }}
+ - name: CASSA_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cassa-secret" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: properties-music-scrubbed
+ - mountPath: /config
+ name: properties-music
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+ containers:
+ # MUSIC Container
+ - name: "{{ include "common.name" . }}-springboot"
+ image: "{{ .Values.repository }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources:
+{{ toYaml .Values.resources | indent 12 }}
+ env:
+ - name: SPRING_OPTS
+ value: "{{ .Values.springOpts }}"
+ - name: JAVA_OPTS
+ value: "{{ .Values.javaOpts }}"
+ - name: DEBUG
+ value: "{{ .Values.debug }}"
+ volumeMounts:
+ - name: localtime
+ mountPath: /etc/localtime
+ readOnly: true
+ - name: properties-music
+ mountPath: /opt/app/music/etc/music.properties
+ subPath: music.properties
+ - name: properties-music
+ mountPath: /opt/app/music/etc/music-sb.properties
+ subPath: music-sb.properties
+ - name: properties-music-scrubbed
+ mountPath: /opt/app/music/etc/logback.xml
+ subPath: logback.xml
+ - name: certs-aaf
+ mountPath: /opt/app/aafcertman/
+ volumes:
+ - name: shared-data
+ emptyDir: {}
+ - name: certificate-vol
+ emptyDir: {}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: properties-music-scrubbed
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: properties-music
+ emptyDir:
+ medium: Memory
+ - name: certs-aaf
+ secret:
+ secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "music-certs") }}
diff --git a/kubernetes/common/music/charts/music/templates/secrets.yaml b/kubernetes/common/music/charts/music/templates/secrets.yaml
new file mode 100644
index 0000000000..5d5f5bb397
--- /dev/null
+++ b/kubernetes/common/music/charts/music/templates/secrets.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/common/music/charts/music/templates/service.yaml b/kubernetes/common/music/charts/music/templates/service.yaml
new file mode 100644
index 0000000000..ca774c9b5b
--- /dev/null
+++ b/kubernetes/common/music/charts/music/templates/service.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2017-2020 AT&T, Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.service" . }}
diff --git a/kubernetes/common/music/charts/music/values.yaml b/kubernetes/common/music/charts/music/values.yaml
new file mode 100644
index 0000000000..faa5a6223d
--- /dev/null
+++ b/kubernetes/common/music/charts/music/values.yaml
@@ -0,0 +1,178 @@
+# Copyright © 2020 AT&T, Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ repository: nexus3.onap.org:10001
+
+ envsubstImage: dibi/envsubst
+
+ # readiness check
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+
+ # logging agent
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+ truststore: truststoreONAPall.jks
+
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: music-certs
+ name: keystore.jks
+ type: generic
+ filePaths:
+ - resources/keys/org.onap.music.jks
+ - uid: music-keystore-pw
+ name: keystore-pw
+ type: password
+ password: '{{ .Values.keystorePassword }}'
+ passwordPolicy: required
+ - uid: cassa-secret
+ type: basicAuth
+ login: '{{ .Values.properties.cassandraUser }}'
+ password: '{{ .Values.properties.cassandraPassword }}'
+ passwordPolicy: required
+
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/music/music_sb:3.2.40
+pullPolicy: Always
+
+job:
+ host: cassandra
+ port: 9042
+ busybox:
+ image: library/busybox:latest
+
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 30
+ periodSeconds: 6
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: false
+ port: 8443
+
+
+# Java options that need to be passed to jave on CLI
+#javaOpts: -Xms256m -Xmx2048m
+javaOpts:
+# Options that need to be passed to CLI for Sprngboot, pw is a secret passed in through ENV
+springOpts: --spring.config.location=file:/opt/app/music/etc/music-sb.properties
+# Resource Limit flavor -By Default using small
+flavor: large
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1000m
+ memory: 1G
+ requests:
+ cpu: 300m
+ memory: 512Mi
+ large:
+ limits:
+ cpu: 1500m
+ memory: 3Gi
+ requests:
+ cpu: 1000m
+ memory: 2Gi
+ unlimited: {}
+
+readiness:
+ initialDelaySeconds: 350
+ periodSeconds: 120
+ port: 8443
+
+service:
+ useNodePortExt: true
+ type: NodePort
+ name: music
+ ports:
+ - name: https-api
+ port: 8443
+ nodePort: '07'
+
+# Turn on Debugging true/false
+debug: false
+ingress:
+ enabled: false
+
+keystorePassword: "ysF9CVS+xvuXr0vf&fRa5lew"
+
+properties:
+ lockUsing: "cassandra"
+ # Comma dilimited list of hosts
+ cassandraHost: "music-cassandra"
+ cassandraUser: "nelson24"
+ cassandraPassword: "nelson24"
+ cassandraConnecttimeoutms: 12000
+ cassandraPort: 9042
+ # Connection Timeout for Cassandra in ms
+ # Read Timeout for Cassandra in ms
+ cassandraReadtimeoutms: 12000
+ keyspaceActive: true
+ # Enable CADI
+ cadi: false
+ # Special headers that may be passed and if they are required.
+ # With the ability to add a Prefix if required.
+ transIdRequired: false
+ transIdPrefix: X-ATT-
+ conversationRequired: false
+ conversationPrefix: X-CSI-
+ clientIdRequired: false
+ clientIdPrefix:
+ messageIdRequired: false
+ messageIdPrefix:
+
+ # sleep time for lock cleanup daemon, negative values turn off daemon
+##### Lock settings
+ retryCount: 3
+ lockLeasePeriod: 6000
+ # sleep time for lock cleanup daemon, negative values turn off daemon
+ lockDaemonSleeptimeMs: 30000
+ #comma separated list of keyspace names
+ keyspaceForLockCleanup:
+
+
+logback:
+ errorLogLevel: info
+ securityLogLevel: info
+ applicationLogLevel: info
+ metricsLogLevel: info
+ auditLogLevel: info
+ # Values must be uppercase: INFO, WARN, CRITICAL,DEBUG etc..
+ rootLogLevel: INFO
+
diff --git a/kubernetes/common/music/charts/zookeeper/.helmignore b/kubernetes/common/music/charts/zookeeper/.helmignore
deleted file mode 100644
index f0c1319444..0000000000
--- a/kubernetes/common/music/charts/zookeeper/.helmignore
+++ /dev/null
@@ -1,21 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
diff --git a/kubernetes/common/music/charts/zookeeper/Chart.yaml b/kubernetes/common/music/charts/zookeeper/Chart.yaml
deleted file mode 100644
index 01e81736f6..0000000000
--- a/kubernetes/common/music/charts/zookeeper/Chart.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-name: zookeeper
-home: https://zookeeper.apache.org/
-version: 1.0.2
-appVersion: 3.4.10
-description: Centralized service for maintaining configuration information, naming,
- providing distributed synchronization, and providing group services.
-icon: https://zookeeper.apache.org/images/zookeeper_small.gif
-sources:
-- https://github.com/apache/zookeeper
-- https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper
-maintainers:
-- name: lachie83
- email: lachlan.evenson@microsoft.com
-- name: kow3ns
- email: owensk@google.com
diff --git a/kubernetes/common/music/charts/zookeeper/OWNERS b/kubernetes/common/music/charts/zookeeper/OWNERS
deleted file mode 100644
index dd9facde2a..0000000000
--- a/kubernetes/common/music/charts/zookeeper/OWNERS
+++ /dev/null
@@ -1,6 +0,0 @@
-approvers:
-- lachie83
-- kow3ns
-reviewers:
-- lachie83
-- kow3ns
diff --git a/kubernetes/common/music/charts/zookeeper/README.md b/kubernetes/common/music/charts/zookeeper/README.md
deleted file mode 100644
index 22bbac49dc..0000000000
--- a/kubernetes/common/music/charts/zookeeper/README.md
+++ /dev/null
@@ -1,140 +0,0 @@
-# incubator/zookeeper
-
-This helm chart provides an implementation of the ZooKeeper [StatefulSet](http://kubernetes.io/docs/concepts/abstractions/controllers/statefulsets/) found in Kubernetes Contrib [Zookeeper StatefulSet](https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper).
-
-## Prerequisites
-* Kubernetes 1.6+
-* PersistentVolume support on the underlying infrastructure
-* A dynamic provisioner for the PersistentVolumes
-* A familiarity with [Apache ZooKeeper 3.4.x](https://zookeeper.apache.org/doc/current/)
-
-## Chart Components
-This chart will do the following:
-
-* Create a fixed size ZooKeeper ensemble using a [StatefulSet](http://kubernetes.io/docs/concepts/abstractions/controllers/statefulsets/).
-* Create a [PodDisruptionBudget](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-disruption-budget/) so kubectl drain will respect the Quorum size of the ensemble.
-* Create a [Headless Service](https://kubernetes.io/docs/concepts/services-networking/service/) to control the domain of the ZooKeeper ensemble.
-* Create a Service configured to connect to the available ZooKeeper instance on the configured client port.
-* Optionally apply a [Pod Anti-Affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature) to spread the ZooKeeper ensemble across nodes.
-* Optionally start JMX Exporter and Zookeeper Exporter containers inside Zookeeper pods.
-* Optionally create a job which creates Zookeeper chroots (e.g. `/kafka1`).
-
-## Installing the Chart
-You can install the chart with the release name `zookeeper` as below.
-
-```console
-$ helm repo add incubator http://storage.googleapis.com/kubernetes-charts-incubator
-$ helm install --name zookeeper incubator/zookeeper
-```
-
-If you do not specify a name, helm will select a name for you.
-
-### Installed Components
-You can use `kubectl get` to view all of the installed components.
-
-```console{%raw}
-$ kubectl get all -l app=zookeeper
-NAME: zookeeper
-LAST DEPLOYED: Wed Apr 11 17:09:48 2018
-NAMESPACE: default
-STATUS: DEPLOYED
-
-RESOURCES:
-==> v1beta1/PodDisruptionBudget
-NAME MIN AVAILABLE MAX UNAVAILABLE ALLOWED DISRUPTIONS AGE
-zookeeper N/A 1 1 2m
-
-==> v1/Service
-NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
-zookeeper-headless ClusterIP None <none> 2181/TCP,3888/TCP,2888/TCP 2m
-zookeeper ClusterIP 10.98.179.165 <none> 2181/TCP 2m
-
-==> v1beta1/StatefulSet
-NAME DESIRED CURRENT AGE
-zookeeper 3 3 2m
-```
-
-1. `statefulsets/zookeeper` is the StatefulSet created by the chart.
-1. `po/zookeeper-<0|1|2>` are the Pods created by the StatefulSet. Each Pod has a single container running a ZooKeeper server.
-1. `svc/zookeeper-headless` is the Headless Service used to control the network domain of the ZooKeeper ensemble.
-1. `svc/zookeeper` is a Service that can be used by clients to connect to an available ZooKeeper server.
-
-## Configuration
-You can specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
-
-Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
-
-```console
-$ helm install --name my-release -f values.yaml incubator/zookeeper
-```
-
-## Default Values
-
-- You can find all user-configurable settings, their defaults and commentary about them in [values.yaml](values.yaml).
-
-## Deep Dive
-
-## Image Details
-The image used for this chart is based on Ubuntu 16.04 LTS. This image is larger than Alpine or BusyBox, but it provides glibc, rather than ulibc or mucl, and a JVM release that is built against it. You can easily convert this chart to run against a smaller image with a JVM that is built against that image's libc. However, as far as we know, no Hadoop vendor supports, or has verified, ZooKeeper running on such a JVM.
-
-## JVM Details
-The Java Virtual Machine used for this chart is the OpenJDK JVM 8u111 JRE (headless).
-
-## ZooKeeper Details
-The ZooKeeper version is the latest stable version (3.4.10). The distribution is installed into /opt/zookeeper-3.4.10. This directory is symbolically linked to /opt/zookeeper. Symlinks are created to simulate a rpm installation into /usr.
-
-## Failover
-You can test failover by killing the leader. Insert a key:
-```console
-$ kubectl exec zookeeper-0 -- /opt/zookeeper/bin/zkCli.sh create /foo bar;
-$ kubectl exec zookeeper-2 -- /opt/zookeeper/bin/zkCli.sh get /foo;
-```
-
-Watch existing members:
-```console
-$ kubectl run --attach bbox --image=busybox --restart=Never -- sh -c 'while true; do for i in 0 1 2; do echo zk-${i} $(echo stats | nc <pod-name>-${i}.<headless-service-name>:2181 | grep Mode); sleep 1; done; done';
-
-zk-2 Mode: follower
-zk-0 Mode: follower
-zk-1 Mode: leader
-zk-2 Mode: follower
-```
-
-Delete Pods and wait for the StatefulSet controller to bring them back up:
-```console
-$ kubectl delete po -l app=zookeeper
-$ kubectl get po --watch-only
-NAME READY STATUS RESTARTS AGE
-zookeeper-0 0/1 Running 0 35s
-zookeeper-0 1/1 Running 0 50s
-zookeeper-1 0/1 Pending 0 0s
-zookeeper-1 0/1 Pending 0 0s
-zookeeper-1 0/1 ContainerCreating 0 0s
-zookeeper-1 0/1 Running 0 19s
-zookeeper-1 1/1 Running 0 40s
-zookeeper-2 0/1 Pending 0 0s
-zookeeper-2 0/1 Pending 0 0s
-zookeeper-2 0/1 ContainerCreating 0 0s
-zookeeper-2 0/1 Running 0 19s
-zookeeper-2 1/1 Running 0 41s
-```
-
-Check the previously inserted key:
-```console
-$ kubectl exec zookeeper-1 -- /opt/zookeeper/bin/zkCli.sh get /foo
-ionid = 0x354887858e80035, negotiated timeout = 30000
-
-WATCHER::
-
-WatchedEvent state:SyncConnected type:None path:null
-bar
-```
-
-## Scaling
-ZooKeeper can not be safely scaled in versions prior to 3.5.x. This chart currently uses 3.4.x. There are manual procedures for scaling a 3.4.x ensemble, but as noted in the [ZooKeeper 3.5.2 documentation](https://zookeeper.apache.org/doc/r3.5.2-alpha/zookeeperReconfig.html) these procedures require a rolling restart, are known to be error prone, and often result in a data loss.
-
-While ZooKeeper 3.5.x does allow for dynamic ensemble reconfiguration (including scaling membership), the current status of the release is still alpha, and 3.5.x is therefore not recommended for production use.
-
-## Limitations
-* StatefulSet and PodDisruptionBudget are beta resources.
-* Only supports storage options that have backends for persistent volume claims.
diff --git a/kubernetes/common/music/charts/zookeeper/templates/NOTES.txt b/kubernetes/common/music/charts/zookeeper/templates/NOTES.txt
deleted file mode 100644
index 4f7a27bd99..0000000000
--- a/kubernetes/common/music/charts/zookeeper/templates/NOTES.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Thank you for installing ZooKeeper on your Kubernetes cluster. More information
-about ZooKeeper can be found at https://zookeeper.apache.org/doc/current/
-
-Your connection string should look like:
- {{ template "common.fullname" . }}-0.{{ template "common.fullname" . }}-headless:{{ .Values.service.ports.client.port }},{{ template "common.fullname" . }}-1.{{ template "common.fullname" . }}-headless:{{ .Values.service.ports.client.port }},...
-
-You can also use the client service {{ template "common.fullname" . }}:{{ .Values.service.ports.client.port }} to connect to an available ZooKeeper server.
diff --git a/kubernetes/common/music/charts/zookeeper/templates/config-jmx-exporter.yaml b/kubernetes/common/music/charts/zookeeper/templates/config-jmx-exporter.yaml
deleted file mode 100644
index 72fedbcbbb..0000000000
--- a/kubernetes/common/music/charts/zookeeper/templates/config-jmx-exporter.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-{{- if .Values.exporters.jmx.enabled }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.release" . }}-jmx-exporter
- labels:
- app: {{ template "common.name" . }}
- chart: {{ .Chart.Name }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
- config.yml: |-
- hostPort: 127.0.0.1:{{ .Values.env.JMXPORT }}
- lowercaseOutputName: {{ .Values.exporters.jmx.config.lowercaseOutputName }}
- rules:
-{{ .Values.exporters.jmx.config.rules | toYaml | indent 6 }}
- ssl: false
- startDelaySeconds: {{ .Values.exporters.jmx.config.startDelaySeconds }}
-{{- end }}
diff --git a/kubernetes/common/music/charts/zookeeper/templates/job-chroots.yaml b/kubernetes/common/music/charts/zookeeper/templates/job-chroots.yaml
deleted file mode 100644
index b857a0d7b1..0000000000
--- a/kubernetes/common/music/charts/zookeeper/templates/job-chroots.yaml
+++ /dev/null
@@ -1,62 +0,0 @@
-{{- if .Values.jobs.chroots.enabled }}
-{{- $root := . }}
-{{- $job := .Values.jobs.chroots }}
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ template "common.fullname" . }}-chroots
- annotations:
- "helm.sh/hook": post-install,post-upgrade
- "helm.sh/hook-weight": "-5"
- "helm.sh/hook-delete-policy": hook-succeeded
- labels:
- app: {{ template "common.name" . }}
- chart: {{ .Chart.Name }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- component: jobs
- job: chroots
-spec:
- activeDeadlineSeconds: {{ $job.activeDeadlineSeconds }}
- backoffLimit: {{ $job.backoffLimit }}
- completions: {{ $job.completions }}
- parallelism: {{ $job.parallelism }}
- template:
- metadata:
- labels:
- app: {{ template "common.name" . }}
- release: {{ include "common.release" . }}
- component: jobs
- job: chroots
- spec:
- restartPolicy: {{ $job.restartPolicy }}
- containers:
- - name: main
- image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.image.pullPolicy }}
- command:
- - /bin/bash
- - -o
- - pipefail
- - -euc
- {{- $port := .Values.service.ports.client.port }}
- - >
- sleep 15;
- export SERVER={{ template "common.fullname" $root }}:{{ $port }};
- {{- range $job.config.create }}
- echo '==> {{ . }}';
- echo '====> Create chroot if does not exist.';
- zkCli.sh -server {{ template "common.fullname" $root }}:{{ $port }} get {{ . }} 2>&1 >/dev/null | grep 'cZxid'
- || zkCli.sh -server {{ template "common.fullname" $root }}:{{ $port }} create {{ . }} "";
- echo '====> Confirm chroot exists.';
- zkCli.sh -server {{ template "common.fullname" $root }}:{{ $port }} get {{ . }} 2>&1 >/dev/null | grep 'cZxid';
- echo '====> Chroot exists.';
- {{- end }}
- env:
- {{- range $key, $value := $job.env }}
- - name: {{ $key | upper | replace "." "_" }}
- value: {{ $value | quote }}
- {{- end }}
- resources:
-{{ toYaml $job.resources | indent 12 }}
-{{- end -}}
diff --git a/kubernetes/common/music/charts/zookeeper/templates/poddisruptionbudget.yaml b/kubernetes/common/music/charts/zookeeper/templates/poddisruptionbudget.yaml
deleted file mode 100644
index a4bc322a31..0000000000
--- a/kubernetes/common/music/charts/zookeeper/templates/poddisruptionbudget.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: policy/v1beta1
-kind: PodDisruptionBudget
-metadata:
- name: {{ template "common.fullname" . }}
- labels:
- app: {{ template "common.name" . }}
- chart: {{ .Chart.Name }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- component: server
-spec:
- selector:
- matchLabels:
- app: {{ template "common.name" . }}
- release: {{ include "common.release" . }}
- component: server
-{{ toYaml .Values.podDisruptionBudget | indent 2 }}
diff --git a/kubernetes/common/music/charts/zookeeper/templates/pv.yaml b/kubernetes/common/music/charts/zookeeper/templates/pv.yaml
deleted file mode 100644
index 6e53a9543d..0000000000
--- a/kubernetes/common/music/charts/zookeeper/templates/pv.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
-{{/*
-# Copyright © 2019 Amdocs, Bell Canada, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- $global := . }}
-{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
-{{- if eq "True" (include "common.needPV" .) -}}
-{{- range $i := until (int $global.Values.replicaCount)}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" $global }}-data-{{ $i }}
- namespace: {{ include "common.namespace" $global }}
- labels:
- app: {{ include "common.fullname" $global }}
- chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" $global }}"
- heritage: "{{ $global.Release.Service }}"
- name: {{ include "common.fullname" $global }}
-spec:
- capacity:
- storage: {{ $global.Values.persistence.size}}
- accessModes:
- - {{ $global.Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" $global }}-data"
- hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}}
-{{if ne $i (int $global.Values.replicaCount) }}
----
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
diff --git a/kubernetes/common/music/charts/zookeeper/templates/service-headless.yaml b/kubernetes/common/music/charts/zookeeper/templates/service-headless.yaml
deleted file mode 100644
index 31475a1c76..0000000000
--- a/kubernetes/common/music/charts/zookeeper/templates/service-headless.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ template "common.fullname" . }}-headless
- labels:
- app: {{ template "common.name" . }}
- chart: {{ .Chart.Name }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- clusterIP: None
- ports:
-{{- range $key, $port := .Values.ports }}
- - name: {{ $key }}
- port: {{ $port.containerPort }}
- targetPort: {{ $port.name }}
- protocol: {{ $port.protocol }}
-{{- end }}
- selector:
- app: {{ template "common.name" . }}
- release: {{ include "common.release" . }}
diff --git a/kubernetes/common/music/charts/zookeeper/templates/service.yaml b/kubernetes/common/music/charts/zookeeper/templates/service.yaml
deleted file mode 100644
index 0ef3a28b27..0000000000
--- a/kubernetes/common/music/charts/zookeeper/templates/service.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- labels:
- app: {{ template "common.name" . }}
- chart: {{ .Chart.Name }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-{{- with .Values.service.annotations }}
-{{ toYaml . | indent 4 }}
-{{- end }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{- range $key, $value := .Values.service.ports }}
- - name: {{ $key }}
-{{ toYaml $value | indent 6 }}
- {{- end }}
- selector:
- app: {{ template "common.name" . }}
- release: {{ include "common.release" . }}
diff --git a/kubernetes/common/music/charts/zookeeper/templates/statefulset.yaml b/kubernetes/common/music/charts/zookeeper/templates/statefulset.yaml
deleted file mode 100644
index 73224addef..0000000000
--- a/kubernetes/common/music/charts/zookeeper/templates/statefulset.yaml
+++ /dev/null
@@ -1,182 +0,0 @@
-apiVersion: apps/v1beta1
-kind: StatefulSet
-metadata:
- name: {{ template "common.fullname" . }}
- labels:
- app: {{ template "common.name" . }}
- chart: {{ .Chart.Name }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- component: server
-spec:
- podAntiAffinity:
- preferredDuringSchedulingIgnoredDuringExecution:
- - weight: 1
- podAffinityTerm:
- labelSelector:
- matchExpressions:
- - key: app
- operator: In
- values:
- - "{{ .Chart.Name }}"
- serviceName: {{ template "common.fullname" . }}-headless
- replicas: {{ .Values.replicaCount }}
- terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
- selector:
- matchLabels:
- app: {{ template "common.name" . }}
- release: {{ include "common.release" . }}
- component: server
- updateStrategy:
-{{ toYaml .Values.updateStrategy | indent 4 }}
- template:
- metadata:
- labels:
- app: {{ template "common.name" . }}
- release: {{ include "common.release" . }}
- component: server
- {{- if .Values.podLabels }}
- ## Custom pod labels
- {{- range $key, $value := .Values.podLabels }}
- {{ $key }}: {{ $value | quote }}
- {{- end }}
- {{- end }}
- annotations:
- {{- if .Values.podAnnotations }}
- ## Custom pod annotations
- {{- range $key, $value := .Values.podAnnotations }}
- {{ $key }}: {{ $value | quote }}
- {{- end }}
- {{- end }}
- spec:
-{{- if .Values.schedulerName }}
- schedulerName: "{{ .Values.schedulerName }}"
-{{- end }}
- securityContext:
-{{ toYaml .Values.securityContext | indent 8 }}
- containers:
-
- - name: zookeeper
- image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.image.pullPolicy }}
- command:
- - /bin/bash
- - -xec
- - zkGenConfig.sh && exec zkServer.sh start-foreground
- ports:
-{{- range $key, $port := .Values.ports }}
- - name: {{ $key }}
-{{ toYaml $port | indent 14 }}
-{{- end }}
- livenessProbe:
-{{ toYaml .Values.livenessProbe | indent 12 }}
- readinessProbe:
-{{ toYaml .Values.readinessProbe | indent 12 }}
- env:
- - name: ZK_REPLICAS
- value: {{ .Values.replicaCount | quote }}
- {{- range $key, $value := .Values.env }}
- - name: {{ $key | upper | replace "." "_" }}
- value: {{ $value | quote }}
- {{- end }}
- resources:
-{{ include "common.resources" . }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-data
- mountPath: /var/lib/zookeeper
-
-{{- if .Values.exporters.jmx.enabled }}
- - name: jmx-exporter
- image: "{{ .Values.exporters.jmx.image.repository }}:{{ .Values.exporters.jmx.image.tag }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.exporters.jmx.image.pullPolicy }}
- ports:
- {{- range $key, $port := .Values.exporters.jmx.ports }}
- - name: {{ $key }}
-{{ toYaml $port | indent 14 }}
- {{- end }}
- livenessProbe:
-{{ toYaml .Values.exporters.jmx.livenessProbe | indent 12 }}
- readinessProbe:
-{{ toYaml .Values.exporters.jmx.readinessProbe | indent 12 }}
- env:
- - name: SERVICE_PORT
- value: {{ .Values.exporters.jmx.ports.jmxxp.containerPort | quote }}
- {{- with .Values.exporters.jmx.env }}
- {{- range $key, $value := . }}
- - name: {{ $key | upper | replace "." "_" }}
- value: {{ $value | quote }}
- {{- end }}
- {{- end }}
- resources:
-{{ toYaml .Values.exporters.jmx.resources | indent 12 }}
- volumeMounts:
- - name: config-jmx-exporter
- mountPath: /opt/jmx_exporter/config.yml
- subPath: config.yml
-{{- end }}
-
-{{- if .Values.exporters.zookeeper.enabled }}
- - name: zookeeper-exporter
- image: "{{ .Values.exporters.zookeeper.image.repository }}:{{ .Values.exporters.zookeeper.image.tag }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.exporters.zookeeper.image.pullPolicy }}
- args:
- - -bind-addr=:{{ .Values.exporters.zookeeper.ports.zookeeperxp.containerPort }}
- - -metrics-path={{ .Values.exporters.zookeeper.path }}
- - -zookeeper=localhost:{{ .Values.ports.client.containerPort }}
- - -log-level={{ .Values.exporters.zookeeper.config.logLevel }}
- - -reset-on-scrape={{ .Values.exporters.zookeeper.config.resetOnScrape }}
- ports:
- {{- range $key, $port := .Values.exporters.zookeeper.ports }}
- - name: {{ $key }}
-{{ toYaml $port | indent 14 }}
- {{- end }}
- livenessProbe:
-{{ toYaml .Values.exporters.zookeeper.livenessProbe | indent 12 }}
- readinessProbe:
-{{ toYaml .Values.exporters.zookeeper.readinessProbe | indent 12 }}
- env:
- {{- range $key, $value := .Values.exporters.zookeeper.env }}
- - name: {{ $key | upper | replace "." "_" }}
- value: {{ $value | quote }}
- {{- end }}
- resources:
-{{ toYaml .Values.exporters.zookeeper.resources | indent 12 }}
-{{- end }}
-
- {{- with .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml . | indent 8 }}
- {{- end }}
- {{- with .Values.affinity }}
- affinity:
-{{ toYaml . | indent 8 }}
- {{- end }}
- {{- with .Values.tolerations }}
- tolerations:
-{{ toYaml . | indent 8 }}
- {{- end }}
- {{- if (or .Values.exporters.jmx.enabled (not .Values.persistence.enabled)) }}
- volumes:
- {{- if .Values.exporters.jmx.enabled }}
- - name: config-jmx-exporter
- configMap:
- name: {{ include "common.release" . }}-jmx-exporter
- {{- end }}
- {{- end }}
- {{- if .Values.persistence.enabled }}
- volumeClaimTemplates:
- - metadata:
- name: {{ include "common.fullname" . }}-data
- labels:
- name: {{ include "common.fullname" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- spec:
- accessModes:
- - {{ .Values.persistence.accessMode | quote }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size | quote }}
- {{- end }}
diff --git a/kubernetes/common/music/charts/zookeeper/values.yaml b/kubernetes/common/music/charts/zookeeper/values.yaml
deleted file mode 100644
index 28c9711e84..0000000000
--- a/kubernetes/common/music/charts/zookeeper/values.yaml
+++ /dev/null
@@ -1,282 +0,0 @@
-## As weighted quorums are not supported, it is imperative that an odd number of replicas
-## be chosen. Moreover, the number of replicas should be either 1, 3, 5, or 7.
-##
-## ref: https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper#stateful-set
-replicaCount: 3 # Desired quantity of ZooKeeper pods. This should always be (1,3,5, or 7)
-
-podDisruptionBudget:
- maxUnavailable: 1 # Limits how many Zokeeper pods may be unavailable due to voluntary disruptions.
-
-terminationGracePeriodSeconds: 1800 # Duration in seconds a Zokeeper pod needs to terminate gracefully.
-
-## OnDelete requires you to manually delete each pod when making updates.
-## This approach is at the moment safer than RollingUpdate because replication
-## may be incomplete when replication source pod is killed.
-##
-## ref: http://blog.kubernetes.io/2017/09/kubernetes-statefulsets-daemonsets.html
-updateStrategy:
- type: OnDelete # Pods will only be created when you manually delete old pods.
-
-## refs:
-## - https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper
-## - https://github.com/kubernetes/contrib/blob/master/statefulsets/zookeeper/Makefile#L1
-image:
- #repository: nexus3.onap.org:10001/library/zookeeper
- #tag: 3.3
- repository: gcr.io/google_samples/k8szk # Container image repository for zookeeper container.
- tag: v3 # Container image tag for zookeeper container.
- pullPolicy: IfNotPresent # Image pull criteria for zookeeper container.
-
-service:
- name: zookeeper
- type: ClusterIP # Exposes zookeeper on a cluster-internal IP.
- annotations: {} # Arbitrary non-identifying metadata for zookeeper service.
- ## AWS example for use with LoadBalancer service type.
- # external-dns.alpha.kubernetes.io/hostname: zookeeper.cluster.local
- # service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
- # service.beta.kubernetes.io/aws-load-balancer-internal: "true"
- ports:
- client:
- port: 2181 # Service port number for client port.
- targetPort: client # Service target port for client port.
- protocol: TCP # Service port protocol for client port.
-
-
-ports:
- client:
- containerPort: 2181 # Port number for zookeeper container client port.
- protocol: TCP # Protocol for zookeeper container client port.
- election:
- containerPort: 3888 # Port number for zookeeper container election port.
- protocol: TCP # Protocol for zookeeper container election port.
- server:
- containerPort: 2888 # Port number for zookeeper container server port.
- protocol: TCP # Protocol for zookeeper container server port.
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 500m
- memory: 900Mi
- requests:
- cpu: 10m
- memory: 730Mi
- large:
- limits:
- cpu: 3
- memory: 2Gi
- requests:
- cpu: 2
- memory: 1Gi
- unlimited: {}
-
-nodeSelector: {} # Node label-values required to run zookeeper pods.
-
-tolerations: [] # Node taint overrides for zookeeper pods.
-
-affinity: {} # Criteria by which pod label-values influence scheduling for zookeeper pods.
-affinity:
- podAntiAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- - topologyKey: "kubernetes.io/hostname"
- labelSelector:
- matchLabels:
- release: zookeeper
-
-podAnnotations: {} # Arbitrary non-identifying metadata for zookeeper pods.
-
-podLabels: {} # Key/value pairs that are attached to zookeeper pods.
-
-livenessProbe:
- exec:
- command:
- - zkOk.sh
- initialDelaySeconds: 20
-
-readinessProbe:
- exec:
- command:
- - zkOk.sh
- initialDelaySeconds: 20
-
-securityContext:
- fsGroup: 1000
- #runAsUser: 1000
-
-persistence:
- enabled: true
- ## zookeeper data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- ##
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- mountPath: /dockerdata-nfs
- mountSubPath: music/zookeeper
- size: 4Gi
-
-## Exporters query apps for metrics and make those metrics available for
-## Prometheus to scrape.
-exporters:
-
- jmx:
- enabled: false
- image:
- repository: sscaling/jmx-prometheus-exporter
- tag: 0.3.0
- pullPolicy: IfNotPresent
- config:
- lowercaseOutputName: false
- rules:
- - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+)><>(\\w+)"
- name: "zookeeper_$2"
- - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+)><>(\\w+)"
- name: "zookeeper_$3"
- labels:
- replicaId: "$2"
- - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+)><>(\\w+)"
- name: "zookeeper_$4"
- labels:
- replicaId: "$2"
- memberType: "$3"
- - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+), name3=(\\w+)><>(\\w+)"
- name: "zookeeper_$4_$5"
- labels:
- replicaId: "$2"
- memberType: "$3"
- startDelaySeconds: 30
- env: {}
- resources: {}
- path: /metrics
- ports:
- jmxxp:
- containerPort: 9404
- protocol: TCP
- livenessProbe:
- httpGet:
- path: /metrics
- port: jmxxp
- initialDelaySeconds: 30
- periodSeconds: 15
- timeoutSeconds: 60
- failureThreshold: 8
- successThreshold: 1
- readinessProbe:
- httpGet:
- path: /metrics
- port: jmxxp
- initialDelaySeconds: 30
- periodSeconds: 15
- timeoutSeconds: 60
- failureThreshold: 8
- successThreshold: 1
-
- zookeeper:
- enabled: false
- image:
- repository: josdotso/zookeeper-exporter
- tag: v1.1.2
- pullPolicy: IfNotPresent
- config:
- logLevel: info
- resetOnScrape: "true"
- env: {}
- resources: {}
- path: /metrics
- ports:
- zookeeperxp:
- containerPort: 9141
- protocol: TCP
- livenessProbe:
- httpGet:
- path: /metrics
- port: zookeeperxp
- initialDelaySeconds: 30
- periodSeconds: 15
- timeoutSeconds: 60
- failureThreshold: 8
- successThreshold: 1
- readinessProbe:
- httpGet:
- path: /metrics
- port: zookeeperxp
- initialDelaySeconds: 30
- periodSeconds: 15
- timeoutSeconds: 60
- failureThreshold: 8
- successThreshold: 1
-
-env:
-
- ## Options related to JMX exporter.
- JMXAUTH: "false"
- JMXDISABLE: "false"
- JMXPORT: 1099
- JMXSSL: "false"
-
- ## The port on which the server will accept client requests.
- ZK_CLIENT_PORT: 2181
-
- ## The port on which the ensemble performs leader election.
- ZK_ELECTION_PORT: 3888
-
- ## The JVM heap size.
- ZK_HEAP_SIZE: 2G
-
- ## The number of Ticks that an ensemble member is allowed to perform leader
- ## election.
- ZK_INIT_LIMIT: 5
-
- ## The Log Level that for the ZooKeeper processes logger.
- ## Choices are `TRACE,DEBUG,INFO,WARN,ERROR,FATAL`.
- ZK_LOG_LEVEL: INFO
-
- ## The maximum number of concurrent client connections that
- ## a server in the ensemble will accept.
- ZK_MAX_CLIENT_CNXNS: 60
-
- ## The maximum session timeout that the ensemble will allow a client to request.
- ## Upstream default is `20 * ZK_TICK_TIME`
- ZK_MAX_SESSION_TIMEOUT: 40000
-
- ## The minimum session timeout that the ensemble will allow a client to request.
- ## Upstream default is `2 * ZK_TICK_TIME`.
- ZK_MIN_SESSION_TIMEOUT: 4000
-
- ## The delay, in hours, between ZooKeeper log and snapshot cleanups.
- ZK_PURGE_INTERVAL: 0
-
- ## The port on which the leader will send events to followers.
- ZK_SERVER_PORT: 2888
-
- ## The number of snapshots that the ZooKeeper process will retain if
- ## `ZK_PURGE_INTERVAL` is set to a value greater than `0`.
- ZK_SNAP_RETAIN_COUNT: 3
-
- ## The number of Tick by which a follower may lag behind the ensembles leader.
- ZK_SYNC_LIMIT: 10
-
- ## The number of wall clock ms that corresponds to a Tick for the ensembles
- ## internal time.
- ZK_TICK_TIME: 2000
-
-jobs:
- chroots:
- enabled: false
- activeDeadlineSeconds: 300
- backoffLimit: 5
- completions: 1
- config:
- create: []
- # - /kafka
- # - /ureplicator
- env: []
- parallelism: 1
- resources: {}
- restartPolicy: Never
diff --git a/kubernetes/common/music/values.yaml b/kubernetes/common/music/values.yaml
index 51c467cf2f..fe4cbaee9c 100644
--- a/kubernetes/common/music/values.yaml
+++ b/kubernetes/common/music/values.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+# Copyright © 2018-2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml
index 0defa97c26..a9f2a5bbd4 100644
--- a/kubernetes/common/network-name-gen/values.yaml
+++ b/kubernetes/common/network-name-gen/values.yaml
@@ -73,7 +73,7 @@ mariadb-init:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-apps-ms-neng:0.6.3
+image: onap/ccsdk-apps-ms-neng:0.7.1
pullPolicy: IfNotPresent
# application configuration
diff --git a/kubernetes/contrib/components/awx/charts/awx-postgres/templates/deployment.yaml b/kubernetes/contrib/components/awx/charts/awx-postgres/templates/deployment.yaml
index 67d13cf477..56315285cd 100755
--- a/kubernetes/contrib/components/awx/charts/awx-postgres/templates/deployment.yaml
+++ b/kubernetes/contrib/components/awx/charts/awx-postgres/templates/deployment.yaml
@@ -60,7 +60,7 @@ spec:
name: localtime
readOnly: true
- name: {{ include "common.fullname" . }}-data
- mountPath: /var/lib/postgresql/data
+ mountPath: /var/lib/postgresql/
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
diff --git a/kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/deployment.yaml b/kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/deployment.yaml
index 45468e4969..3a4bb90b98 100755
--- a/kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/deployment.yaml
+++ b/kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/deployment.yaml
@@ -50,7 +50,7 @@ spec:
name: localtime
readOnly: true
- name: {{ include "common.fullname" . }}-data
- mountPath: /var/lib/postgresql/data
+ mountPath: /var/lib/postgresql/
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-pgaas-initdb-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-pgaas-initdb-inputs.yaml
index 23bb080690..eb4cf252d4 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-pgaas-initdb-inputs.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-pgaas-initdb-inputs.yaml
@@ -16,4 +16,4 @@
# ============LICENSE_END=========================================================
k8s_pgaas_instance_fqdn: {{ .Values.postgres.service.name2 }}.{{include "common.namespace" . }}
-k8s_initial_password: {{ .Values.postgres.config.pgRootPassword }}
+k8s_initial_password: $PG_ROOT_PASSWORD
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml
index a36164d164..9009f6b114 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml
@@ -1,130 +1,150 @@
-#============LICENSE_START========================================================
-# ================================================================================
-# Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: 1
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/ready.py
- args:
- - --container-name
- - dcae-cloudify-manager
- - --container-name
- - consul-server
- - --container-name
- - msb-discovery
- - --container-name
- - kube2msb
- - --container-name
- - dcae-config-binding-service
- - --container-name
- - dcae-db
- - --container-name
- - dcae-inventory-api
- - "-t"
- - "15"
-
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: init-tls
- env:
- - name: POD_IP
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: status.podIP
- - name: aaf_locator_fqdn
- value: dcae
- image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- resources: {}
- volumeMounts:
- - mountPath: /opt/app/osaaf
- name: tls-info
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- volumeMounts:
- - mountPath: /inputs
- name: {{ include "common.fullname" . }}-dcae-inputs
- - mountPath: /dcae-configs
- name: {{ include "common.fullname" . }}-dcae-config
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /certs
- name: tls-info
- readOnly: true
- env:
- - name: CMADDR
- value: {{ .Values.config.address.cm.host }}
- - name: CMPASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.name" . }}-cmpass
- key: password
- - name: CMPROTO
- value: {{ .Values.config.address.cm.proto }}
- - name: CMPORT
- value: !!string {{ .Values.config.address.cm.port }}
- - name: CONSUL
- value: {{ .Values.config.address.consul.host }}:{{ .Values.config.address.consul.port }}
- - name: DCAE_NAMESPACE
- value: {{ .Values.dcae_ns | default "" }}
- - name: ONAP_NAMESPACE
- value: {{ include "common.namespace" . }}
- volumes:
- - name: {{ include "common.fullname" . }}-dcae-inputs
- configMap:
- name: {{ include "common.fullname" . }}-dcae-inputs
- - name: {{ include "common.fullname" . }}-dcae-config
- configMap:
- name: {{ include "common.fullname" . }}-dcae-config
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: tls-info
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2018 Amdocs, Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: PG_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-root-pass" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: {{ include "common.fullname" . }}-dcae-inputs-input
+ - mountPath: /config
+ name: {{ include "common.fullname" . }}-dcae-inputs
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
+ - name: {{ include "common.name" . }}-readiness
+ image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - dcae-cloudify-manager
+ - --container-name
+ - consul-server
+ - --container-name
+ - msb-discovery
+ - --container-name
+ - kube2msb
+ - --container-name
+ - dcae-config-binding-service
+ - --container-name
+ - dcae-db
+ - --container-name
+ - dcae-inventory-api
+ - "-t"
+ - "15"
+
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ - name: init-tls
+ env:
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.podIP
+ - name: aaf_locator_fqdn
+ value: dcae
+ image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources: {}
+ volumeMounts:
+ - mountPath: /opt/app/osaaf
+ name: tls-info
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ volumeMounts:
+ - mountPath: /inputs
+ name: {{ include "common.fullname" . }}-dcae-inputs
+ - mountPath: /dcae-configs
+ name: {{ include "common.fullname" . }}-dcae-config
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /certs
+ name: tls-info
+ readOnly: true
+ env:
+ - name: CMADDR
+ value: {{ .Values.config.address.cm.host }}
+ - name: CMPASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-cmpass
+ key: password
+ - name: CMPROTO
+ value: {{ .Values.config.address.cm.proto }}
+ - name: CMPORT
+ value: !!string {{ .Values.config.address.cm.port }}
+ - name: CONSUL
+ value: {{ .Values.config.address.consul.host }}:{{ .Values.config.address.consul.port }}
+ - name: DCAE_NAMESPACE
+ value: {{ .Values.dcae_ns | default "" }}
+ - name: ONAP_NAMESPACE
+ value: {{ include "common.namespace" . }}
+ volumes:
+ - name: {{ include "common.fullname" . }}-dcae-inputs-input
+ configMap:
+ name: {{ include "common.fullname" . }}-dcae-inputs
+ - name: {{ include "common.fullname" . }}-dcae-inputs
+ emptyDir:
+ medium: Memory
+ - name: {{ include "common.fullname" . }}-dcae-config
+ configMap:
+ name: {{ include "common.fullname" . }}-dcae-config
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: tls-info
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml
index d8b2ba2220..44395e48e8 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml
@@ -29,3 +29,5 @@ metadata:
type: Opaque
data:
password: YWRtaW4=
+---
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
index a5bd69af02..a9cac8beac 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
@@ -28,6 +28,15 @@ global:
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+ envsubstImage: dibi/envsubst
+
+secrets:
+ - uid: pg-root-pass
+ name: &pgRootPassSecretName '{{ include "common.release" . }}-dcae-bootstrap-pg-root-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "dcae-bootstrap-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+ password: '{{ .Values.postgres.config.pgRootpassword }}'
+ policy: generate
config:
logstashServiceName: log-ls
@@ -77,21 +86,10 @@ postgres:
primary: dcae-pg-primary
replica: dcae-pg-replica
config:
- pgPrimaryPassword: onapdemodb
- pgRootPassword: onapdemodb
+ pgRootPasswordExternalSecret: *pgRootPassSecretName
persistence:
mountSubPath: dcae/data
mountInitPath: dcae
- pgpool:
- nameOverride: dcae-pgpool
- service:
- name: dcae-pgpool
- credentials:
- pgpassword: onapdemodb
- container:
- name:
- primary: dcae-pgpool-primary
- replica: dcae-pgpool-replica
mongo:
nameOverride: dcae-mongo
@@ -109,7 +107,7 @@ mongo:
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.5
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.6
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
index a926fb396b..bab034469b 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
@@ -126,11 +126,11 @@ spec:
- name: consul_url
value: http://consul-server-ui:8500
- name: postgres_user_dashboard
- value: {{ .Values.postgres.config.pgUserName }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 14 }}
+ - name: postgres_password_dashboard
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 14 }}
- name: postgres_db_name
value: {{ .Values.postgres.config.pgDatabase }}
- - name: postgres_password_dashboard
- value: {{ .Values.postgres.config.pgUserPassword }}
- name: postgres_ip
value: {{ .Values.postgres.service.name2 }}
- name: POD_IP
@@ -169,4 +169,3 @@ spec:
name: tls-info
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
-
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml
new file mode 100644
index 0000000000..b143034d8f
--- /dev/null
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml
@@ -0,0 +1,16 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+# #
+# # Licensed under the Apache License, Version 2.0 (the "License");
+# # you may not use this file except in compliance with the License.
+# # You may obtain a copy of the License at
+# #
+# # http://www.apache.org/licenses/LICENSE-2.0
+# #
+# # Unless required by applicable law or agreed to in writing, software
+# # distributed under the License is distributed on an "AS IS" BASIS,
+# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# # See the License for the specific language governing permissions and
+# # limitations under the License.
+*/}}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
index fd7069450e..8e3f94dc64 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
@@ -27,6 +27,15 @@ global:
tlsRepository: nexus3.onap.org:10001
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+secrets:
+ - uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-dcae-dashboard-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "dcae-dashboard-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
+
config:
logstashServiceName: log-ls
logstashPort: 5044
@@ -81,10 +90,8 @@ postgres:
replica: dcae-dashboard-pg-replica
config:
pgUserName: dashboard_pg_admin
+ pgUserExternalSecret: *pgUserCredsSecretName
pgDatabase: dashboard_pg_db_common
- pgPrimaryPassword: onapdemodb
- pgUserPassword: onapdemodb
- pgRootPassword: onapdemodb
pgPort: "5432"
persistence:
mountSubPath: dcae-dashboard/data
diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/resources/config/config.json b/kubernetes/dcaegen2/components/dcae-inventory-api/resources/config/config.json
index d9927314e1..4be8c195d2 100644
--- a/kubernetes/dcaegen2/components/dcae-inventory-api/resources/config/config.json
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/resources/config/config.json
@@ -1,8 +1,8 @@
{
"database": {
"driverClass": "org.postgresql.Driver",
- "user": "{{ .Values.postgres.config.pgUserName }}",
- "password": "{{ .Values.postgres.config.pgUserPassword }}",
+ "user": "${PG_USER}",
+ "password": "${PG_PASSWORD}",
"url": "jdbc:postgresql://{{ .Values.postgres.service.name2 }}:5432/{{ .Values.postgres.config.pgDatabase }}",
"properties": {
"charSet": "UTF-8"
diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml
index 6769c00a2d..bf49157762 100644
--- a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml
@@ -34,6 +34,25 @@ spec:
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: PG_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }}
+ - name: PG_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: {{ include "common.fullname" . }}-inv-config-input
+ - mountPath: /config
+ name: {{ include "common.fullname" . }}-inv-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
- name: {{ include "common.name" . }}-readiness
image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -135,11 +154,13 @@ spec:
defaultMode: 420
name: {{ include "common.fullname" . }}-filebeat-configmap
name: filebeat-conf
- - name: {{ include "common.fullname" . }}-inv-config
+ - name: {{ include "common.fullname" . }}-inv-config-input
configMap:
name: {{ include "common.fullname" . }}-configmap
+ - name: {{ include "common.fullname" . }}-inv-config
+ emptyDir:
+ medium: Memory
- emptyDir: {}
name: tls-info
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
-
diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/secret.yaml
new file mode 100644
index 0000000000..b143034d8f
--- /dev/null
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/secret.yaml
@@ -0,0 +1,16 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+# #
+# # Licensed under the Apache License, Version 2.0 (the "License");
+# # you may not use this file except in compliance with the License.
+# # You may obtain a copy of the License at
+# #
+# # http://www.apache.org/licenses/LICENSE-2.0
+# #
+# # Unless required by applicable law or agreed to in writing, software
+# # distributed under the License is distributed on an "AS IS" BASIS,
+# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# # See the License for the specific language governing permissions and
+# # limitations under the License.
+*/}}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml
index 51af963343..a26ae5d196 100644
--- a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml
@@ -26,10 +26,20 @@ global:
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+ envsubstImage: dibi/envsubst
repositoryCred:
user: docker
password: docker
+secrets:
+ - uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-dcae-inventory-api-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "dcae-inventory-api-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
+
config:
logstashServiceName: log-ls
logstashPort: 5044
@@ -82,24 +92,11 @@ postgres:
replica: dcae-inv-pg-replica
config:
pgUserName: dcae_inv
+ pgUserExternalSecret: *pgUserCredsSecretName
pgDatabase: dcae_inventory
- pgPrimaryPassword: onapdemodb
- pgUserPassword: onapdemodb
- pgRootPassword: onapdemodb
persistence:
mountSubPath: dcae-inv/data
mountInitPath: dcae-inv
- pgpool:
- nameOverride: dcae-inv-pgpool
- service:
- name: dcae-inv-pgpool
- credentials:
- pgusername: ddcae_inv
- pgpassword: onapdemodb
- container:
- name:
- primary: dcae-inv-pgpool-primary
- replica: dcae-inv-pgpool-replica
# Resource Limit flavor -By Default using small
flavor: small
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
index 5c32d9950d..8b44e160ba 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
@@ -144,6 +144,7 @@ service:
type: NodePort
name: dmaap-dr-node
useNodePortExt: true
+ both_tls_and_plain: true
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
ports:
diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml
index aca2fc407d..f742419b46 100644
--- a/kubernetes/dmaap/components/message-router/values.yaml
+++ b/kubernetes/dmaap/components/message-router/values.yaml
@@ -100,7 +100,7 @@ ingress:
name: "message-router"
port: 3905
config:
- ssl: "none"
+ ssl: "redirect"
# Resource Limit flavor -By Default using small
diff --git a/kubernetes/msb/charts/kube2msb/values.yaml b/kubernetes/msb/charts/kube2msb/values.yaml
index af845939a5..556931d07e 100644
--- a/kubernetes/msb/charts/kube2msb/values.yaml
+++ b/kubernetes/msb/charts/kube2msb/values.yaml
@@ -24,7 +24,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/oom/kube2msb:1.1.0
+image: onap/oom/kube2msb:1.2.6
pullPolicy: Always
istioSidecar: true
@@ -70,4 +70,4 @@ resources:
requests:
cpu: 1
memory: 1Gi
- unlimited: {} \ No newline at end of file
+ unlimited: {}
diff --git a/kubernetes/msb/charts/msb-eag/values.yaml b/kubernetes/msb/charts/msb-eag/values.yaml
index c5820ae3dc..60c197327e 100644
--- a/kubernetes/msb/charts/msb-eag/values.yaml
+++ b/kubernetes/msb/charts/msb-eag/values.yaml
@@ -24,7 +24,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/msb/msb_apigateway:1.2.6
+image: onap/msb/msb_apigateway:1.2.7
pullPolicy: Always
istioSidecar: true
diff --git a/kubernetes/msb/charts/msb-iag/values.yaml b/kubernetes/msb/charts/msb-iag/values.yaml
index 00adb83658..a927816492 100644
--- a/kubernetes/msb/charts/msb-iag/values.yaml
+++ b/kubernetes/msb/charts/msb-iag/values.yaml
@@ -24,7 +24,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/msb/msb_apigateway:1.2.6
+image: onap/msb/msb_apigateway:1.2.7
pullPolicy: Always
istioSidecar: true
diff --git a/kubernetes/msb/resources/config/certificates/ca.crt b/kubernetes/msb/resources/config/certificates/ca.crt
new file mode 100644
index 0000000000..62da777a58
--- /dev/null
+++ b/kubernetes/msb/resources/config/certificates/ca.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnoCCQCHtNgoWafiHzANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMC
+Q04xETAPBgNVBAgMCHNpY2h1YW5nMRAwDgYDVQQHDAdjaGVuZ2R1MQwwCgYDVQQK
+DAN6dGUxDjAMBgNVBAsMBXplbmFwMTgwNgYDVQQDDC9aVEUgT3BlblBhbGV0dGUg
+Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNzAeFw0xNzAzMTcwMTU2MjBa
+Fw0yNzAzMTUwMTU2MjBaMIGKMQswCQYDVQQGEwJDTjERMA8GA1UECAwIc2ljaHVh
+bmcxEDAOBgNVBAcMB2NoZW5nZHUxDDAKBgNVBAoMA3p0ZTEOMAwGA1UECwwFemVu
+YXAxODA2BgNVBAMML1pURSBPcGVuUGFsZXR0ZSBSb290IENlcnRpZmljYXRlIEF1
+dGhvcml0eSAyMDE3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23LK
+Eq56pVzsRbYJ6NMdk82QfLjnp+f7KzdQ46SfwldG3gmipasPwDXV9jT9FvUlX8s/
+mRphOyuZ7vDzL2QjlS/FBATTWrJ2VCJmBVlzVu4STZ6YrxpQrSAalGkiYd9uT2Yt
+2quNUPCsZSlJ8qJCYs098bJ2XTsK0JBby94j3nTdvNWhhErrheWdG/CHje32sKog
+6BxN4GzMeZ2fUd0vKsqBs89M0pApdjpRMqEGHg+Lri4iiE9kKa/Y8S3V6ggJZjbp
+7xs7N0miy/paeosjfFe5U6mhumUSZPFy8ueAgGxqBkwvLJwCY3HYcrsFGaXTu+c3
+p2q1Adygif1h43HrvQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAb/cgmsCxvQmvu
+5e4gpn5WEMo0k7F6IAghd8139i9vmtQ88reYZvfiVsp/5ZjNnNj75lLbjjexDkPA
+bdnAiJfRKOrMaPqY6Bem4v8lPu1B/kj1umn4BXOCC1kpcH/2JCmvI8uh49SSlT9J
+wUSKWw8Qhy9XKN692y02QZke9Xp2HoFvMUlntglmQUIRO5eBYLQCSWpfv/iyMs6w
+ar7Tk1p2rURpRh02P7WFQ5j5fxXEOrkMT7FX80EB3AddSthstj2iDlUcqfG3jXH/
+FA5r1q45kMUaMYxV9WIE67Vt0RaxrUJYWDR2kDSSox7LR5GpjWiSlPAfcLCeVuA3
+3lR7lW/J
+-----END CERTIFICATE-----
diff --git a/kubernetes/msb/resources/config/certificates/cert.crt b/kubernetes/msb/resources/config/certificates/cert.crt
new file mode 100644
index 0000000000..7d1314f59e
--- /dev/null
+++ b/kubernetes/msb/resources/config/certificates/cert.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDqjCCApKgAwIBAgIJAOQWcdss4Qu5MA0GCSqGSIb3DQEBCwUAMIGKMQswCQYD
+VQQGEwJDTjERMA8GA1UECAwIc2ljaHVhbmcxEDAOBgNVBAcMB2NoZW5nZHUxDDAK
+BgNVBAoMA3p0ZTEOMAwGA1UECwwFemVuYXAxODA2BgNVBAMML1pURSBPcGVuUGFs
+ZXR0ZSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDE3MB4XDTIwMDQyMjAy
+NTc1MFoXDTIyMDQyMjAyNTc1MFowYDELMAkGA1UEBhMCQ04xEDAOBgNVBAgMB1Np
+Y2h1YW4xEDAOBgNVBAcMB0NoZW5nZHUxDTALBgNVBAoMBE9OQVAxDDAKBgNVBAsM
+A01TQjEQMA4GA1UEAwwHbXNiLWlhZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMa1YlTIL8APcmASbxrD7Q9BhWL9Hwi+FKO4HsIrSiJj/A/FLVe3kV2a
+xA7b5wdv44P0qQnh3pc0djlnZ47Fgli3lhEZ33+j5vrXHCjEFKiZZVeO+y/p+OcZ
+VMNiL+MPJNTNgMkPoaljs/U6fn6fFyAgMMIqqigxHJaNvz7IH+UpqbWWzZo7+JqC
+lBi8t5ZIDk18/3cPQWXIne+3MoYULdEayAS8/4wYoJANH1knmSG+J07f9uCXniiz
+4zFFngMGHm4kuKXJCAl5E6S5fPzsLKqtwbbn9kJNyWoNFDuc7zW5dPfqPVckHHQ8
+Dx0q2111UgrzrBZMW1RKmcwB+1YXip8CAwEAAaM8MDowCQYDVR0TBAIwADALBgNV
+HQ8EBAMCBeAwIAYDVR0RBBkwF4IVKi5zaW1wbGVkZW1vLm9uYXAub3JnMA0GCSqG
+SIb3DQEBCwUAA4IBAQCXSECDNzsg2MhVIVvviqxhpZWZ3sa7KxXlyd9iSmBzkneS
++XiyUC575ZM3lmh1Kme35bWgz5R/w76XLSMBPxIX6uZ4HVNQqwSPv63Nk9+ON3IN
+iCn6ehHKJgT0rpx/aB3sIcE1hEtIWLGaaKVEb3DOuDbkbBT9eJbIgHKkT80PKynK
+l35dQRMiGBQiD8cBUxTOJaj7QohZ/aUWArZCOl0uvddkrs/IOCMY3BDQ0WZ7RYp3
+LwpgZVPzkVRaSLSq3TS07Re+nZcaht69T6mdMY5V0gW20O4J2nWMaldSmlNqcddb
+Nl5Xn0lRMW651ZzxEkcaXNtR78yLYi2JXtyQBgVA
+-----END CERTIFICATE-----
diff --git a/kubernetes/multicloud/charts/multicloud-k8s/values.yaml b/kubernetes/multicloud/charts/multicloud-k8s/values.yaml
index 3c7b1d3a65..f0bfedb43a 100644
--- a/kubernetes/multicloud/charts/multicloud-k8s/values.yaml
+++ b/kubernetes/multicloud/charts/multicloud-k8s/values.yaml
@@ -27,7 +27,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/k8s:0.5.0
+image: onap/multicloud/k8s:0.6.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/nbi/requirements.yaml b/kubernetes/nbi/requirements.yaml
index 4bd4fd863e..7ce343627a 100644
--- a/kubernetes/nbi/requirements.yaml
+++ b/kubernetes/nbi/requirements.yaml
@@ -20,6 +20,9 @@ dependencies:
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
- name: mongo
version: ~6.x-0
repository: '@local'
diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml
index 1b4195c733..22dd4a1ded 100644
--- a/kubernetes/nbi/templates/deployment.yaml
+++ b/kubernetes/nbi/templates/deployment.yaml
@@ -33,7 +33,7 @@ spec:
name: {{ include "common.fullname" . }}
spec:
{{- if .Values.global.aafEnabled }}
- initContainers: {{ include "common.aaf-config" . | nindent 6 }}
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
{{- end }}
containers:
- name: {{ include "common.name" . }}
@@ -49,11 +49,11 @@ spec:
args:
- -c
- |
- export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0)
+ export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export JAVA_OPTS="-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
- -Dserver.ssl.key-store={{ .Values.aafConfig.credsPath }}/org.onap.nbi.p12 \
+ -Dserver.ssl.key-store={{ .Values.certInitializer.credsPath }}/org.onap.nbi.p12 \
-Dserver.ssl.key-store-type=PKCS12 \
- -Djavax.net.ssl.trustStore={{ .Values.aafConfig.credsPath }}/org.onap.nbi.trust.jks \
+ -Djavax.net.ssl.trustStore={{ .Values.certInitializer.credsPath }}/org.onap.nbi.trust.jks \
-Dserver.ssl.key-store-password=$cadi_keystore_password_p12 \
-Djavax.net.ssl.trustStoreType=jks\
-Djava.security.egd=file:/dev/./urandom -Dserver.port=8443"
@@ -122,7 +122,7 @@ spec:
value: "msb-discovery.{{ include "common.namespace" . }}"
- name: MSB_DISCOVERY_PORT
value: "10081"
- volumeMounts: {{ include "common.aaf-config-volume-mountpath" . | nindent 12 }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -148,7 +148,7 @@ spec:
# name: esr-server-logs
# - mountPath: /usr/share/filebeat/data
# name: esr-server-filebeat
- volumes: {{ include "common.aaf-config-volumes" . | nindent 8 }}
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/nbi/templates/ingress.yaml b/kubernetes/nbi/templates/ingress.yaml
new file mode 100644
index 0000000000..0cd8cfbd36
--- /dev/null
+++ b/kubernetes/nbi/templates/ingress.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.ingress" . }}
diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml
index 6381d83e27..4fe092e603 100644
--- a/kubernetes/nbi/values.yaml
+++ b/kubernetes/nbi/values.yaml
@@ -36,7 +36,8 @@ global:
#################################################################
# AAF part
#################################################################
-aafConfig:
+certInitializer:
+ nameOverride: nbi-cert-initializer
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
# aafDeployCredsExternalSecret: some secret
@@ -45,13 +46,16 @@ aafConfig:
public_fqdn: nbi.onap.org
cadi_longitude: "0.0"
cadi_latitude: "0.0"
- credsPath: /opt/app/osaaf/local
app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+
+aafConfig:
permission_user: 1000
permission_group: 999
- addconfig: true
- secret_uid: &aaf_secret_uid nbi-aaf-deploy-creds
-
#################################################################
# Secrets metaconfig
@@ -63,12 +67,6 @@ secrets:
externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
login: '{{ .Values.config.db.userName }}'
password: '{{ .Values.config.db.userPassword }}'
- - uid: *aaf_secret_uid
- type: basicAuth
- externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}'
- login: '{{ .Values.aafConfig.aafDeployFqi }}'
- password: '{{ .Values.aafConfig.aafDeployPass }}'
- passwordPolicy: required
subChartsOnly:
enabled: true
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 5839addf6a..9e593c2e42 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -147,7 +147,7 @@ global:
# to customize the ONAP deployment.
#################################################################
aaf:
- enabled: true
+ enabled: false
aai:
enabled: false
appc:
diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/ingress.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/ingress.yaml
new file mode 100644
index 0000000000..0cd8cfbd36
--- /dev/null
+++ b/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/ingress.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.ingress" . }}
diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/values.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-api/values.yaml
index df13309087..da6ab9b548 100755
--- a/kubernetes/oof/charts/oof-has/charts/oof-has-api/values.yaml
+++ b/kubernetes/oof/charts/oof-has/charts/oof-has-api/values.yaml
@@ -56,3 +56,13 @@ liveness:
readiness:
initialDelaySeconds: 10
periodSeconds: 10
+
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "oof-has-api.onap"
+ name: "oof-has-api"
+ port: 8091
+ config:
+ ssl: "redirect"
diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml
index f3e1d1fb2f..3dac4788cb 100755
--- a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml
+++ b/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml
@@ -37,7 +37,7 @@ spec:
- /root/ready.py
args:
- --container-name
- - music-tomcat
+ - music-springboot
- --container-name
- aaf-sms
env:
diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml
index f144424f9f..85fbd96221 100755
--- a/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml
+++ b/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml
@@ -37,7 +37,7 @@ spec:
- /root/ready.py
args:
- --container-name
- - music-tomcat
+ - music-springboot
env:
- name: NAMESPACE
valueFrom:
diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml
index 0c9e8c33e8..cb83643ed3 100755
--- a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml
+++ b/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml
@@ -37,7 +37,7 @@ spec:
- /root/ready.py
args:
- --container-name
- - music-tomcat
+ - music-springboot
env:
- name: NAMESPACE
valueFrom:
diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml
index 881d6fa9f7..858bf8908e 100755
--- a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml
+++ b/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml
@@ -37,7 +37,7 @@ spec:
- /root/ready.py
args:
- --container-name
- - music-tomcat
+ - music-springboot
env:
- name: NAMESPACE
valueFrom:
diff --git a/kubernetes/oof/charts/oof-has/resources/config/conductor.conf b/kubernetes/oof/charts/oof-has/resources/config/conductor.conf
index c3d9307836..94a47fed2f 100755
--- a/kubernetes/oof/charts/oof-has/resources/config/conductor.conf
+++ b/kubernetes/oof/charts/oof-has/resources/config/conductor.conf
@@ -428,7 +428,7 @@ server_url = http://{{.Values.config.msb.serviceName}}.{{ include "common.namesp
# Base URL for Music REST API without a trailing slash. (string value)
#server_url = http://oof-has-music:8080/MUSIC/rest/v2
-server_url = http://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2
+server_url = https://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2
version = v2
# DEPRECATED: List of hostnames (round-robin access) (list value)
@@ -492,7 +492,7 @@ music_new_version = True
# for version (string value)
#music_version = <None>
-music_version = "3.0.21"
+music_version = "3.2.40"
# username value that used for creating basic authorization header (string
# value)
@@ -508,6 +508,13 @@ aafpass = c0nduct0r
#aafns = <None>
aafns = conductor
+# Enabling HTTPs mode (boolean value)
+enable_https_mode = True
+
+# Certificate Authority Bundle file in pem format. Must contain the appropriate
+# trust chain for the Certificate file. (string value)
+certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
+
[prometheus]
diff --git a/kubernetes/oof/charts/oof-has/templates/job-healthcheck.yaml b/kubernetes/oof/charts/oof-has/templates/job-healthcheck.yaml
index 92d6cbf441..34f215c9ab 100755
--- a/kubernetes/oof/charts/oof-has/templates/job-healthcheck.yaml
+++ b/kubernetes/oof/charts/oof-has/templates/job-healthcheck.yaml
@@ -59,7 +59,7 @@ spec:
sleep 15;
resp="FAILURE";
until [ $resp = "200" ]; do
- resp=$(curl -s -o /dev/null --write-out %{http_code} -X POST http://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2/keyspaces/conductor/tables/plans/rows?id=healthcheck \
+ resp=$(curl -k -s -o /dev/null --write-out %{http_code} -X POST https://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2/keyspaces/conductor/tables/plans/rows?id=healthcheck \
-H "Content-Type: application/json" \
-H "ns: conductor" \
-H "Authorization: Basic Y29uZHVjdG9yOmMwbmR1Y3Qwcg==" \
diff --git a/kubernetes/oof/charts/oof-has/templates/job-onboard.yaml b/kubernetes/oof/charts/oof-has/templates/job-onboard.yaml
index 499d0923c8..ad42a1fe08 100755
--- a/kubernetes/oof/charts/oof-has/templates/job-onboard.yaml
+++ b/kubernetes/oof/charts/oof-has/templates/job-onboard.yaml
@@ -40,7 +40,7 @@ spec:
- /root/ready.py
args:
- --container-name
- - "music-tomcat"
+ - "music-springboot"
- --container-name
- "music-cassandra"
env:
@@ -71,10 +71,7 @@ spec:
- "/bin/sh"
- "-c"
- |
- curl -X POST http://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2/admin/onboardAppWithMusic \
- -H "Content-Type: application/json" \
- -H "Authorization: Basic Y29uZHVjdG9yOmMwbmR1Y3Qwcg==" \
- --data @onboard.json
+ echo "job-onboard"
workingDir: /has
volumeMounts:
- mountPath: /etc/localtime
diff --git a/kubernetes/oof/charts/oof-has/values.yaml b/kubernetes/oof/charts/oof-has/values.yaml
index 730d6e20a1..f4debe93fc 100755
--- a/kubernetes/oof/charts/oof-has/values.yaml
+++ b/kubernetes/oof/charts/oof-has/values.yaml
@@ -25,7 +25,7 @@ global:
commonConfigPrefix: onap-oof-has
image:
readiness: oomk8s/readiness-check:2.0.0
- optf_has: onap/optf-has:2.0.2
+ optf_has: onap/optf-has:2.0.3
filebeat: docker.elastic.co/beats/filebeat:5.5.0
pullPolicy: Always
@@ -42,8 +42,8 @@ config:
serviceName: msb-iag
port: 80
music:
- serviceName: music-tomcat
- port: 8080
+ serviceName: music
+ port: 8443
sms:
serviceName: aaf-sms
port: 10443
diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml
index 0cdfa9dfe7..5205a1df1f 100644
--- a/kubernetes/oof/values.yaml
+++ b/kubernetes/oof/values.yaml
@@ -125,4 +125,4 @@ ingress:
name: "oof-osdf"
port: 8698
config:
- ssl: "none" \ No newline at end of file
+ ssl: "redirect"
diff --git a/kubernetes/policy/charts/drools/values.yaml b/kubernetes/policy/charts/drools/values.yaml
index 0126c6e06b..3552b2e2f6 100644
--- a/kubernetes/policy/charts/drools/values.yaml
+++ b/kubernetes/policy/charts/drools/values.yaml
@@ -82,7 +82,7 @@ ingress:
# Default installation values to be overridden
server:
- jvmOpts: -server -Xms1024m -Xmx2048m
+ jvmOpts: -server -XshowSettings:vm
aaf:
enabled: "false"
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties
index f2c2cd7765..c7e4ad197e 100644
--- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties
+++ b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties
@@ -50,4 +50,4 @@ xacml.pip.engines=count-recent-operations,get-operation-outcome
javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver
javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/operationshistory
javax.persistence.jdbc.user=${SQL_USER}
-javax.persistence.jdbc.password=${SQL_PASSWORD}
+javax.persistence.jdbc.password=${SQL_PASSWORD_BASE64}
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml
index 9ac5d68a89..bd126b810b 100644
--- a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml
+++ b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml
@@ -35,7 +35,7 @@ spec:
- sh
args:
- -c
- - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- name: RESTSERVER_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
@@ -45,6 +45,10 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "login") | indent 10 }}
- name: API_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "password") | indent 10 }}
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input
name: pdpxconfig
@@ -59,11 +63,6 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"]
args: ["/opt/app/policy/pdpx/etc/mounted/config.json"]
- env:
- - name: SQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
- - name: SQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
diff --git a/kubernetes/portal/charts/portal-app/values.yaml b/kubernetes/portal/charts/portal-app/values.yaml
index 8d18fd0dbd..01bc0dab93 100644
--- a/kubernetes/portal/charts/portal-app/values.yaml
+++ b/kubernetes/portal/charts/portal-app/values.yaml
@@ -32,7 +32,7 @@ global:
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-app:3.2.0
+image: onap/portal-app:3.2.1
pullPolicy: Always
#AAF local config
diff --git a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql
index 13b319c76a..7502e9322a 100644
--- a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql
+++ b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql
@@ -78,7 +78,7 @@ update fn_app set app_username='aaiui', app_password='4LK69amiIFtuzcl6Gsv97Tt7ML
/*
Replace spaces with underscores for role names to match AAF role names
*/
-UPDATE fn_role SET role_name= REPLACE(role_name, ' ', '_') WHERE active_yn= 'Y';
+UPDATE fn_role SET role_name= REPLACE(role_name, ' ', '_') WHERE active_yn= 'Y' AND role_id NOT IN (999);
/*
diff --git a/kubernetes/portal/charts/portal-sdk/values.yaml b/kubernetes/portal/charts/portal-sdk/values.yaml
index 02104414d6..7f3aa70a2c 100644
--- a/kubernetes/portal/charts/portal-sdk/values.yaml
+++ b/kubernetes/portal/charts/portal-sdk/values.yaml
@@ -119,7 +119,7 @@ ingress:
name: "portal-sdk"
port: 8443
config:
- ssl: "none"
+ ssl: "redirect"
# Resource Limit flavor -By Default using small
flavor: small
diff --git a/kubernetes/robot b/kubernetes/robot
-Subproject c81062626b69160145baac5e6a5d670cb67211f
+Subproject 1bc31c7d76408bdf2267bf72bf3b1b1e18e2367
diff --git a/kubernetes/sdc/charts/sdc-be/values.yaml b/kubernetes/sdc/charts/sdc-be/values.yaml
index e0af28fd86..a0e9b539e6 100644
--- a/kubernetes/sdc/charts/sdc-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-be/values.yaml
@@ -28,8 +28,8 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-backend:1.6.4
-backendInitImage: onap/sdc-backend-init:1.6.4
+image: onap/sdc-backend:1.6.5
+backendInitImage: onap/sdc-backend-init:1.6.5
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdc/charts/sdc-cs/values.yaml b/kubernetes/sdc/charts/sdc-cs/values.yaml
index 6c63927cf5..3cef2cf49e 100644
--- a/kubernetes/sdc/charts/sdc-cs/values.yaml
+++ b/kubernetes/sdc/charts/sdc-cs/values.yaml
@@ -28,8 +28,8 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.6.4
-cassandraInitImage: onap/sdc-cassandra-init:1.6.4
+image: onap/sdc-cassandra:1.6.5
+cassandraInitImage: onap/sdc-cassandra-init:1.6.5
pullPolicy: Always
diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml
index ad46842393..6dbec2bc24 100644
--- a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml
@@ -61,12 +61,9 @@ ingress:
service:
- baseaddr: "dcaedt"
name: "sdc-dcae-dt"
- port: 8186
- - baseaddr: "dcaedt2"
- name: "sdc-dcae-dt"
port: 9446
config:
- ssl: "none"
+ ssl: "redirect"
# Resource Limit flavor -By Default using small
flavor: small
diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml
index b6572f5d3d..eae409a431 100644
--- a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml
@@ -68,7 +68,7 @@ ingress:
name: "sdc-dcae-fe"
port: 9444
config:
- ssl: "none"
+ ssl: "redirect"
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
diff --git a/kubernetes/sdc/charts/sdc-fe/values.yaml b/kubernetes/sdc/charts/sdc-fe/values.yaml
index e5d41eb897..8754d0fc87 100644
--- a/kubernetes/sdc/charts/sdc-fe/values.yaml
+++ b/kubernetes/sdc/charts/sdc-fe/values.yaml
@@ -28,7 +28,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-frontend:1.6.4
+image: onap/sdc-frontend:1.6.5
pullPolicy: Always
config:
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
index 4cfebbf72f..0471c031a6 100644
--- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
@@ -28,8 +28,8 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-onboard-backend:1.6.4
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.4
+image: onap/sdc-onboard-backend:1.6.5
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.5
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
index 8bab2c84ea..05793d4f5b 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
@@ -28,8 +28,8 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-backend:1.6.4
-configInitImage: onap/workflow-init:1.6.4
+image: onap/sdc-workflow-backend:1.7.0
+configInitImage: onap/sdc-workflow-init:1.7.0
pullPolicy: Always
initJob:
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
index 359c33ab61..aaa7795709 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
@@ -28,7 +28,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-frontend:1.6.4
+image: onap/sdc-workflow-frontend:1.7.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/charts/dmaap-listener/values.yaml b/kubernetes/sdnc/charts/dmaap-listener/values.yaml
index 51f7afeeb5..bcbad0d68e 100644
--- a/kubernetes/sdnc/charts/dmaap-listener/values.yaml
+++ b/kubernetes/sdnc/charts/dmaap-listener/values.yaml
@@ -56,7 +56,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-dmaap-listener-image:1.8.1
+image: onap/sdnc-dmaap-listener-image:1.8.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml
index c08e53a84a..d0455d5647 100644
--- a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml
+++ b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml
@@ -56,7 +56,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ansible-server-image:1.8.1
+image: onap/sdnc-ansible-server-image:1.8.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/ingress.yaml b/kubernetes/sdnc/charts/sdnc-portal/templates/ingress.yaml
new file mode 100644
index 0000000000..0cd8cfbd36
--- /dev/null
+++ b/kubernetes/sdnc/charts/sdnc-portal/templates/ingress.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.ingress" . }}
diff --git a/kubernetes/sdnc/charts/sdnc-portal/values.yaml b/kubernetes/sdnc/charts/sdnc-portal/values.yaml
index 280a2af5e9..71ebb69819 100644
--- a/kubernetes/sdnc/charts/sdnc-portal/values.yaml
+++ b/kubernetes/sdnc/charts/sdnc-portal/values.yaml
@@ -73,7 +73,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/admportal-sdnc-image:1.8.1
+image: onap/admportal-sdnc-image:1.8.2
config:
dbFabricDB: mysql
dbFabricUser: admin
@@ -133,6 +133,12 @@ service:
ingress:
enabled: false
+ service:
+ - baseaddr: "sdnc-portal.api"
+ name: "sdnc-portal"
+ port: 8443
+ config:
+ ssl: "redirect"
#Resource limit flavor -By default using small
flavor: small
diff --git a/kubernetes/sdnc/charts/ueb-listener/values.yaml b/kubernetes/sdnc/charts/ueb-listener/values.yaml
index a02a38531c..7a19b12865 100644
--- a/kubernetes/sdnc/charts/ueb-listener/values.yaml
+++ b/kubernetes/sdnc/charts/ueb-listener/values.yaml
@@ -62,7 +62,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ueb-listener-image:1.8.1
+image: onap/sdnc-ueb-listener-image:1.8.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/templates/configmap.yaml b/kubernetes/sdnc/templates/configmap.yaml
index 087ed30055..cd39425073 100644
--- a/kubernetes/sdnc/templates/configmap.yaml
+++ b/kubernetes/sdnc/templates/configmap.yaml
@@ -78,3 +78,16 @@ metadata:
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Get "resources/env.yaml") . | indent 2 }}
+
+{{ if .Values.global.aafEnabled }}
+{{- if .Values.aafConfig.addconfig -}}
+---
+apiVersion: v1
+kind: ConfigMap
+{{- $suffix := "aaf-add-config" }}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
+data:
+ aaf-add-config.sh: |-
+ cd /opt/app/osaaf/local && /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.aafConfig.credsPath }}/.pass 2>&1
+{{- end -}}
+{{- end -}}
diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml
index 4511ca9125..58ca866fca 100644
--- a/kubernetes/sdnc/templates/statefulset.yaml
+++ b/kubernetes/sdnc/templates/statefulset.yaml
@@ -92,54 +92,7 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
{{ if .Values.global.aafEnabled }}
- - name: {{ include "common.name" . }}-aaf-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/ready.py
- args:
- - --container-name
- - aaf-locate
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: {{ include "common.name" . }}-aaf
- image: {{ .Values.global.repository }}/{{ .Values.aaf_init.agentImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: {{ .Values.certpersistence.certPath }}
- name: {{ include "common.fullname" . }}-certs
- command:
- - bash
- - -c
- - |
- /opt/app/aaf_config/bin/agent.sh &&
- cd /opt/app/osaaf/local &&
- /opt/app/aaf_config/bin/agent.sh local showpass | grep cadi_keystore_password= | cut -d= -f 2 > /opt/app/osaaf/local/.pass 2>&1
- env:
- - name: APP_FQI
- value: "{{ .Values.aaf_init.fqi }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace}}:8095"
- - name: aaf_locator_container
- value: "oom"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
- - name: aaf_locator_fqdn
- value: "{{ .Values.aaf_init.fqdn }}"
- - name: aaf_locator_app_ns
- value: "{{ .Values.aaf_init.app_ns }}"
- - name: DEPLOY_FQI
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "login") | indent 12 }}
- - name: DEPLOY_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "password") | indent 12 }}
- - name: cadi_longitude
- value: "{{ .Values.aaf_init.cadi_longitude }}"
- - name: cadi_latitude
- value: "{{ .Values.aaf_init.cadi_latitude }}"
+{{ include "common.aaf-config" . | indent 6 }}
{{ end }}
- name: {{ include "common.name" . }}-chown
image: "busybox"
@@ -147,8 +100,9 @@ spec:
volumeMounts:
- mountPath: {{ .Values.persistence.mdsalPath }}
name: {{ include "common.fullname" . }}-data
- - mountPath: {{ .Values.certpersistence.certPath }}
- name: {{ include "common.fullname" . }}-certs
+{{- if .Values.global.aafEnabled }}
+{{ include "common.aaf-config-volume-mountpath" . | indent 10 }}
+{{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -197,6 +151,9 @@ spec:
- name: JAVA_HOME
value: "{{ .Values.config.javaHome}}"
volumeMounts:
+ {{- if .Values.global.aafEnabled }}
+{{ include "common.aaf-config-volume-mountpath" . | indent 10 }}
+ {{- end }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -237,8 +194,6 @@ spec:
name: {{ include "common.fullname" . }}-data
- mountPath: /var/log/onap
name: logs
- - mountPath: {{ .Values.certpersistence.certPath }}
- name: {{ include "common.fullname" . }}-certs
- mountPath: {{ .Values.config.odl.salConfigDir }}/{{ .Values.config.odl.salConfigVersion}}/sal-clustering-config-{{ .Values.config.odl.salConfigVersion}}-akkaconf.xml
name: properties
subPath: akka.conf
@@ -298,17 +253,13 @@ spec:
- name: properties
emptyDir:
medium: Memory
- - name: {{ include "common.fullname" . }}-certs
- {{ if .Values.certpersistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}-certs
- {{ else }}
- emptyDir: {}
- {{ end }}
{{ if not .Values.persistence.enabled }}
- name: {{ include "common.fullname" . }}-data
emptyDir: {}
{{ else }}
+ {{- if .Values.global.aafEnabled }}
+{{ include "common.aaf-config-volumes" . | indent 8 }}
+ {{- end }}
volumeClaimTemplates:
- metadata:
name: {{ include "common.fullname" . }}-data
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index f0d70e2c33..96ea6e33fd 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -24,6 +24,7 @@ global:
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ aafAgentImage: onap/aaf/aaf_agent:2.1.15
persistence:
mountPath: /dockerdata-nfs
aafEnabled: true
@@ -69,7 +70,7 @@ secrets:
password: '{{ .Values.config.odlPassword }}'
# For now this is left hardcoded but should be revisited in a future
passwordPolicy: required
- - uid: aaf-creds
+ - uid: &aaf_secret_uid aaf-creds
type: basicAuth
externalSecret: '{{ ternary (tpl (default "" .Values.aaf_init.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
login: '{{ .Values.aaf_init.deploy_fqi }}'
@@ -118,7 +119,7 @@ secrets:
# application images
repository: nexus3.onap.org:10001
pullPolicy: Always
-image: onap/sdnc-image:1.8.1
+image: onap/sdnc-image:1.8.2
# flag to enable debugging - application support required
@@ -194,6 +195,20 @@ config:
numberGGLogFiles: 10
# dependency / sub-chart configuration
+aafConfig:
+ addconfig: true
+ fqdn: "sdnc"
+ app_ns: "org.osaaf.aaf"
+ fqi: "sdnc@sdnc.onap.org"
+ fqi_namespace: org.onap.sdnc
+ public_fqdn: "sdnc.onap.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ cadi_latitude: "38.0"
+ cadi_longitude: "-72.0"
+ secret_uid: *aaf_secret_uid
+ credsPath: /opt/app/osaaf/local
+
aaf_init:
agentImage: onap/aaf/aaf_agent:2.1.15
app_ns: "org.osaaf.aaf"
diff --git a/kubernetes/uui/charts/uui-server/values.yaml b/kubernetes/uui/charts/uui-server/values.yaml
index 567baabbdf..03265d4014 100644
--- a/kubernetes/uui/charts/uui-server/values.yaml
+++ b/kubernetes/uui/charts/uui-server/values.yaml
@@ -69,7 +69,7 @@ ingress:
name: "uui-server"
port: 8082
config:
- ssl: "none"
+ ssl: "redirect"
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
diff --git a/kubernetes/uui/values.yaml b/kubernetes/uui/values.yaml
index 47182d4e19..2c15c9683c 100644
--- a/kubernetes/uui/values.yaml
+++ b/kubernetes/uui/values.yaml
@@ -69,7 +69,7 @@ ingress:
name: "uui"
port: 8443
config:
- ssl: "none"
+ ssl: "redirect"
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml
index 04d79380f5..63c6307f06 100644
--- a/kubernetes/vid/values.yaml
+++ b/kubernetes/vid/values.yaml
@@ -118,9 +118,9 @@ ingress:
service:
- baseaddr: "vid.api"
name: "vid-http"
- port: 8080
+ port: 8443
config:
- ssl: "none"
+ ssl: "redirect"
# Resource Limit flavor -By Default using small
flavor: small
diff --git a/kubernetes/vnfsdk/resources/config/configuration.xml b/kubernetes/vnfsdk/resources/config/configuration.xml
new file mode 100644
index 0000000000..6bd4e1c8eb
--- /dev/null
+++ b/kubernetes/vnfsdk/resources/config/configuration.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Copyright 2017 Huawei Technologies Co., Ltd.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!DOCTYPE configuration
+PUBLIC "//mybatis.org//DTD Config 3.0//EN"
+"http://mybatis.org/dtd/mybatis-3-config.dtd">
+<configuration>
+ <environments default="development">
+ <environment id="development">
+ <transactionManager type="JDBC" />
+ <dataSource type="UNPOOLED">
+ <property name="driver" value="org.postgresql.Driver" />
+ <property name="url" value="jdbc:postgresql://{{ .Values.postgres.service.name }}:{{ .Values.postgres.service.externalPort }}/marketplaceDB" />
+ <property name="username" value="${PG_USER}" />
+ <property name="password" value="${PG_PASSWORD}" />
+ </dataSource>
+ </environment>
+ </environments>
+ <mappers>
+ <mapper resource="mybatis/sql/MarketplaceMapper.xml" />
+ </mappers>
+</configuration>
diff --git a/kubernetes/vnfsdk/templates/configmap.yaml b/kubernetes/vnfsdk/templates/configmap.yaml
index 44d5f41f15..0c39e6e685 100644
--- a/kubernetes/vnfsdk/templates/configmap.yaml
+++ b/kubernetes/vnfsdk/templates/configmap.yaml
@@ -23,4 +23,4 @@ metadata:
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/marketplace_tables_postgres.sql").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/vnfsdk/templates/deployment.yaml b/kubernetes/vnfsdk/templates/deployment.yaml
index bd187db286..3f4d6c43eb 100644
--- a/kubernetes/vnfsdk/templates/deployment.yaml
+++ b/kubernetes/vnfsdk/templates/deployment.yaml
@@ -35,6 +35,25 @@ spec:
spec:
initContainers:
- command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: PG_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
+ - name: PG_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: init-data-input
+ - mountPath: /config
+ name: init-data
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
+ - command:
- /root/ready.py
args:
- --container-name
@@ -54,9 +73,10 @@ spec:
name: {{ include "common.name" . }}
resources:
{{ include "common.resources" . | indent 12 }}
- env:
- - name: POSTGRES_SERVICE_HOST
- value: "$(VNFSDK_DBSET_SERVICE_HOST)"
+ volumes:
+ - mountPath: /service/webapps/ROOT/WEB-INF/classes/mybatis/configuration/configuration.xml
+ name: init-data
+ subPath: configuration.xml
readinessProbe:
tcpSocket:
port: {{ .Values.service.internalPort }}
@@ -64,3 +84,10 @@ spec:
periodSeconds: {{ .Values.readiness.periodSeconds }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+ volumes:
+ - name: init-data-input
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: init-data
+ emptyDir:
+ medium: Memory
diff --git a/kubernetes/vnfsdk/templates/job.yaml b/kubernetes/vnfsdk/templates/job.yaml
index 2ec7b95772..1d0dd29f59 100644
--- a/kubernetes/vnfsdk/templates/job.yaml
+++ b/kubernetes/vnfsdk/templates/job.yaml
@@ -51,13 +51,15 @@ spec:
image: "{{ .Values.postgresRepository }}/{{ .Values.postgresImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
+ - name: PGUSER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
- name: PGPASSWORD
- value: "{{ .Values.postgres.config.pgUserPassword }}"
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
command:
- /bin/sh
- -c
- |
- psql -U {{ .Values.postgres.config.pgUserName }} -h $(VNFSDK_DBPRI_SERVICE_HOST) -f /aaa/init/marketplace_tables_postgres.sql
+ psql -h $(VNFSDK_DBPRI_SERVICE_HOST) -f /aaa/init/marketplace_tables_postgres.sql
volumeMounts:
- name: init-data
mountPath: /aaa/init/marketplace_tables_postgres.sql
diff --git a/kubernetes/vnfsdk/templates/secrets.yaml b/kubernetes/vnfsdk/templates/secrets.yaml
new file mode 100644
index 0000000000..b143034d8f
--- /dev/null
+++ b/kubernetes/vnfsdk/templates/secrets.yaml
@@ -0,0 +1,16 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+# #
+# # Licensed under the Apache License, Version 2.0 (the "License");
+# # you may not use this file except in compliance with the License.
+# # You may obtain a copy of the License at
+# #
+# # http://www.apache.org/licenses/LICENSE-2.0
+# #
+# # Unless required by applicable law or agreed to in writing, software
+# # distributed under the License is distributed on an "AS IS" BASIS,
+# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# # See the License for the specific language governing permissions and
+# # limitations under the License.
+*/}}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml
index 96cacfbf82..82bef2d4eb 100644
--- a/kubernetes/vnfsdk/values.yaml
+++ b/kubernetes/vnfsdk/values.yaml
@@ -22,6 +22,22 @@ global:
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ envsubstImage: dibi/envsubst
+
+secrets:
+ - uid: pg-root-pass
+ name: &pgRootPassSecretName '{{ include "common.release" . }}-vnfsdk-pg-root-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "vnfsdk-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+ password: '{{ .Values.postgres.config.pgRootpassword }}'
+ policy: generate
+ - uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-vnfsdk-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "vnfsdk-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
#################################################################
# Application configuration defaults.
@@ -50,9 +66,8 @@ postgres:
config:
pgUserName: postgres
pgDatabase: postgres
- pgPrimaryPassword: postgres
- pgUserPassword: postgres
- pgRootPassword: postgres
+ pgUserExternalSecret: *pgUserCredsSecretName
+ pgRootPasswordExternalSecret: *pgRootPassSecretName
# flag to enable debugging - application support required
debugEnabled: false
@@ -105,6 +120,6 @@ ingress:
service:
- baseaddr: "refrepo"
name: "refrepo"
- port: 97
+ port: 8703
config:
- ssl: "none"
+ ssl: "redirect"