diff options
Diffstat (limited to 'kubernetes')
40 files changed, 352 insertions, 60 deletions
diff --git a/kubernetes/aaf/values.yaml b/kubernetes/aaf/values.yaml index 19250d8f69..9a51839241 100644 --- a/kubernetes/aaf/values.yaml +++ b/kubernetes/aaf/values.yaml @@ -38,7 +38,7 @@ config: csServiceName: aaf-cass # gerrit branch where the latest aaf/auth/sample/public code exists gerritProject: http://gerrit.onap.org/r/aaf/authz.git - gerritBranch: master + gerritBranch: 2.0.0-ONAP # default number of instances replicaCount: 1 diff --git a/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml index c1b2c3ccae..b459646a6b 100644 --- a/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml +++ b/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml @@ -46,7 +46,7 @@ spec: - name: KEYSTORE_PASSWORD value: {{ .Values.config.keyStorePassword }} - name: SPARKY_SSL_ENABLED - value: 'true' + value: 'false' - name: SPARKY_PORTAL_ENABLED value: 'false' volumeMounts: @@ -83,13 +83,13 @@ spec: {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{ .Values.service.internalPort2 }} + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: tcpSocket: - port: {{ .Values.service.internalPort2 }} + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} resources: diff --git a/kubernetes/aai/charts/aai-sparky-be/templates/service.yaml b/kubernetes/aai/charts/aai-sparky-be/templates/service.yaml index e342a9a688..385cdeabca 100644 --- a/kubernetes/aai/charts/aai-sparky-be/templates/service.yaml +++ b/kubernetes/aai/charts/aai-sparky-be/templates/service.yaml @@ -21,5 +21,4 @@ spec: {{- end}} selector: app: {{ include "common.name" . }} - release: {{ .Release.Name }} - clusterIP: None + release: {{ .Release.Name }}
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-sparky-be/values.yaml b/kubernetes/aai/charts/aai-sparky-be/values.yaml index c87ec5bf02..65aa79a537 100644 --- a/kubernetes/aai/charts/aai-sparky-be/values.yaml +++ b/kubernetes/aai/charts/aai-sparky-be/values.yaml @@ -25,7 +25,7 @@ config: elasticsearchHttpPort: 9200 keyStorePassword: OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o keystoreAliasPassword: OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o - gerritBranch: master + gerritBranch: 2.0.0-ONAP gerritProject: http://gerrit.onap.org/r/aai/test-config portalUsername: aaiui portalPassword: 1t2v1vfv1unz1vgz1t3b @@ -61,9 +61,10 @@ readiness: periodSeconds: 10 service: - type: ClusterIP + type: NodePort portName: aai-sparky-be internalPort: 9517 + nodePort: 20 internalPort2: 8000 ingress: diff --git a/kubernetes/aai/resources/config/haproxy/haproxy.cfg b/kubernetes/aai/resources/config/haproxy/haproxy.cfg index b9721ae41a..e90f737bff 100644 --- a/kubernetes/aai/resources/config/haproxy/haproxy.cfg +++ b/kubernetes/aai/resources/config/haproxy/haproxy.cfg @@ -22,6 +22,9 @@ defaults log global mode http option httplog + option ssl-hello-chk + option httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ QUFJOkFBSQ== + default-server init-addr none # option dontlognull # errorfile 400 /etc/haproxy/errors/400.http # errorfile 403 /etc/haproxy/errors/403.http @@ -95,7 +98,8 @@ backend IST_Default_8447 balance roundrobin http-request set-header X-Forwarded-Port %[src_port] http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload; - server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}:8447 port 8447 ssl verify none + server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none + ####################### # BACKEND 8446######### @@ -105,7 +109,7 @@ backend IST_AAI_8446 balance roundrobin http-request set-header X-Forwarded-Port %[src_port] http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload; - server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}:8446 port 8446 ssl verify none + server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none listen IST_AAI_STATS mode http diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index 017d0c282d..b07048e134 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -56,7 +56,7 @@ global: # global defaults # application image dockerhubRepository: registry.hub.docker.com -image: aaionap/haproxy:1.2.3 +image: aaionap/haproxy:1.2.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh new file mode 100755 index 0000000000..544358c1af --- /dev/null +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh @@ -0,0 +1,15 @@ +#!/bin/bash -x + +startODL_status=$(ps -e | grep startODL | wc -l) +waiting_bundles=$(/opt/opendaylight/current/bin/client bundle:list | grep Waiting | wc -l) +run_level=$(/opt/opendaylight/current/bin/client system:start-level) + + if [ "$run_level" == "Level 100" ] && [ "$startODL_status" -lt "1" ] && [ "$waiting_bundles" -lt "1" ] + then + echo APPC is healthy. + else + echo APPC is not healthy. + exit 1 + fi + +exit 0 diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh index a990739d55..18a2783c5f 100755 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh @@ -55,6 +55,9 @@ APPC_HOME=${APPC_HOME:-/opt/onap/appc} SLEEP_TIME=${SLEEP_TIME:-120} MYSQL_PASSWD=${MYSQL_PASSWD:-{{.Values.config.dbRootPassword}}} ENABLE_ODL_CLUSTER=${ENABLE_ODL_CLUSTER:-false} +ENABLE_AAF=${ENABLE_AAF:-false} +AAF_EXT_IP=${AAF_EXT_IP:-{{.Values.config.aafExtIP}}} +AAF_EXT_FQDN=${AAF_EXT_FQDN:-{{.Values.config.aafExtFQDN}}} appcInstallStartTime=$(date +%s) @@ -143,8 +146,13 @@ then echo "" >> ${ODL_HOME}/etc/system.properties echo "Copying the aaa shiro configuration into opendaylight" - cp ${APPC_HOME}/data/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml - + if $ENABLE_AAF + then + echo "${AAF_EXT_IP} ${AAF_EXT_FQDN}" >> /etc/hosts + cp ${APPC_HOME}/data/properties/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml + else + cp ${APPC_HOME}/data/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml + fi echo "Restarting OpenDaylight" ${ODL_HOME}/bin/stop diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaa-app-config.xml b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaa-app-config.xml new file mode 100644 index 0000000000..31bc4e31de --- /dev/null +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaa-app-config.xml @@ -0,0 +1,120 @@ +<?xml version="1.0" ?> +<!-- +### +# ============LICENSE_START======================================================= +# APPC +# ================================================================================ +# Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +### + --> + +<shiro-configuration xmlns="urn:opendaylight:aaa:app:config"> + + <!-- + ================================= TokenAuthRealm ================================== + = = + = Use org.onap.aaf.cadi.shiro.AAFRealm to enable AAF authentication = + = Use org.opendaylight.aaa.shiro.realm.TokenAuthRealm = + =================================================================================== + --> + <main> + <pair-key>tokenAuthRealm</pair-key> +<!-- <pair-value>org.opendaylight.aaa.shiro.realm.TokenAuthRealm</pair-value> --> + <pair-value>org.onap.aaf.cadi.shiro.AAFRealm</pair-value> + </main> + + + <!-- add tokenAuthRealm as the only default realm --> + <main> + <pair-key>securityManager.realms</pair-key> + <pair-value>$tokenAuthRealm</pair-value> + </main> + + <!-- Used to support OAuth2 use case. --> + <main> + <pair-key>authcBasic</pair-key> + <pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter</pair-value> + </main> + + <!-- in order to track AAA challenge attempts --> + <main> + <pair-key>accountingListener</pair-key> + <pair-value>org.opendaylight.aaa.shiro.filters.AuthenticationListener</pair-value> + </main> + <main> + <pair-key>securityManager.authenticator.authenticationListeners</pair-key> + <pair-value>$accountingListener</pair-value> + </main> + + <!-- Model based authorization scheme supporting RBAC for REST endpoints --> + <main> + <pair-key>dynamicAuthorization</pair-key> + <pair-value>org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter</pair-value> + </main> + + + <!-- + =================================================================================== + = URLS = + = For AAF use <pair-value> authcBasic, roles[org.onap.appc.odl|odl-api\*] = + = org.onap.appc.odl|odl-api|* can be replaced with other AAF permissions = + = For default <pair-value> authcBasic, roles[admin] = + =================================================================================== + --> + + <!-- restrict access to some endpoints by default --> + <urls> + <pair-key>/auth/**</pair-key> +<!-- <pair-value>authcBasic, roles[admin], dynamicAuthorization</pair-value> --> + <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value> + </urls> + <urls> + <pair-key>/restconf/config/aaa-cert-mdsal**</pair-key> +<!-- <pair-value>authcBasic, roles[admin]</pair-value> --> + <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value> + </urls> + <urls> + <pair-key>/restconf/operational/aaa-cert-mdsal**</pair-key> +<!-- <pair-value>authcBasic, roles[admin]</pair-value> --> + <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value> + </urls> + <urls> + <pair-key>/restconf/operations/aaa-cert-rpc**</pair-key> +<!-- <pair-value>authcBasic, roles[admin]</pair-value> --> + <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value> + </urls> + <urls> + <pair-key>/restconf/config/aaa-authn-model**</pair-key> +<!-- <pair-value>authcBasic, roles[admin]</pair-value> --> + <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value> + </urls> + <urls> + <pair-key>/restconf/operational/aaa-authn-model**</pair-key> +<!-- <pair-value>authcBasic, roles[admin]</pair-value> --> + <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value> + </urls> + <urls> + <pair-key>/restconf/operations/cluster-admin**</pair-key> +<!-- <pair-value>authcBasic, roles[admin]</pair-value> --> + <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value> + </urls> + <urls> + <pair-key>/**</pair-key> +<!-- <pair-value>authcBasic, roles[admin]</pair-value> --> + <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value> + </urls> +</shiro-configuration> + diff --git a/kubernetes/appc/templates/statefulset.yaml b/kubernetes/appc/templates/statefulset.yaml index d2da2ec756..791d93393e 100644 --- a/kubernetes/appc/templates/statefulset.yaml +++ b/kubernetes/appc/templates/statefulset.yaml @@ -45,8 +45,9 @@ spec: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.externalPort2 }} readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} + exec: + command: + - /opt/appc/bin/health_check.sh initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: @@ -61,6 +62,8 @@ spec: value: "{{ .Values.config.configDir }}" - name: DMAAP_TOPIC_ENV value: "{{ .Values.config.dmaapTopic }}" + - name: ENABLE_AAF + value: "{{ .Values.config.enableAAF }}" - name: ENABLE_ODL_CLUSTER value: "{{ .Values.config.enableClustering }}" - name: APPC_REPLICAS @@ -81,6 +84,9 @@ spec: - mountPath: /opt/onap/appc/data/properties/aaiclient.properties name: onap-appc-data-properties subPath: aaiclient.properties + - mountPath: /opt/onap/appc/data/properties/aaa-app-config.xml + name: onap-appc-data-properties + subPath: aaa-app-config.xml - mountPath: /opt/onap/appc/svclogic/config/svclogic.properties name: onap-appc-svclogic-config subPath: svclogic.properties @@ -93,6 +99,9 @@ spec: - mountPath: /opt/onap/appc/bin/installAppcDb.sh name: onap-appc-bin subPath: installAppcDb.sh + - mountPath: /opt/onap/appc/bin/health_check.sh + name: onap-appc-bin + subPath: health_check.sh - mountPath: /opt/onap/ccsdk/data/properties/dblib.properties name: onap-sdnc-data-properties subPath: dblib.properties diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml index 4b47c63a42..1c20977b90 100644 --- a/kubernetes/appc/values.yaml +++ b/kubernetes/appc/values.yaml @@ -29,7 +29,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/appc-image:1.3.0 +image: onap/appc-image:1.4.0-SNAPSHOT-latest pullPolicy: Always # flag to enable debugging - application support required @@ -37,7 +37,10 @@ debugEnabled: false # application configuration config: + aafExtIP: 127.0.0.1 + aafExtFQDN: aaf-onap-beijing-test.osaaf.org dbRootPassword: openECOMP1.0 + enableAAF: false enableClustering: true configDir: /opt/onap/appc/data/properties dmaapTopic: SUCCESS diff --git a/kubernetes/common/dgbuilder/resources/config/svclogic.properties b/kubernetes/common/dgbuilder/resources/config/svclogic.properties index dc3980de21..82eeec5e61 100644 --- a/kubernetes/common/dgbuilder/resources/config/svclogic.properties +++ b/kubernetes/common/dgbuilder/resources/config/svclogic.properties @@ -2,4 +2,4 @@ org.onap.ccsdk.sli.dbtype=jdbc org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/sdnctl org.onap.ccsdk.sli.jdbc.database=sdnctl org.onap.ccsdk.sli.jdbc.user=sdnctl -org.onap.ccsdk.sli.jdbc.password=gamma +org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}} diff --git a/kubernetes/common/dgbuilder/resources/scripts/createReleaseDir.sh b/kubernetes/common/dgbuilder/resources/scripts/createReleaseDir.sh index 76d17700b0..961792be3f 100755 --- a/kubernetes/common/dgbuilder/resources/scripts/createReleaseDir.sh +++ b/kubernetes/common/dgbuilder/resources/scripts/createReleaseDir.sh @@ -19,7 +19,7 @@ dbHost="{{.Values.config.dbServiceName}}.{{.Release.Namespace}}" dbPort="3306" dbName="sdnctl" dbUser="sdnctl" -dbPassword="gamma" +dbPassword="{{.Values.config.dbSdnctlPassword}}" gitLocalRepository="$4" lastPort=$(find "releases/" -name "customSettings.js" |xargs grep uiPort|cut -d: -f2|sed -e s/,//|sort|tail -1) @@ -99,7 +99,7 @@ then echo "org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{.Release.Namespace}}:3306/sdnctl" >>$svclogicPropFile echo "org.onap.ccsdk.sli.jdbc.database=sdnctl" >>$svclogicPropFile echo "org.onap.ccsdk.sli.jdbc.user=sdnctl" >>$svclogicPropFile - echo "org.onap.ccsdk.sli.jdbc.password=gamma" >>$svclogicPropFile + echo "org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}}" >>$svclogicPropFile fi if [ ! -e "${appDir}/flowShareUsers.js" ] then diff --git a/kubernetes/common/dgbuilder/resources/scripts/customSettings.js b/kubernetes/common/dgbuilder/resources/scripts/customSettings.js index 22810baabd..e3349b9d5a 100644 --- a/kubernetes/common/dgbuilder/resources/scripts/customSettings.js +++ b/kubernetes/common/dgbuilder/resources/scripts/customSettings.js @@ -27,25 +27,25 @@ module.exports={ "userDir": "releases/sdnc1.0", "httpAuth": { "user": "dguser", - "pass": "cc03e747a6afbbcbf8be7668acfebee5" + "pass": "{{.Values.config.dgUserPassword}}" }, "dbHost": "{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}", "dbPort": "3306", "dbName": "sdnctl", "dbUser": "sdnctl", - "dbPassword": "gamma", + "dbPassword": "{{.Values.config.dbSdnctlPassword}}", "gitLocalRepository": "", "httpRoot": "/", "disableEditor": false, "httpAdminRoot": "/", "httpAdminAuth": { "user": "dguser", - "pass": "cc03e747a6afbbcbf8be7668acfebee5" + "pass": "{{.Values.config.dgUserPassword}}" }, "httpNodeRoot": "/", "httpNodeAuth": { "user": "dguser", - "pass": "cc03e747a6afbbcbf8be7668acfebee5" + "pass": "{{.Values.config.dgUserPassword}}" }, "uiHost": "0.0.0.0", "version": "0.9.1", diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml index e2d0c10709..759b940aea 100644 --- a/kubernetes/common/dgbuilder/values.yaml +++ b/kubernetes/common/dgbuilder/values.yaml @@ -42,9 +42,11 @@ debugEnabled: false # application configuration config: dbRootPassword: openECOMP1.0 + dbSdnctlPassword: gamma dbPodName: mysql-db dbServiceName: sdnc-dbhost - + # MD5 hash of dguser password ( default: test123 ) + dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5 # default number of instances replicaCount: 1 diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/values.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/values.yaml index d6a8c2c03c..b2b454d8bc 100644 --- a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/values.yaml +++ b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/values.yaml @@ -43,7 +43,7 @@ debugEnabled: false # application configuration config: # gerrit branch where the latest code is checked in - gerritBranch: master + gerritBranch: 2.0.0-ONAP # gerrit project where the latest code is checked in gerritProject: http://gerrit.onap.org/r/dmaap/messagerouter/messageservice.git diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/values.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/values.yaml index a71b14a046..3810cdfe57 100644 --- a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/values.yaml +++ b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/values.yaml @@ -39,7 +39,7 @@ debugEnabled: false # application configuration config: # gerrit branch where the latest code is checked in - gerritBranch: master + gerritBranch: 2.0.0-ONAP # gerrit project where the latest code is checked in gerritProject: http://gerrit.onap.org/r/dmaap/messagerouter/messageservice.git diff --git a/kubernetes/policy/charts/drools/charts/nexus/values.yaml b/kubernetes/policy/charts/drools/charts/nexus/values.yaml index 03a03cc198..add7a7c7be 100644 --- a/kubernetes/policy/charts/drools/charts/nexus/values.yaml +++ b/kubernetes/policy/charts/drools/charts/nexus/values.yaml @@ -46,14 +46,14 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 10 + initialDelaySeconds: 180 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: - initialDelaySeconds: 10 + initialDelaySeconds: 60 periodSeconds: 10 path: /nexus/service/local/status diff --git a/kubernetes/policy/charts/mariadb/values.yaml b/kubernetes/policy/charts/mariadb/values.yaml index 7703234a66..a3dd7676a4 100644 --- a/kubernetes/policy/charts/mariadb/values.yaml +++ b/kubernetes/policy/charts/mariadb/values.yaml @@ -45,14 +45,14 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 10 + initialDelaySeconds: 120 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: - initialDelaySeconds: 10 + initialDelaySeconds: 120 periodSeconds: 10 ## Persist data to a persitent volume diff --git a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml index f242c41e05..5500163ba7 100644 --- a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml +++ b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml @@ -33,21 +33,16 @@ limitations under the License. ============LICENSE_END============================================ - - ECOMP is a trademark and service mark of AT&T Intellectual Property. --> <!DOCTYPE xml> <configuration scan="true" scanPeriod="3 seconds" debug="true"> - <!-- Log-back files for the ECOMP Portal are created in directory - ${catalina.base}/logs/${componentName}; e.g., apache-tomcat-8.0.35/logs/onapportal/application.log --> - <!--<jmxConfigurator /> --> <!-- specify the component name --> <property name="componentName" value="onapportal"></property> <!-- specify the base path of the log directory --> - <property name="logDirPrefix" value="${catalina.base}/logs"></property> + <property name="logDirPrefix" value="/var/log/onap"></property> <!-- The directories where logs are written --> <property name="logDirectory" value="${logDirPrefix}/${componentName}" /> diff --git a/kubernetes/portal/charts/portal-mariadb/values.yaml b/kubernetes/portal/charts/portal-mariadb/values.yaml index 49fc36f3a8..fe41734ea7 100644 --- a/kubernetes/portal/charts/portal-mariadb/values.yaml +++ b/kubernetes/portal/charts/portal-mariadb/values.yaml @@ -48,7 +48,7 @@ config: # application's front end hostname. Must be resolvable on the client side environment vidHostName: "vid.api.simpledemo.onap.org" # aai sparky ui assignment for port 8080 - aaiSparkyPort: "" # TODO: populate with + aaiSparkyPort: "30220" # application's front end hostname. Must be resolvable on the client side environment aaiSparkyHostName: "aai.api.sparky.simpledemo.onap.org" # cli ui assignment for port 8080 diff --git a/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml b/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml index 864a8b9250..d1465c5f4e 100644 --- a/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml +++ b/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml @@ -34,19 +34,13 @@ ============LICENSE_END============================================ - ECOMP is a trademark and service mark of AT&T Intellectual Property. --> <configuration scan="true" scanPeriod="3 seconds" debug="true"> - <!-- - Logback files for the ONAP Portal SDK Application - are created in directory ${catalina.base}/logs/${componentName} - e.g., apache-tomcat-8.0.35/logs/onapsdk/application.log - --> <!--<jmxConfigurator /> --> <!-- specify the component name --> <property name="componentName" value="onapsdk"></property> <!-- specify the base path of the log directory --> - <property name="logDirPrefix" value="${catalina.base}/logs"></property> + <property name="logDirPrefix" value="/var/log/onap"></property> <!-- The directories where logs are written --> <property name="logDirectory" value="${logDirPrefix}/${componentName}" /> <!-- Can easily relocate debug logs by modifying this path. --> @@ -223,4 +217,4 @@ <root level="DEBUG"> <appender-ref ref="asyncEELF" /> </root> -</configuration>
\ No newline at end of file +</configuration> diff --git a/kubernetes/portal/docker/init/mariadb-client/Dockerfile b/kubernetes/portal/docker/init/mariadb-client/Dockerfile index 009f2fa757..e64b1e2d87 100644 --- a/kubernetes/portal/docker/init/mariadb-client/Dockerfile +++ b/kubernetes/portal/docker/init/mariadb-client/Dockerfile @@ -1,6 +1,6 @@ FROM boxfuse/flyway:5.0.7-alpine -ARG branch=master +ARG branch=2.0.0-ONAP ENV no_proxy "localhost,127.0.0.1,.cluster.local,$KUBERNETES_SERVICE_HOST" # Setup Corporate proxy ENV https_proxy ${HTTP_PROXY} diff --git a/kubernetes/robot/resources/config/eteshare/config/vm_properties.py b/kubernetes/robot/resources/config/eteshare/config/vm_properties.py index 261d345c84..62f0b630a2 100755 --- a/kubernetes/robot/resources/config/eteshare/config/vm_properties.py +++ b/kubernetes/robot/resources/config/eteshare/config/vm_properties.py @@ -12,7 +12,7 @@ GLOBAL_INJECTED_DCAE_IP_ADDR = "dcae-healthcheck.{{include "common.namespace" .} GLOBAL_INJECTED_DNS_IP_ADDR = "N/A" GLOBAL_INJECTED_DOCKER_VERSION = "1.2-STAGING-latest" GLOBAL_INJECTED_EXTERNAL_DNS = "N/A" -GLOBAL_INJECTED_GERRIT_BRANCH = "master" +GLOBAL_INJECTED_GERRIT_BRANCH = "2.0.0-ONAP" GLOBAL_INJECTED_LOG_ELASTICSEARCH_IP_ADDR = "log-es.{{include "common.namespace" .}}" GLOBAL_INJECTED_LOG_KIBANA_IP_ADDR = "log-kibana.{{include "common.namespace" .}}" GLOBAL_INJECTED_LOG_LOGSTASH_IP_ADDR = "log-ls-http.{{include "common.namespace" .}}" @@ -67,7 +67,7 @@ GLOBAL_INJECTED_PROPERTIES = { "GLOBAL_INJECTED_DNS_IP_ADDR" : "N/A", "GLOBAL_INJECTED_DOCKER_VERSION" : "1.2-STAGING-latest", "GLOBAL_INJECTED_EXTERNAL_DNS" : "N/A", - "GLOBAL_INJECTED_GERRIT_BRANCH" : "master", + "GLOBAL_INJECTED_GERRIT_BRANCH" : "2.0.0-ONAP", "GLOBAL_INJECTED_KEYSTONE" : "{{ .Values.openStackKeyStoneUrl }}", "GLOBAL_INJECTED_LOG_ELASTICSEARCH_IP_ADDR" : "log-es.{{include "common.namespace" .}}", "GLOBAL_INJECTED_LOG_KIBANA_IP_ADDR" : "log-kibana.{{include "common.namespace" .}}", diff --git a/kubernetes/robot/templates/deployment.yaml b/kubernetes/robot/templates/deployment.yaml index 0b658093bf..e5cc1d3a0f 100644 --- a/kubernetes/robot/templates/deployment.yaml +++ b/kubernetes/robot/templates/deployment.yaml @@ -77,12 +77,14 @@ spec: subPath: sdngc_interface.robot - name: robot-resources mountPath: /var/opt/OpenECOMP_ETE/robot/resources/oof_interface.robot - subPath: oof_interface.robot + subPath: oof_interface.robot - name: robot-lighttpd-authorization mountPath: /etc/lighttpd/authorization subPath: authorization - name: demodir mountPath: /share + - name: robot-logs + mountPath: /share/logs resources: {{ toYaml .Values.resources | indent 12 }} {{- if .Values.nodeSelector }} @@ -94,6 +96,13 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: + {{- if .Values.persistence.enabled }} + - name: robot-logs + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }} + {{- else }} + emptyDir: {} + {{- end }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/robot/templates/pv.yaml b/kubernetes/robot/templates/pv.yaml new file mode 100644 index 0000000000..184728f8ad --- /dev/null +++ b/kubernetes/robot/templates/pv.yaml @@ -0,0 +1,37 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} +spec: + capacity: + storage: {{ .Values.persistence.size}} + accessModes: + - {{ .Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }} +{{- end -}} diff --git a/kubernetes/robot/templates/pvc.yaml b/kubernetes/robot/templates/pvc.yaml new file mode 100644 index 0000000000..e27c3311e9 --- /dev/null +++ b/kubernetes/robot/templates/pvc.yaml @@ -0,0 +1,48 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + name: {{ include "common.fullname" . }} + accessModes: + - {{ .Values.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.size }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml index cc81b9d110..aea67c84aa 100644 --- a/kubernetes/robot/values.yaml +++ b/kubernetes/robot/values.yaml @@ -18,6 +18,7 @@ global: # global defaults nodePortPrefix: 302 ubuntuInitRepository: registry.hub.docker.com + persistence: {} # application image repository: nexus3.onap.org:10001 @@ -38,7 +39,7 @@ config: # Password of the lighthttpd server. Used for HTML auth for webpage access lightHttpdPassword: robot # gerrit branch where the latest heat code is checked in - gerritBranch: master + gerritBranch: 2.0.0-ONAP # gerrit project where the latest heat code is checked in gerritProject: http://gerrit.onap.org/r/demo.git @@ -79,7 +80,7 @@ openStackPrivateNetCidr: "10.0.0.0/8" openStackOamNetworkCidrPrefix: "10.0" # Override with Pub Key for access to VNF vnfPubKey: "FILL_IN_WITH_PUB_KEY" -# Override with DCAE VES Collector external IP +# Override with DCAE VES Collector external IP dcaeCollectorIp: "FILL_IN_WITH_DCAE_VES_COLLECTOR_IP" # default number of instances @@ -133,3 +134,26 @@ resources: {} # requests: # cpu: 2 # memory: 4Gi + +## Persist data to a persitent volume +persistence: + enabled: true + + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + volumeReclaimPolicy: Retain + + ## database data Persistent Volume Storage Class + ## If defined, storageClassName: <storageClass> + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + accessMode: ReadWriteMany + size: 2Gi + mountPath: /dockerdata-nfs + mountSubPath: robot/logs
\ No newline at end of file diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml index f69ae0ff80..ca708937ee 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml @@ -49,7 +49,7 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 60 + initialDelaySeconds: 180 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container diff --git a/kubernetes/sdnc/charts/sdnc-portal/resources/config/admportal.json b/kubernetes/sdnc/charts/sdnc-portal/resources/config/admportal.json index f6d202ef09..a6950fdd70 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/resources/config/admportal.json +++ b/kubernetes/sdnc/charts/sdnc-portal/resources/config/admportal.json @@ -36,7 +36,7 @@ "dbFabricPassword": "admin", "dbFabricDB": "mysql", "dbUser": "sdnctl", - "dbPassword": "gamma", + "dbPassword": "{{.Values.config.dbSdnctlPassword}}", "dbName": "sdnctl", "odlProtocol": "http", "odlHost": "sdnc.{{.Release.Namespace}}", diff --git a/kubernetes/sdnc/charts/sdnc-portal/resources/config/dblib.properties b/kubernetes/sdnc/charts/sdnc-portal/resources/config/dblib.properties index 9e4c88a879..68357baae6 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/resources/config/dblib.properties +++ b/kubernetes/sdnc/charts/sdnc-portal/resources/config/dblib.properties @@ -22,7 +22,7 @@ org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.mysql.service.name}}.{{.Relea org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver org.onap.ccsdk.sli.jdbc.database=sdnctl org.onap.ccsdk.sli.jdbc.user=sdnctl -org.onap.ccsdk.sli.jdbc.password=gamma +org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}} org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01 org.onap.ccsdk.sli.jdbc.connection.timeout=50 org.onap.ccsdk.sli.jdbc.request.timeout=100 diff --git a/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties b/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties index e0e3295735..cc13a9d707 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties +++ b/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties @@ -2,4 +2,4 @@ org.openecomp.sdnctl.sli.dbtype = jdbc org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb01:3306/sdnctl org.openecomp.sdnctl.sli.jdbc.database = sdnctl org.openecomp.sdnctl.sli.jdbc.user = sdnctl -org.openecomp.sdnctl.sli.jdbc.password = gamma
\ No newline at end of file +org.openecomp.sdnctl.sli.jdbc.password = {{.Values.config.dbSdnctlPassword}}
\ No newline at end of file diff --git a/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties.sdnctldb02 b/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties.sdnctldb02 index e665a56d75..c75c603f22 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties.sdnctldb02 +++ b/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties.sdnctldb02 @@ -2,4 +2,4 @@ org.openecomp.sdnctl.sli.dbtype = jdbc org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb02:3306/sdnctl org.openecomp.sdnctl.sli.jdbc.database = sdnctl org.openecomp.sdnctl.sli.jdbc.user = sdnctl -org.openecomp.sdnctl.sli.jdbc.password = gamma
\ No newline at end of file +org.openecomp.sdnctl.sli.jdbc.password = {{.Values.config.dbSdnctlPassword}}
\ No newline at end of file diff --git a/kubernetes/sdnc/charts/sdnc-portal/values.yaml b/kubernetes/sdnc/charts/sdnc-portal/values.yaml index e741db312a..147d391041 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-portal/values.yaml @@ -37,6 +37,7 @@ debugEnabled: false config: mysqlChartName: sdnc-db dbRootPassword: openECOMP1.0 + dbSdnctlPassword: gamma sdncChartName: sdnc configDir: /opt/onap/sdnc/data/properties odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U @@ -50,7 +51,7 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 60 + initialDelaySeconds: 180 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container diff --git a/kubernetes/sdnc/resources/config/conf/dblib.properties b/kubernetes/sdnc/resources/config/conf/dblib.properties index 362726a6d8..dd2bcabcc5 100644 --- a/kubernetes/sdnc/resources/config/conf/dblib.properties +++ b/kubernetes/sdnc/resources/config/conf/dblib.properties @@ -22,7 +22,7 @@ org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.mysql.service.name}}.{{.Relea org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver org.onap.ccsdk.sli.jdbc.database=sdnctl org.onap.ccsdk.sli.jdbc.user=sdnctl -org.onap.ccsdk.sli.jdbc.password=gamma +org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}} org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01 org.onap.ccsdk.sli.jdbc.connection.timeout=50 org.onap.ccsdk.sli.jdbc.request.timeout=100 diff --git a/kubernetes/sdnc/resources/config/conf/svclogic.properties b/kubernetes/sdnc/resources/config/conf/svclogic.properties index 99f6cf84b7..e564012c8f 100644 --- a/kubernetes/sdnc/resources/config/conf/svclogic.properties +++ b/kubernetes/sdnc/resources/config/conf/svclogic.properties @@ -23,5 +23,5 @@ org.onap.ccsdk.sli.dbtype = jdbc org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.mysql.service.name}}.{{.Release.Namespace}}:{{.Values.mysql.service.internalPort}}/sdnctl org.onap.ccsdk.sli.jdbc.database = sdnctl org.onap.ccsdk.sli.jdbc.user = sdnctl -org.onap.ccsdk.sli.jdbc.password = gamma +org.onap.ccsdk.sli.jdbc.password = {{.Values.config.dbSdnctlPassword}} diff --git a/kubernetes/sdnc/templates/secrets.yaml b/kubernetes/sdnc/templates/secrets.yaml index 754f117e38..a900132c31 100644 --- a/kubernetes/sdnc/templates/secrets.yaml +++ b/kubernetes/sdnc/templates/secrets.yaml @@ -25,3 +25,17 @@ metadata: type: Opaque data: odl-password: {{ .Values.config.odlPassword | b64enc | quote }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-sdnctl + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: + db-sdnctl-password: {{ .Values.config.dbSdnctlPassword | b64enc | quote }} diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index 69816dffb4..03ae8800bd 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -74,6 +74,11 @@ spec: secretKeyRef: name: {{ template "common.fullname" . }}-odl key: odl-password + - name: SDNC_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }}-sdnctl + key: db-sdnctl-password - name: SDNC_CONFIG_DIR value: "{{ .Values.config.configDir }}" - name: ENABLE_ODL_CLUSTER diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 58adf48f99..0c602e50cd 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -40,6 +40,7 @@ debugEnabled: false config: odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U dbRootPassword: openECOMP1.0 + dbSdnctlPassword: gamma enableClustering: true binDir: /opt/onap/sdnc/bin geoEnabled: false @@ -83,6 +84,7 @@ sdnc-portal: mysqlChartName: sdnc-db configDir: /opt/onap/sdnc/data/properties dbRootPassword: openECOMP1.0 + dbSdnctlPassword: gamma odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U sdnc-ansible-server: @@ -112,6 +114,8 @@ dgbuilder: dbPodName: sdnc-db dbServiceName: sdnc-dbhost dbRootPassword: openECOMP1.0 + dbSdnctlPassword: gamma + dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5 service: name: sdnc-dgbuilder nodePort: "03" diff --git a/kubernetes/so/charts/mariadb/values.yaml b/kubernetes/so/charts/mariadb/values.yaml index a46b31a44e..693e3dd689 100644 --- a/kubernetes/so/charts/mariadb/values.yaml +++ b/kubernetes/so/charts/mariadb/values.yaml @@ -32,7 +32,7 @@ ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 config: mariadbRootPassword: password # gerrit branch where the latest heat code is checked in - gerritBranch: master + gerritBranch: 2.0.0-ONAP # gerrit project where the latest heat code is checked in gerritProject: http://gerrit.onap.org/r/so/docker-config.git |