diff options
Diffstat (limited to 'kubernetes')
133 files changed, 1497 insertions, 2923 deletions
diff --git a/kubernetes/Makefile b/kubernetes/Makefile index 3f41c3cc4b..7150f10c1f 100644 --- a/kubernetes/Makefile +++ b/kubernetes/Makefile @@ -20,6 +20,12 @@ OUTPUT_DIR := $(ROOT_DIR)/dist PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets +ifneq ($(SKIP_LINT),TRUE) + HELM_LINT_CMD := helm lint +else + HELM_LINT_CMD := echo "Skipping linting of" +endif + SUBMODS := robot aai EXCLUDES := config oneclick readiness test dist helm $(PARENT_CHART) dcae $(SUBMODS) HELM_CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) $(PARENT_CHART) @@ -55,7 +61,7 @@ dep-%: make-% @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) diff --git a/kubernetes/aaf/charts/aaf-cm/values.yaml b/kubernetes/aaf/charts/aaf-cm/values.yaml index 2bd05d81ed..4078fb3c22 100644 --- a/kubernetes/aaf/charts/aaf-cm/values.yaml +++ b/kubernetes/aaf/charts/aaf-cm/values.yaml @@ -63,7 +63,7 @@ ingress: resources: small: limits: - cpu: 20m + cpu: 400m memory: 300Mi requests: cpu: 1m diff --git a/kubernetes/aaf/charts/aaf-locate/values.yaml b/kubernetes/aaf/charts/aaf-locate/values.yaml index ce59d2dec9..74638d17a8 100644 --- a/kubernetes/aaf/charts/aaf-locate/values.yaml +++ b/kubernetes/aaf/charts/aaf-locate/values.yaml @@ -63,7 +63,7 @@ ingress: resources: small: limits: - cpu: 40m + cpu: 100m memory: 320Mi requests: cpu: 1m diff --git a/kubernetes/aaf/charts/aaf-sms/values.yaml b/kubernetes/aaf/charts/aaf-sms/values.yaml index 2de7466209..41bde75677 100644 --- a/kubernetes/aaf/charts/aaf-sms/values.yaml +++ b/kubernetes/aaf/charts/aaf-sms/values.yaml @@ -89,9 +89,9 @@ resources: small: limits: cpu: 100m - memory: 15Mi + memory: 30Mi requests: - cpu: 10m + cpu: 25m memory: 10Mi large: limits: diff --git a/kubernetes/aai b/kubernetes/aai -Subproject 764cd8514707c1630dbfa6792b8d15953d5b9a5 +Subproject 23f076495d36081f34a367067918d15fcc5ada8 diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/hazelcast.yaml b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/hazelcast.yaml new file mode 100755 index 0000000000..3a3a1ce095 --- /dev/null +++ b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/hazelcast.yaml @@ -0,0 +1,35 @@ +hazelcast: + cp-subsystem: + cp-member-count: {{ .Values.replicaCount }} + group-size: {{ .Values.cluster.groupSize }} + session-time-to-live-seconds: 10 + session-heartbeat-interval-seconds: 5 + missing-cp-member-auto-removal-seconds: 120 + fail-on-indeterminate-operation-state: false + raft-algorithm: + leader-election-timeout-in-millis: 2000 + leader-heartbeat-period-in-millis: 5000 + max-missed-leader-heartbeat-count: 5 + append-request-max-entry-count: 50 + commit-index-advance-count-to-snapshot: 1000 + uncommitted-entry-count-to-reject-new-appends: 100 + append-request-backoff-timeout-in-millis: 100 + network: + enabled: true + rest-api: + enabled: true + endpoint-groups: + HEALTH_CHECK: + enabled: true + CP: + enabled: true + join: + multicast: + enabled: false + kubernetes: + enabled: true + namespace: {{ include "common.namespace" . }} + service-name: {{ include "common.servicename" . }}-cluster + resolve-not-ready-addresses: true + # service-label-name: MY-SERVICE-LABEL-NAME + # service-label-value: MY-SERVICE-LABEL-VALUE diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml b/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml index a90e4d7b68..749e9a4637 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml @@ -24,6 +24,18 @@ metadata: heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} + strategy: + type: RollingUpdate + rollingUpdate: + # This allow a new pod to be ready before terminating the old one + # causing no downtime when replicas is set to 1 + maxUnavailable: 0 + + # maxSurge to 1 is very important for the hazelcast integration + # we only want one pod at a time to restart not multiple + # and break the hazelcast cluster. We should not use % maxSurge value + # ref : https://hazelcast.com/blog/rolling-upgrade-hazelcast-imdg-on-kubernetes/ + maxSurge: 1 template: metadata: labels: @@ -56,9 +68,23 @@ spec: env: - name: APP_CONFIG_HOME value: {{ .Values.config.appConfigDir }} + - name: USE_SCRIPT_COMPILE_CACHE + value: {{ .Values.config.useScriptCompileCache | quote }} + # Cluster should only be enabled when replicaCount is more than 2 and useScriptCompileCache is set to false otherwise it won't work properly + - name: CLUSTER_ENABLED + value: {{ if and (gt (int (.Values.replicaCount)) 2) (not .Values.config.useScriptCompileCache) }} {{ .Values.cluster.enabled | quote }} {{ else }} "false" {{ end }} + - name: CLUSTER_ID + value: {{ .Values.cluster.clusterName }} + - name: CLUSTER_NODE_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: CLUSTER_CONFIG_FILE + value: {{ .Values.config.appConfigDir }}/hazelcast.yaml ports: - containerPort: {{ .Values.service.http.internalPort }} - containerPort: {{ .Values.service.grpc.internalPort }} + - containerPort: {{ .Values.service.cluster.internalPort }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{ if .Values.liveness.enabled }} @@ -93,6 +119,9 @@ spec: - mountPath: {{ .Values.config.appConfigDir }}/logback.xml name: {{ include "common.fullname" . }}-config subPath: logback.xml + - mountPath: {{ .Values.config.appConfigDir }}/hazelcast.yaml + name: {{ include "common.fullname" . }}-config + subPath: hazelcast.yaml - mountPath: {{ .Values.config.appConfigDir }}/ONAP_RootCA.cer name: {{ include "common.fullname" . }}-config @@ -122,6 +151,8 @@ spec: path: application.properties - key: logback.xml path: logback.xml + - key: hazelcast.yaml + path: hazelcast.yaml - key: ONAP_RootCA.cer path: ONAP_RootCA.cer - name: {{ include "common.fullname" . }}-blueprints diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/service.yaml b/kubernetes/cds/charts/cds-blueprints-processor/templates/service.yaml index 411df8631c..a6a21a6a01 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/templates/service.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/templates/service.yaml @@ -56,3 +56,27 @@ spec: selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }}-cluster + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: +spec: + type: {{ .Values.service.cluster.type }} + ports: + - port: {{ .Values.service.cluster.externalPort }} + targetPort: {{ .Values.service.cluster.internalPort }} + {{- if eq .Values.service.cluster.type "NodePort"}} + nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.cluster.nodePort }} + {{- end}} + name: {{ .Values.service.cluster.portName | default "cluster" }} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} diff --git a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml index 781b5383fe..35661c29e9 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml @@ -47,6 +47,7 @@ debugEnabled: false # application configuration config: appConfigDir: /opt/app/onap/config + useScriptCompileCache: true # default number of instances replicaCount: 1 @@ -85,6 +86,11 @@ service: portName: blueprints-processor-grpc internalPort: 9111 externalPort: 9111 + cluster: + type: ClusterIP + portName: blueprints-processor-cluster + internalPort: 5701 + externalPort: 5701 persistence: volumeReclaimPolicy: Retain @@ -94,6 +100,17 @@ persistence: mountSubPath: cds/blueprints/deploy deployedBlueprint: /opt/app/onap/blueprints/deploy +cluster: + # Cannot have cluster enabled if the replicaCount is not at least 3 + # AND config value useScriptCompileCache is not set to false + enabled: false + + clusterName: cds-cluster + + # Defines the number of node to be part of the CP subsystem/raft algorithm. This value should be + # between 3 and 7 only. + groupSize: 3 + ingress: enabled: false service: diff --git a/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml b/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml index 26affe600c..e4deab0e15 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml +++ b/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml @@ -1,4 +1,5 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. +--- +# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -30,30 +31,24 @@ # The default name is elasticsearch, but you should change it to an appropriate name which describes the # purpose of the cluster. # -cluster.name: "clamp-dashboard" -# -# The port that other nodes in the cluster should use when communicating with this node. -# Required for Elasticsearch's nodes running on different cluster nodes. -# More : https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-transport.html -#transport.publish_port:$transport.publish_port -# -# The host address to publish for nodes in the cluster to connect to. -# Required for Elasticsearch's nodes running on different cluster nodes. -# More : https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-transport.html -#transport.publish_host:$transport.publish_host +## Default Elasticsearch configuration from elasticsearch-docker. +## from https://opendistro.github.io/for-elasticsearch-docs/docs/elasticsearch/configuration/ # -# ------------------------------------ Node ------------------------------------ -# -# It is better to provide different meaningfull names fot different elastic nodes. -# By default, Elasticsearch will take the 7 first character of the randomly generated uuid used as the node id. -# Note that the node id is persisted and does not change when a node restarts + +cluster.name: "clamp-dashboard" +node.name: "cldash-es-node1" +# ---------------------------------- Network ----------------------------------- # -#node.name: $node.name +# Set the bind address to a specific IP (IPv4 or IPv6): +# In order to communicate and to form a cluster with nodes on other servers, your node will need to bind to a +# non-loopback address. +network.host: 0.0.0.0 # -# Add custom attributes to the node: +# Set a custom port for HTTP: If required, default is 9200-9300 # -#node.attr.rack: r1 +#http.port: $http.port # +# For more information, consult the network module documentation. # ----------------------------------- Paths ------------------------------------ # # The location of the data files of each index / shard allocated on the node. Can hold multiple locations separated by coma. @@ -78,19 +73,6 @@ bootstrap.memory_lock: false # # Elasticsearch performs poorly when the system is swapping the memory. # -# ---------------------------------- Network ----------------------------------- -# -# Set the bind address to a specific IP (IPv4 or IPv6): -# In order to communicate and to form a cluster with nodes on other servers, your node will need to bind to a -# non-loopback address. -network.host: 0.0.0.0 -# -# Set a custom port for HTTP: If required, default is 9200-9300 -# -#http.port: $http.port -# -# For more information, consult the network module documentation. -# # --------------------------------- Discovery ---------------------------------- # # Pass an initial list of hosts to perform discovery when new node is started @@ -98,24 +80,16 @@ network.host: 0.0.0.0 # that are likely to be live and contactable. # By default, Elasticsearch will bind to the available loopback addresses and will scan ports 9300 to 9305 to try # to connect to other nodes running on the same server. -# -#$discovery.zen.ping.unicast.hosts -# -# This setting tells Elasticsearch to not elect a master unless there are enough master-eligible nodes -# available. Only then will an election take place. -# Prevent the "split brain" by configuring the majority of nodes (total number of master-eligible nodes / 2 + 1): +# # minimum_master_nodes need to be explicitly set when bound on a public IP +# # set to 1 to allow single node clusters +# # Details: https://github.com/elastic/elasticsearch/pull/17288 discovery.zen.minimum_master_nodes: 1 -# -# For more information, consult the zen discovery module documentation. -# -# ---------------------------------- Gateway ----------------------------------- -# -# Block initial recovery after a full cluster restart until N nodes are started: -# -#gateway.recover_after_nodes: 3 -# -# For more information, consult the gateway module documentation. -# +discovery.seed_hosts: [] +# # Breaking change in 7.0 +# # https://www.elastic.co/guide/en/elasticsearch/reference/7.0/breaking-changes-7.0.html#breaking_70_discovery_changes +cluster.initial_master_nodes: + - cldash-es-node1 +# - docker-test-node-1 # ---------------------------------- Various ----------------------------------- # # Require explicit names when deleting indices: @@ -129,26 +103,26 @@ http.port: {{.Values.service.externalPort}} # Defaults to 9300-9400. # More info: transport.tcp.port: {{.Values.service.externalPort2}} -#xpack.graph.enabled: false -#Set to false to disable X-Pack graph features. -#xpack.ml.enabled: false -#Set to false to disable X-Pack machine learning features. -#xpack.monitoring.enabled: false -#Set to false to disable X-Pack monitoring features. +######## Start OpenDistro for Elasticsearch Security Demo Configuration ######## +# WARNING: revise all the lines below before you go into production +opendistro_security.ssl.transport.pemcert_filepath: esnode.pem +opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem +opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem +opendistro_security.ssl.transport.enforce_hostname_verification: false +opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}} +opendistro_security.ssl.http.pemcert_filepath: esnode.pem +opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem +opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem +opendistro_security.allow_unsafe_democertificates: true +opendistro_security.allow_default_init_securityindex: true +opendistro_security.authcz.admin_dn: + - CN=kirk,OU=client,O=client,L=test, C=de -#xpack.watcher.enabled: false -#Set to false to disable Watcher. - -#xpack.license.self_generated.type: basic -#xpack.security.enabled: false - -## Search Guard -# -searchguard.enterprise_modules_enabled: false -searchguard.ssl.transport.keystore_filepath: sg/node-0-keystore.jks -searchguard.ssl.transport.truststore_filepath: sg/truststore.jks -searchguard.ssl.transport.enforce_hostname_verification: false - -searchguard.authcz.admin_dn: - - "CN=kirk,OU=client,O=client,l=tEst,C=De" +opendistro_security.audit.type: internal_elasticsearch +opendistro_security.enable_snapshot_restore_privilege: true +opendistro_security.check_snapshot_restore_write_privileges: true +opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"] +cluster.routing.allocation.disk.threshold_enabled: false +node.max_local_storage_nodes: 3 +######## End OpenDistro for Elasticsearch Security Demo Configuration ########
\ No newline at end of file diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml b/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml index 8060a35b43..58ff107568 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml +++ b/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml @@ -73,12 +73,14 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} {{ end -}} readinessProbe: tcpSocket: port: {{ .Values.service.internalPort2 }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} + timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} env: volumeMounts: - mountPath: /etc/localtime diff --git a/kubernetes/clamp/charts/clamp-dash-es/values.yaml b/kubernetes/clamp/charts/clamp-dash-es/values.yaml index 2d67048844..ae7abd5ec4 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/values.yaml +++ b/kubernetes/clamp/charts/clamp-dash-es/values.yaml @@ -1,4 +1,4 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2020 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -32,7 +32,7 @@ busyboxImage: library/busybox:latest # application image repository: nexus3.onap.org:10001 -image: onap/clamp-dashboard-elasticsearch:4.1.1 +image: onap/clamp-dashboard-elasticsearch:5.0.2 pullPolicy: Always # flag to enable debugging - application support required @@ -51,15 +51,17 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 10 - periodSeconds: 10 + initialDelaySeconds: 180 + periodSeconds: 30 + timeoutSeconds: 5 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: - initialDelaySeconds: 10 - periodSeconds: 10 + initialDelaySeconds: 180 + periodSeconds: 30 + timeoutSeconds: 5 ## Persist data to a persitent volume persistence: @@ -83,6 +85,10 @@ persistence: mountSubPath: clamp/dashboard-elasticsearch/data mountSubPathLogs: clamp +security: + ssl: + enabled: true + service: type: ClusterIP name: cdash-es diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/resources/certs/org.onap.clamp.crt.pem b/kubernetes/clamp/charts/clamp-dash-kibana/resources/certs/org.onap.clamp.crt.pem deleted file mode 100644 index ce630d4354..0000000000 --- a/kubernetes/clamp/charts/clamp-dash-kibana/resources/certs/org.onap.clamp.crt.pem +++ /dev/null @@ -1,30 +0,0 @@ -Bag Attributes - friendlyName: clamp@clamp.onap.org - localKeyID: 54 69 6D 65 20 31 35 35 33 37 38 37 35 31 38 33 30 33 -subject=/CN=clamp/emailAddress=/OU=clamp@clamp.onap.org/OU=OSAAF/O=ONAP/C=US -issuer=/C=US/O=ONAP/OU=OSAAF/CN=intermediateCA_9 ------BEGIN CERTIFICATE----- -MIIEKDCCAxCgAwIBAgIIWY+5kgf/UG4wDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE -BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp -bnRlcm1lZGlhdGVDQV85MB4XDTE5MDMyMTE2MTY1OFoXDTIwMDMyMTE2MTY1OFow -bDEOMAwGA1UEAwwFY2xhbXAxDzANBgkqhkiG9w0BCQEWADEdMBsGA1UECwwUY2xh -bXBAY2xhbXAub25hcC5vcmcxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ -MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALic -uDccBjOAlOsL1Z1nKnDPRTNxBwIVfARRQDxK3C0zDHQ5qEmIQlF0Vjp+bJ2rgzMW -BnodC38zt1jSXymEsekZNV2sUyBbzJl6vxvA1xJKI9VHLyPSzyUEd1H4qh8b7IDX -3GDqUJgNfvzJ94DaNnnYWFVZq/IYdLjCFaXDxPUQZtlmpdkIWBzvMeNRe4bWajau -immkmSi5/2BYQfZXHXpiKiyBnN+1FbU3consmjNwS1L+PjD+k3JLsc5ANZYZMOTp -Szhu3xmDiB3UV4gPQWacQQZEo/5exywY3Ax3TowGwIA660eSkW1L5RPdyvzEgp7A -vu4+rbhfeR5bXjy2iAUCAwEAAaOB8jCB7zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQE -AwIF4DAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0w -S4AUgfeZWxC5yIze81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0w -CwYDVQQKDARPTkFQMQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQU+GZ6wmWDPrmq -Wd1/NtMYiCQ8Dg4wOwYDVR0RBDQwMoIFY2xhbXCCHWNsYW1wLmFwaS5zaW1wbGVk -ZW1vLm9uYXAub3JnggpjbGFtcC5vbmFwMA0GCSqGSIb3DQEBCwUAA4IBAQCFZdhB -U6xm6l0vj4q89onLx4opTPvwGNRc0n402lifkPYXseFtphZSHIf2Sg0mFTH4KHb4 -FdMyBzq1+f5WLU+xRC1nT4eGJ0FvRR6204/fGVrzJTS67phnRnxr2WZzLPW0wPJe -K8SzN6tkUgE7/a/s0T/htE/blDxWh75+tA2jQlgj1Ri0y9A1J8wx++REKjGlHjFN -53aiipsB+wC/oEMzYL4qEPiYPI0Lr3Lsay1F7f6cvDT4+EYzBLMFuwCvpcnHgSMS -4fFj2ROmUG2+CC23B88Q0WNxjLPq/CrmHZZBsqwruPJ0cSuCQxfshTQ6uZhcjtu8 -6TRYkIcL0x9r/AHP ------END CERTIFICATE----- diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/resources/certs/org.onap.clamp.key.pem b/kubernetes/clamp/charts/clamp-dash-kibana/resources/certs/org.onap.clamp.key.pem deleted file mode 100644 index fcf68bfa23..0000000000 --- a/kubernetes/clamp/charts/clamp-dash-kibana/resources/certs/org.onap.clamp.key.pem +++ /dev/null @@ -1,32 +0,0 @@ -Bag Attributes - friendlyName: clamp@clamp.onap.org - localKeyID: 54 69 6D 65 20 31 35 35 33 37 38 37 35 31 38 33 30 33 -Key Attributes: <No Attributes> ------BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC4nLg3HAYzgJTr -C9WdZypwz0UzcQcCFXwEUUA8StwtMwx0OahJiEJRdFY6fmydq4MzFgZ6HQt/M7dY -0l8phLHpGTVdrFMgW8yZer8bwNcSSiPVRy8j0s8lBHdR+KofG+yA19xg6lCYDX78 -yfeA2jZ52FhVWavyGHS4whWlw8T1EGbZZqXZCFgc7zHjUXuG1mo2ropppJkouf9g -WEH2Vx16YiosgZzftRW1N3KJ7JozcEtS/j4w/pNyS7HOQDWWGTDk6Us4bt8Zg4gd -1FeID0FmnEEGRKP+XscsGNwMd06MBsCAOutHkpFtS+UT3cr8xIKewL7uPq24X3ke -W148togFAgMBAAECggEATncV+R5pKFS7dteV2IvzxvTh1cZxkxoslu0t3zJ2OKPc -5D1pYK+QeGx5Be2cHru6TOlMoXRc4ZjKke8AUXY74/Y573GB91vtL0KznYkuIHDw -oALcb153eqVWTbniHMzSjcSxv2N4E9iQo8L39oVI6CrjCIvPgFuSqMCdUNJPkVTI -4nsarTfLK4fzi7IbWzi9JdE1QRNIxcCMcYJRnLZMdneMLBleR0UL82Xc2KOy5SEt -zyKYCQ8zS247FKolnOrDkhKxXI5fzdDpRK5AQSsAykUPWlYq7pzKjY/dU9rMRohx -YSltFjPZ3sQ3UKqqIqhZS+GoVuZoc925WyhViPsqtQKBgQDsL4LFfPWN8nnsusQp -VR3T7HvvwXuEVAydlaJMwZU0cRYN+L7RHHjDoXZZrNJDIDzNoWnBLKRGx3mtLmgJ -9Pa6SxN6Oc8oo6jzv2D59g1PVjNOMOYTCTb/2Xum4LMLaeeF57HkWxzeA3Ws47++ -gXwzQpbE90tp1Ys4uXD3JoivvwKBgQDIGZTwLGhLSegdAjG83WEgmdtzT1kjvx0Q -A8IR2jkgkTJHdKiuslJ8Z3/XufHEwWMWwfs1XLwxYluoo1y9eNvNeHZXjLqjL62c -I3034F9IvvTUqFcxam2WdoklXbAiSvLUo/9exPgOuVxok6Zv1imRgGb/vYV9vyG7 -86MRuQu5OwKBgQC9E3fcA6JMpY3H3uhEsngzfMDm+fyYvfRvfyezzNFWbyWZv8V6 -gBGJg0vMlFarGDa044BW/hbw9qXI5zqwpeOS1aFdGsRlo0cRAuduk/Spy7c85FZ7 -bMgT4BZmTMHo5DpNb2NxDSO59AkThCuvJde47ZjnS5WavzI6EfKGWNnZ3wKBgQCF -QiwjCp/mS/DtqLFxAsmVSYGROG231aXILYiIFRloa+ndFn7j4NP4D4FfLHErRFL2 -K/ddIUYfaU57b1fqwts26ht90LXWyYDH9AaHOMCcFLe+C+INgcA7rPNG1C7hl6JC -JHmEJo7AV4eICZSU9D44rRdrB08oYCpaHjYiLmb1UwKBgQCWCDJ4p2DrNL9hzj3K -kzvM5saXrfI4aVBXVt9rw9s1d/WG8JOpnmHcnLPb6Tj59rDktrLCLv0sVstMwNVJ -sOO+qsgn1VoZalcVhhjdONm5YvhJQgz0F7Y2xkr6g/AuMPz2YigGfm7fe/z7rc+L -q9Ua2HmUS8DDBy7W89MNZJNkDQ== ------END PRIVATE KEY----- diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml b/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml index 55df82b0f1..db81e3da00 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml +++ b/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml @@ -1,4 +1,4 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. +# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -10,126 +10,26 @@ # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and -# limitations under the License. -#xpack.graph.enabled: false -#Set to false to disable X-Pack graph features. -#xpack.ml.enabled: false -#Set to false to disable X-Pack machine learning features. -#xpack.monitoring.enabled: false -#Set to false to disable X-Pack monitoring features. -#xpack.reporting.enabled: false -#Set to false to disable X-Pack reporting features. -#xpack.security.enabled: false -#Set to false to disable X-Pack security features. -#xpack.watcher.enabled: false -#Set to false to disable Watcher. +# limitations under the License.# Default Kibana configuration from kibana-docker. + +server.name: "Clamp CL Dashboard" +server.host: "0" # Kibana is served by a back end server. This setting specifies the port to use. server.port: {{.Values.service.externalPort}} -# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values. -# The default is 'localhost', which usually means remote machines will not be able to connect. -# To allow connections from remote users, set this parameter to a non-loopback address. -server.host: "0.0.0.0" - -# Enables you to specify a path to mount Kibana at if you are running behind a proxy. This only affects -# the URLs generated by Kibana, your proxy is expected to remove the basePath value before forwarding requests -# to Kibana. This setting cannot end in a slash. -#server.basePath: "" - -# The maximum payload size in bytes for incoming server requests. -#server.maxPayloadBytes: 1048576 - -# The Kibana server's name. This is used for display purposes. -server.name: "Clamp Dashboard" - -# The URL of the Elasticsearch instance to use for all your queries. -elasticsearch.url: "http://{{.Values.config.elasticsearchServiceName}}.{{ include "common.namespace" . }}:{{.Values.config.elasticsearchPort}}" -# When this setting's value is true Kibana uses the hostname specified in the server.host -# setting. When the value of this setting is false, Kibana uses the hostname of the host -# that connects to this Kibana instance. -#elasticsearch.preserveHost: true - -# Kibana uses an index in Elasticsearch to store saved searches, visualizations and -# dashboards. Kibana creates a new index if the index doesn't already exist. -#kibana.index: ".kibana" - -# The default application to load. -#kibana.defaultAppId: "discover" - -# If your Elasticsearch is protected with basic authentication, these settings provide -# the username and password that the Kibana server uses to perform maintenance on the Kibana -# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which -# is proxied through the Kibana server. -#elasticsearch.username: "elastic" -#elasticsearch.password: "changeme" -# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively. -# These settings enable SSL for outgoing requests from the Kibana server to the browser. server.ssl.enabled: {{.Values.config.sslEnabled}} server.ssl.certificate: {{.Values.config.sslPemCertFilePath}} server.ssl.key: {{.Values.config.sslPemkeyFilePath}} -# Optional settings that provide the paths to the PEM-format SSL certificate and key files. -# These files validate that your Elasticsearch backend uses the same key files. -#elasticsearch.ssl.certificate: $elasticsearch_ssl_certificate -#elasticsearch.ssl.key: $elasticsearch_ssl_key - -# Optional setting that enables you to specify a path to the PEM file for the certificate -# authority for your Elasticsearch instance. -#elasticsearch.ssl.certificateAuthorities: $elasticsearch_ssl_certificateAuthorities - -# To disregard the validity of SSL certificates, change this setting's value to 'none'. -#elasticsearch.ssl.verificationMode: $elasticsearch_ssl_verificationMode - -# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of -# the elasticsearch.requestTimeout setting. -#elasticsearch.pingTimeout: 1500 - -# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value -# must be a positive integer. -#elasticsearch.requestTimeout: 30000 - -# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side -# headers, set this value to [] (an empty list). -#elasticsearch.requestHeadersWhitelist: [ authorization ] - -# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten -# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration. -#elasticsearch.customHeaders: {} - -# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable. -#elasticsearch.shardTimeout: 0 - -# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying. -#elasticsearch.startupTimeout: 5000 - -# Specifies the path where Kibana creates the process ID file. -#pid.file: /var/run/kibana.pid - -# Enables you specify a file where Kibana stores log output. -#logging.dest: stdout - -# Set the value of this setting to true to suppress all logging output. -#logging.silent: false - -# Set the value of this setting to true to suppress all logging output other than error messages. -#logging.quiet: false - -# Set the value of this setting to true to log all events, including system usage information -# and all requests. -#logging.verbose: false - -# Set the interval in milliseconds to sample system and process performance -# metrics. Minimum is 100ms. Defaults to 5000. -#ops.interval: 5000 - -# The default locale. This locale can be used in certain circumstances to substitute any missing -# translations. -#i18n.defaultLocale: "en" +# The URL of the Elasticsearch instance to use for all your queries. +elasticsearch.hosts: ${elasticsearch_base_url} -## Search Guard -# -#xpack.security.enabled: false +elasticsearch.ssl.verificationMode: none elasticsearch.username: {{.Values.config.elasticUSR}} elasticsearch.password: {{.Values.config.elasticPWD}} -searchguard.cookie.password: 123567818187654rwrwfsfshdhdhtegdhfzftdhncn +elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"] + +opendistro_security.multitenancy.enabled: true +opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"] +opendistro_security.readonly_mode.roles: ["kibana_read_only"]
\ No newline at end of file diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/deployment.yaml b/kubernetes/clamp/charts/clamp-dash-kibana/templates/deployment.yaml index 2b0adac392..26547b23a9 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/templates/deployment.yaml +++ b/kubernetes/clamp/charts/clamp-dash-kibana/templates/deployment.yaml @@ -68,6 +68,8 @@ spec: periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} env: + - name: elasticsearch_base_url + value: "{{ternary "https" "http" .Values.security.ssl.enabled}}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}" volumeMounts: - mountPath: /etc/localtime name: localtime @@ -75,8 +77,6 @@ spec: - mountPath: /usr/share/kibana/config/kibana.yml name: {{ include "common.fullname" . }} subPath: kibana.yml - - name: {{ include "common.fullname" . }}-aaf-pem-certs - mountPath: /usr/share/kibana/config/keystore/ resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -97,8 +97,5 @@ spec: items: - key: kibana.yml path: kibana.yml - - name: {{ include "common.fullname" . }}-aaf-pem-certs - secret: - secretName: {{ include "common.fullname" . }}-aaf-pem-keys imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml b/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml index 88587160e9..be0c40e1e1 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml +++ b/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml @@ -34,13 +34,14 @@ busyboxImage: library/busybox:latest # application image repository: nexus3.onap.org:10001 -image: onap/clamp-dashboard-kibana:4.1.3 +image: onap/clamp-dashboard-kibana:5.0.2 pullPolicy: Always # flag to enable debugging - application support required debugEnabled: false # application configuration +#the 'sslEnabled flag' here below is for the kibana UI connection (web browser connection to kibana) config: elasticsearchServiceName: cdash-es elasticsearchPort: 9200 @@ -60,14 +61,19 @@ affinity: {} # probe configuration parameters liveness: initialDelaySeconds: 360 - periodSeconds: 10 + periodSeconds: 30 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: - initialDelaySeconds: 10 - periodSeconds: 10 + initialDelaySeconds: 360 + periodSeconds: 30 + +#internal ssl security scheme for elasticsearch connection mainly +security: + ssl: + enabled: true service: #Example service definition with external, internal and node ports. diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/certs/aafca.pem b/kubernetes/clamp/charts/clamp-dash-logstash/resources/certs/aafca.pem deleted file mode 100644 index cf12ec4c61..0000000000 --- a/kubernetes/clamp/charts/clamp-dash-logstash/resources/certs/aafca.pem +++ /dev/null @@ -1,26 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEVDCCAjygAwIBAgIBAjANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB -RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwNjA1MDg1MTQxWhcN -MjMwNjA1MDg1MTQxWjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG -A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzEwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOXCdZIoWM0EnEEw3qPiVMhAgNolWCTaLt -eI2TjlTQdGDIcXdBZukHdNeOKYzOXRsLt6bLRtd5yARpn53EbzS/dgAyHuaz1HjE -5IPWSFRg9SulfHUmcS+GBt1+KiMJTlOsw6wSA73H/PjjXBbWs/uRJTnaNmV3so7W -DhNW6fHOrbom4p+3FucbB/QAM9b/3l/1LKnRgdXx9tekDnaKN5u3HVBmyOlRhaRp -tscLUCT3jijoGAPRcYZybgrpa0z3iCWquibTO/eLwuO/Dn7yHWau9ZZAHGPBSn9f -TiLKRYV55mNjr3zvs8diTPECFPW8w8sRIH3za1aKHgUC1gd87Yr3AgMBAAGjZjBk -MB0GA1UdDgQWBBQa1FdycErTZ6nr4dxiMbKH0P7vqjAfBgNVHSMEGDAWgBRTVTPy -S+vQUbHBeJrBKDF77+rtSTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQE -AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAlA/RTPy5i09fJ4ytSAmAdytMwEwRaU9F -dshG7LU9q95ODsuM79yJvV9+ISIJZRsBqf5PDv93bUCKKHIYGvR6kNd+n3yx/fce -txDkC/tMj1T9D8TuDKAclGEO9K5+1roOQQFxr4SE6XKb/wjn8OMrCoJ75S0F3htF -LKL85T77JeGeNgSk8JEsZvQvj32m0gv9rxi5jM/Zi5E2vxrBR9T1v3kVvlt6+PSF -BoHXROk5HQmdHxnH+VYQtDHSwj9Xe9aoJMyL0WjYKd//8NUO+VACDOtK4Nia6gy9 -m/n9kMASMw6f9iF4n6t4902RWrRKTYM1CVu5wyVklVbEdE9i6Db4CpL9E8HpBUAP -t44JiNzuFkDmSE/z5XuQIimDt6nzOaSF8pX2KHY2ICDLwpMNUvxzqXD9ECbdspiy -JC2RGq8uARGGl6kQQBKDNO8SrO7rSBPANd1+LgqrKbCrHYfvFgkZPgT5MlQi+E1G -LNT+i6fzZha9ed/L6yjl5Em71flJGFwRZl2pfErZRxp8pLPcznYyIpSjcwnqNCRC -orhlp8nheiODC3oO3AFHDiFgUqvm8hgpnT2cPk2lpU2VY1TcZ8sW5qUDCxINIPcW -u1SAsa87IJK3vEzPZfTCs/S6XThoqRfXj0c0Rahj7YFRi/PqIPY0ejwdtmZ9m9pZ -8Lb0GYmlo44= ------END CERTIFICATE----- diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/logstash.yml b/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/logstash.yml index 369b5820d5..cecd5b18c8 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/logstash.yml +++ b/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/logstash.yml @@ -1,4 +1,4 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. +# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,8 +22,3 @@ path.config: /usr/share/logstash/pipeline ## Setting true makes logstash check periodically for change in pipeline configurations config.reload.automatic: true -## xpack configurations -#xpack.monitoring.elasticsearch.url: ["http://10.247.186.12:9200", "http://10.247.186.13:9200"] -#xpack.monitoring.elasticsearch.username: elastic -#xpack.monitoring.elasticsearch.password: changeme -#xpack.monitoring.enabled: false diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf b/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf index 05d8085d43..4b05910c02 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf +++ b/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf @@ -218,6 +218,8 @@ output { if "error" in [tags] { elasticsearch { codec => "json" + cacert => "/clamp-cert/ca-certs.pem" + ssl_certificate_verification => false hosts => ["${elasticsearch_base_url}"] user => ["${logstash_user}"] password => ["${logstash_pwd}"] @@ -229,6 +231,8 @@ output { elasticsearch { codec => "json" hosts => ["${elasticsearch_base_url}"] + cacert => "/clamp-cert/ca-certs.pem" + ssl_certificate_verification => false user => ["${logstash_user}"] password => ["${logstash_pwd}"] document_id => "%{requestID}" @@ -241,6 +245,8 @@ output { elasticsearch { codec => "json" hosts => ["${elasticsearch_base_url}"] + cacert => "/clamp-cert/ca-certs.pem" + ssl_certificate_verification => false user => ["${logstash_user}"] password => ["${logstash_pwd}"] index => "events-%{+YYYY.MM.DD}" # creates daily indexes diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/templates/configmap.yaml b/kubernetes/clamp/charts/clamp-dash-logstash/templates/configmap.yaml index 01ee76b7c1..4278a6e6d3 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/templates/configmap.yaml +++ b/kubernetes/clamp/charts/clamp-dash-logstash/templates/configmap.yaml @@ -25,13 +25,3 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} - ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-aaf-keys - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml b/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml index 697ebb66b6..7c5c047930 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml +++ b/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml @@ -62,13 +62,13 @@ spec: - name: request_topic value: "{{ .Values.config.requestTopic }}" - name: dmaap_base_url - value: {{ .Values.config.dmaapScheme }}://{{ .Values.config.dmaapHost }}.{{ include "common.namespace" . }}:{{ .Values.config.dmaapPort }} + value: {{ ternary "https" "http" .Values.security.ssl.enabled }}://{{ .Values.config.dmaapHost }}.{{ include "common.namespace" . }}:{{ .Values.config.dmaapPort }} - name: logstash_user value: "{{ .Values.config.logstash_user }}" - name: logstash_pwd value: "{{ .Values.config.logstash_pwd }}" - name: elasticsearch_base_url - value: "http://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}" + value: "{{ ternary "https" "http" .Values.security.ssl.enabled }}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}" ports: - containerPort: {{ .Values.service.internalPort }} name: {{ include "common.servicename" . }} @@ -77,6 +77,7 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} + timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} @@ -85,6 +86,7 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} {{ end -}} volumeMounts: - mountPath: /etc/localtime @@ -96,8 +98,6 @@ spec: - mountPath: /usr/share/logstash/pipeline/logstash.conf name: {{ include "common.fullname" . }} subPath: pipeline.conf - - name: {{ include "common.fullname" . }}-aaf-certs - mountPath: /certs.d/ resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -120,9 +120,5 @@ spec: path: logstash.yml - key: pipeline.conf path: pipeline.conf - - name: {{ include "common.fullname" . }}-aaf-certs - secret: - secretName: {{ include "common.fullname" . }}-aaf-keys - imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml b/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml index 20bf974157..9a0321a478 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml +++ b/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml @@ -30,7 +30,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-dashboard-logstash:4.1.3 +image: onap/clamp-dashboard-logstash:5.0.2 pullPolicy: Always # flag to enable debugging - application support required @@ -41,7 +41,8 @@ config: elasticsearchServiceName: cdash-es elasticsearchPort: 9200 dmaapHost: message-router - dmaapScheme: https + dmaapSchemeSSL: https + dmaapSchemeNoSSL: http dmaapPort: 3905 dmaapConsumerGroup: "clampdashboard" dmaapConsumerId: "clampdashboard" @@ -60,15 +61,21 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 120 - periodSeconds: 10 + initialDelaySeconds: 900 + periodSeconds: 20 + timeoutSeconds: 5 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: - initialDelaySeconds: 10 - periodSeconds: 10 + initialDelaySeconds: 900 + periodSeconds: 20 + timeoutSeconds: 5 + +security: + ssl: + enabled: true service: #Example service definition with external, internal and node ports. diff --git a/kubernetes/common/cassandra/values.yaml b/kubernetes/common/cassandra/values.yaml index dfa0a3e250..090dbcc2a2 100644 --- a/kubernetes/common/cassandra/values.yaml +++ b/kubernetes/common/cassandra/values.yaml @@ -27,7 +27,7 @@ global: # global defaults # application image repository: nexus3.onap.org:10001 -image: library/cassandra:2.2.14 +image: library/cassandra:3.11.4 pullPolicy: Always # flag to enable debugging - application support required @@ -90,6 +90,7 @@ service: port: 7199 - name: tcp-cql port: 9042 + ## thrift protocol is deprecated . Should be removed. Being left until all project removes it. - name: tcp-thrift port: 9160 - name: tcp-agent diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl index 075f7965b9..55f73c1635 100644 --- a/kubernetes/common/common/templates/_service.tpl +++ b/kubernetes/common/common/templates/_service.tpl @@ -56,15 +56,18 @@ labels: {{- include "common.labels" $dot | nindent 2 -}} - .dot : environment (.) - .ports : an array of ports - .portType: the type of the service + - .prefix: NodePort prefix to be used + */}} {{- define "common.servicePorts" -}} {{- $portType := .portType -}} {{- $dot := .dot -}} {{- range $index, $port := .ports }} +{{- $portPrefix := default "nodePortPrefix" $port.prefix }} - port: {{ $port.port }} targetPort: {{ $port.name }} {{- if (eq $portType "NodePort") }} - nodePort: {{ $dot.Values.global.nodePortPrefix | default $dot.Values.nodePortPrefix }}{{ $port.nodePort }} + nodePort: {{ index $dot.Values "global" $portPrefix | default (index $dot.Values $portPrefix) }}{{ $port.nodePort }} {{- end }} name: {{ $port.name }} {{- end -}} diff --git a/kubernetes/common/dgbuilder/resources/scripts/customSettings.js b/kubernetes/common/dgbuilder/resources/config/customSettings.js index 66b7b5ed15..42c2e5728b 100644 --- a/kubernetes/common/dgbuilder/resources/scripts/customSettings.js +++ b/kubernetes/common/dgbuilder/resources/config/customSettings.js @@ -26,31 +26,31 @@ module.exports={ "sharedDir": "releases/sdnc1.0/flows/shared", "userDir": "releases/sdnc1.0", "httpAuth": { - "user": "dguser", - "pass": "{{.Values.config.dgUserPassword}}" + "user": "${HTTP_USER}", + "pass": "${HTTP_PASSWORD}" }, "dbHost": "{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}", "dbPort": "3306", - "dbName": "sdnctl", - "dbUser": "sdnctl", - "dbPassword": "{{.Values.config.dbSdnctlPassword}}", + "dbName": "{{.Values.config.db.dbName}}", + "dbUser": "${DB_USER}", + "dbPassword": "${DB_PASSWORD}", "gitLocalRepository": "", "restConfUrl": "http://localhost:8181/restconf/operations/SLI-API:execute-graph", - "restConfUser": "admin", - "restConfPassword": "admin", + "restConfUser": "${REST_CONF_USER}", + "restConfPassword": "${REST_CONF_PASSWORD}", "formatXML": "Y", "formatJSON": "Y", "httpRoot": "/", "disableEditor": false, "httpAdminRoot": "/", "httpAdminAuth": { - "user": "dguser", - "pass": "{{.Values.config.dgUserPassword}}" + "user": "${HTTP_ADMIN_USER}", + "pass": "${HTTP_ADMIN_PASSWORD}" }, "httpNodeRoot": "/", "httpNodeAuth": { - "user": "dguser", - "pass": "{{.Values.config.dgUserPassword}}" + "user": "${HTTP_NODE_USER}", + "pass": "${HTTP_NODE_PASSWORD}" }, "uiHost": "0.0.0.0", "version": "0.9.1", diff --git a/kubernetes/common/dgbuilder/resources/config/svclogic.properties b/kubernetes/common/dgbuilder/resources/config/svclogic.properties index b780cafbcd..28612a270b 100644 --- a/kubernetes/common/dgbuilder/resources/config/svclogic.properties +++ b/kubernetes/common/dgbuilder/resources/config/svclogic.properties @@ -13,7 +13,7 @@ # limitations under the License. org.onap.ccsdk.sli.dbtype=jdbc -org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/sdnctl -org.onap.ccsdk.sli.jdbc.database=sdnctl -org.onap.ccsdk.sli.jdbc.user=sdnctl -org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}} +org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/{{.Values.config.db.dbName}} +org.onap.ccsdk.sli.jdbc.database={{.Values.config.db.dbName}} +org.onap.ccsdk.sli.jdbc.user=${DB_USER} +org.onap.ccsdk.sli.jdbc.password=${DB_PASSWORD} diff --git a/kubernetes/common/dgbuilder/resources/scripts/createReleaseDir.sh b/kubernetes/common/dgbuilder/resources/scripts/createReleaseDir.sh deleted file mode 100755 index b037058c2b..0000000000 --- a/kubernetes/common/dgbuilder/resources/scripts/createReleaseDir.sh +++ /dev/null @@ -1,149 +0,0 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#!/bin/bash -export PATH=$PATH:. -appDir=$(pwd) -if [ "$#" != 3 -a "$#" != 4 ] -then - echo "Usage $0 releaseDir loginId emailAddress [gitLocalRepository]" - echo "Note: Specify the gitLocalRepository path if you would want to be able to import flows from your local git repository" - exit -fi -if [ ! -e "releases" ] -then - mkdir releases -fi -releaseDir="$1" -name="Release $releaseDir" -loginId="$2" -emailid="$3" -dbHost="{{.Values.config.dbServiceName}}.{{.Release.Namespace}}" -dbPort="3306" -dbName="sdnctl" -dbUser="sdnctl" -dbPassword="{{.Values.config.dbSdnctlPassword}}" -gitLocalRepository="$4" - -lastPort=$(find "releases/" -name "customSettings.js" |xargs grep uiPort|cut -d: -f2|sed -e s/,//|sort|tail -1) -echo $lastPort|grep uiPort >/dev/null 2>&1 -if [ "$?" == "0" ] -then -lastPort=$(find "releases/" -name "customSettings.js" |xargs grep uiPort|cut -d: -f3|sed -e s/,//|sort|tail -1) -fi -#echo $lastPort -if [ "${lastPort}" == "" ] -then - lastPort="3099" -fi -let nextPort=$(expr $lastPort+1) -#echo $nextPort -if [ ! -e "releases/$releaseDir" ] -then -mkdir releases/$releaseDir -cd releases/$releaseDir -mkdir flows -mkdir flows/shared -mkdir flows/shared/backups -mkdir html -mkdir xml -mkdir lib -mkdir lib/flows -mkdir logs -mkdir conf -mkdir codecloud -customSettingsFile="customSettings.js" -if [ ! -e "./$customSettingsFile" ] -then - echo "module.exports = {" >$customSettingsFile - echo " 'name' : '$name'," >>$customSettingsFile - echo " 'emailAddress' :'$emailid'," >>$customSettingsFile - echo " 'uiPort' :$nextPort," >>$customSettingsFile - echo " 'mqttReconnectTime': 15000," >>$customSettingsFile - echo " 'serialReconnectTime' : 15000," >>$customSettingsFile - echo " 'debugMaxLength': 1000," >>$customSettingsFile - echo " 'htmlPath': 'releases/$releaseDir/html/'," >>$customSettingsFile - echo " 'xmlPath': 'releases/$releaseDir/xml/'," >>$customSettingsFile - echo " 'flowFile' : 'releases/$releaseDir/flows/flows.json'," >>$customSettingsFile - echo " 'sharedDir': 'releases/$releaseDir/flows/shared'," >>$customSettingsFile - echo " 'userDir' : 'releases/$releaseDir'," >>$customSettingsFile - echo " 'httpAuth': {user:'$loginId',pass:'cc03e747a6afbbcbf8be7668acfebee5'}," >>$customSettingsFile - echo " 'dbHost': '$dbHost'," >>$customSettingsFile - echo " 'dbPort': '$dbPort'," >>$customSettingsFile - echo " 'dbName': '$dbName'," >>$customSettingsFile - echo " 'dbUser': '$dbUser'," >>$customSettingsFile - echo " 'dbPassword': '$dbPassword'," >>$customSettingsFile - echo " 'gitLocalRepository': '$gitLocalRepository'" >>$customSettingsFile - echo " 'restConfUrl': '$restConfUrl'," >>$customSettingsFile - echo " 'restConfUser': '$restConfUser'," >>$customSettingsFile - echo " 'restConfPassword': '$restConfPassword'," >>$customSettingsFile - echo " 'formatXML': '$formatXML'," >>$customSettingsFile - echo " 'formatJSON': '$formatJSON'," >>$customSettingsFile - echo " 'enableHttps': true" >>$customSettingsFile - echo " }" >>$customSettingsFile -fi - #echo "Created custom settings file $customSettingsFile" - echo "Done ....." -else - echo "ERROR:customSettings file $customSettingsFile already exists for $releaseDir" - exit -fi -#echo "Content of custom settings file" -#echo "============================================================================" -# cat $customSettingsFile -#echo "============================================================================" -svclogicPropFile="./conf/svclogic.properties" -if [ ! -d "${appDir}/yangFiles" ] -then - mkdir -p "${appDir}/yangFiles" -fi -if [ ! -d "${appDir}/generatedJS" ] -then - mkdir -p "${appDir}/generatedJS" -fi - -if [ ! -e "./$svclogicPropFile" ] -then - echo "org.onap.ccsdk.sli.dbtype=jdbc" >$svclogicPropFile - echo "org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{.Release.Namespace}}:3306/sdnctl" >>$svclogicPropFile - echo "org.onap.ccsdk.sli.jdbc.database=sdnctl" >>$svclogicPropFile - echo "org.onap.ccsdk.sli.jdbc.user=sdnctl" >>$svclogicPropFile - echo "org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}}" >>$svclogicPropFile -fi -if [ ! -e "${appDir}/flowShareUsers.js" ] -then - echo "module.exports = {\"flowShareUsers\":" >${appDir}/flowShareUsers.js - echo " [" >>${appDir}/flowShareUsers.js - echo " ]" >>${appDir}/flowShareUsers.js - echo "}" >>${appDir}/flowShareUsers.js -fi -grep "$releaseDir" ${appDir}/flowShareUsers.js >/dev/null 2>&1 -if [ "$?" != "0" ] -then - num_of_lines=$(cat ${appDir}/flowShareUsers.js|wc -l) - if [ $num_of_lines -gt 4 ] - then - content=$(head -n -2 ${appDir}/flowShareUsers.js) - echo "${content}," > ${appDir}/flowShareUsers.js - else - content=$(head -n -2 ${appDir}/flowShareUsers.js) - echo "$content" > ${appDir}/flowShareUsers.js - fi - echo " {" >> ${appDir}/flowShareUsers.js - echo " \"name\" : \"$name\"," >> ${appDir}/flowShareUsers.js - echo " \"rootDir\" : \"$releaseDir\"" >> ${appDir}/flowShareUsers.js - echo " }" >> ${appDir}/flowShareUsers.js - echo " ]" >> ${appDir}/flowShareUsers.js - echo "}" >> ${appDir}/flowShareUsers.js -fi diff --git a/kubernetes/common/dgbuilder/templates/configmap.yaml b/kubernetes/common/dgbuilder/templates/configmap.yaml index 24f61b5487..828818c68d 100644 --- a/kubernetes/common/dgbuilder/templates/configmap.yaml +++ b/kubernetes/common/dgbuilder/templates/configmap.yaml @@ -24,16 +24,3 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-scripts - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/scripts/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml index 495c4c6ab6..b3f0ab05a3 100644 --- a/kubernetes/common/dgbuilder/templates/deployment.yaml +++ b/kubernetes/common/dgbuilder/templates/deployment.yaml @@ -32,6 +32,40 @@ spec: spec: initContainers: - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: DB_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} + - name: HTTP_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "http-user-creds" "key" "login") | indent 10 }} + - name: HTTP_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "http-user-creds" "key" "password") | indent 10 }} + - name: HTTP_ADMIN_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "admin-creds" "key" "login") | indent 10 }} + - name: HTTP_ADMIN_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "admin-creds" "key" "password") | indent 10 }} + - name: HTTP_NODE_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "node-creds" "key" "login") | indent 10 }} + - name: HTTP_NODE_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "node-creds" "key" "password") | indent 10 }} + - name: REST_CONF_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }} + - name: REST_CONF_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: config-input + - mountPath: /config + name: config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + - command: - /root/ready.py args: - --container-name @@ -59,11 +93,6 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-root-password - name: SDNC_CONFIG_DIR value: /opt/onap/sdnc/data/properties volumeMounts: @@ -79,10 +108,7 @@ spec: - name: config mountPath: /opt/onap/ccsdk/dgbuilder/svclogic/svclogic.properties subPath: svclogic.properties - - name: scripts - mountPath: /opt/onap/ccsdk/dgbuilder/createReleaseDir.sh - subPath: createReleaseDir.sh - - name: scripts + - name: config mountPath: /opt/onap/ccsdk/dgbuilder/releases/sdnc1.0/customSettings.js subPath: customSettings.js resources: @@ -99,12 +125,11 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: config + - name: config-input configMap: name: {{ include "common.fullname" . }}-config - - name: scripts - configMap: - name: {{ include "common.fullname" . }}-scripts - defaultMode: 0755 + - name: config + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/common/dgbuilder/templates/secrets.yaml b/kubernetes/common/dgbuilder/templates/secrets.yaml index e00d7cfc03..c9a409fdca 100644 --- a/kubernetes/common/dgbuilder/templates/secrets.yaml +++ b/kubernetes/common/dgbuilder/templates/secrets.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 AT&T, Amdocs, Bell Canada +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,16 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - db-root-password: {{ .Values.config.dbRootPassword | b64enc | quote }}
\ No newline at end of file +{{ include "common.secret" . }} diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml index fa205e227e..96d7dffb0a 100644 --- a/kubernetes/common/dgbuilder/values.yaml +++ b/kubernetes/common/dgbuilder/values.yaml @@ -31,6 +31,9 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + # envsusbt + envsubstImage: dibi/envsubst + # image pull policy pullPolicy: Always @@ -43,6 +46,40 @@ global: debugEnabled: true ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: 'db-root-password' + type: password + externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}' + password: '{{ .Values.config.dbRootPassword }}' + - uid: 'db-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.userName }}' + password: '{{ .Values.config.dbSdnctlPassword }}' + - uid: 'http-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.httpCredsExternalSecret) . }}' + login: '{{ .Values.config.httpUser }}' + password: '{{ .Values.config.dgUserPassword }}' + - uid: 'admin-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.adminCredsExternalSecret) . }}' + login: '{{ .Values.config.adminUser }}' + password: '{{ .Values.config.dgUserPassword }}' + - uid: 'node-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.nodeCredsExternalSecret) . }}' + login: '{{ .Values.config.nodeUser }}' + password: '{{ .Values.config.dgUserPassword }}' + - uid: 'restconf-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.restconfCredsExternalSecret) . }}' + login: '{{ .Values.config.restconfUser }}' + password: '{{ .Values.config.restconfPassword }}' + +################################################################# # Application configuration defaults. ################################################################# # application image @@ -55,6 +92,32 @@ debugEnabled: false # application configuration config: + db: + dbName: sdnctl + # unused for now to preserve the API + rootPassword: openECOMP1.0 + # rootPasswordExternalSecret: some secret + userName: sdnctl + # unused for now to preserve the API + userPassword: gamma + # userCredentialsExternalSecret: some secret + httpUser: dguser + # unused for now to preserve the API + httpPassword: cc03e747a6afbbcbf8be7668acfebee5 + # httpCredsExternalSecret: some secret + adminUser: dguser + # unused for now to preserve the API + adminPassword: cc03e747a6afbbcbf8be7668acfebee5 + # adminCredsExternalSecret: some secret + nodeUser: dguser + # unused for now to preserve the API + nodePassword: cc03e747a6afbbcbf8be7668acfebee5 + # nodeCredsExternalSecret: some secret + restconfUser: admin + # unused for now to preserve the API + restconfPassword: admin + # restconfCredsExternalSecret: some secret + dbRootPassword: openECOMP1.0 dbSdnctlPassword: gamma dbPodName: mysql-db diff --git a/kubernetes/common/network-name-gen/requirements.yaml b/kubernetes/common/network-name-gen/requirements.yaml index 9ef8db89a4..eda693f832 100644 --- a/kubernetes/common/network-name-gen/requirements.yaml +++ b/kubernetes/common/network-name-gen/requirements.yaml @@ -18,4 +18,9 @@ dependencies: repository: '@local'
- name: mariadb-galera
version: ~5.x-0
- repository: file://../mariadb-galera/
+ repository: '@local'
+ condition: global.mariadbGalera.localCluster
+ - name: mariadb-init
+ version: ~5.x-0
+ repository: '@local'
+ condition: not global.mariadbGalera.localCluster
diff --git a/kubernetes/common/network-name-gen/templates/deployment.yaml b/kubernetes/common/network-name-gen/templates/deployment.yaml index 2f9cd6a158..a6d18e7a59 100644 --- a/kubernetes/common/network-name-gen/templates/deployment.yaml +++ b/kubernetes/common/network-name-gen/templates/deployment.yaml @@ -31,11 +31,19 @@ spec: release: {{ include "common.release" . }} spec: initContainers: +{{- if .Values.global.mariadbGalera.localCluster }} - command: - /root/ready.py args: - --container-name - {{ index .Values "mariadb-galera" "nameOverride" }} +{{- else }} + - command: + - /root/job_complete.py + args: + - --job-name + - {{ include "common.release" . }}-{{ index .Values "mariadb-init" "nameOverride" }}-config-job +{{- end }} env: - name: NAMESPACE valueFrom: @@ -53,11 +61,11 @@ spec: - name: SPRING_PROFILE value: "{{ .Values.config.springProfile }}" - name: NENG_DB_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10}} + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "neng-db-secret" "key" "login") | indent 10}} - name: NENG_DB_PASS - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10}} + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "neng-db-secret" "key" "password") | indent 10}} - name: NENG_DB_URL - value: {{ .Values.config.dbUrl }} + value: jdbc:mysql://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "config" "mysqlDatabase" }} - name: POL_CLIENT_AUTH value: "{{ .Values.config.polClientAuth }}" - name: POL_BASIC_AUTH diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml index d5897013c4..0defa97c26 100644 --- a/kubernetes/common/network-name-gen/values.yaml +++ b/kubernetes/common/network-name-gen/values.yaml @@ -32,24 +32,29 @@ global: # image pull policy pullPolicy: IfNotPresent + mariadbGalera: &mariadbGalera + #This flag allows SO to instantiate its own mariadb-galera cluster + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera + ################################################################# # Secrets metaconfig ################################################################# secrets: - - uid: "db-user-creds" - externalSecret: '{{- include "common.mariadb.secret.userCredentialsSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}' + - uid: neng-db-secret + name: '{{ include "common.release" . }}-neng-db-secret' type: basicAuth - - uid: "db-root-pass" - externalSecret: '{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}' - type: password + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.userName }}' + password: '{{ .Values.config.db.userPassword }}' # sub-chart config mariadb-galera: - config: - userName: nenguser - userPassword: nenguser123 - mariadbRootPassword: nenguser123 - mysqlDatabase: nengdb + config: &mariadbConfig + userCredentialsExternalSecret: '{{ include "common.release" . }}-neng-db-secret' + mysqlDatabase: nengdb nameOverride: nengdb service: name: nengdb @@ -59,6 +64,9 @@ mariadb-galera: enabled: true mountSubPath: network-name-gen/data +mariadb-init: + config: *mariadbConfig + nameOverride: nengdb-init ################################################################# # Application configuration defaults. @@ -70,7 +78,10 @@ pullPolicy: IfNotPresent # application configuration config: - dbUrl: jdbc:mysql://nengdb:3306/nengdb + db: + userName: nenguser + # userPassword: password + # userCredentialsExternalSecret: some-secret springProfile: live polClientAuth: cHl0aG9uOnRlc3Q= polBasicAuth: dGVzdHBkcDphbHBoYTEyMw== diff --git a/kubernetes/common/postgres-legacy/.helmignore b/kubernetes/common/postgres-legacy/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/common/postgres-legacy/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/configs/pgpool.conf b/kubernetes/common/postgres-legacy/charts/pgpool/configs/pgpool.conf deleted file mode 100644 index f335174f40..0000000000 --- a/kubernetes/common/postgres-legacy/charts/pgpool/configs/pgpool.conf +++ /dev/null @@ -1,677 +0,0 @@ -# ---------------------------- -# pgPool-II configuration file a custom version -# ---------------------------- -# -# This file consists of lines of the form: -# -# name = value -# -# Whitespace may be used. Comments are introduced with "#" anywhere on a line. -# The complete list of parameter names and allowed values can be found in the -# pgPool-II documentation. -# -# This file is read on server startup and when the server receives a SIGHUP -# signal. If you edit the file on a running system, you have to SIGHUP the -# server for the changes to take effect, or use "pgpool reload". Some -# parameters, which are marked below, require a server shutdown and restart to -# take effect. -# - - -#------------------------------------------------------------------------------ -# CONNECTIONS -#------------------------------------------------------------------------------ - -# - pgpool Connection Settings - - -listen_addresses = '*' - # Host name or IP address to listen on: - # '*' for all, '' for no TCP/IP connections - # (change requires restart) -#port = 9999 -port = 5432 - # Port number - # (change requires restart) -socket_dir = '/tmp' - # Unix domain socket path - # The Debian package defaults to - # /var/run/postgresql - # (change requires restart) - - -# - pgpool Communication Manager Connection Settings - - -pcp_port = 9898 - # Port number for pcp - # (change requires restart) -pcp_socket_dir = '/tmp' - # Unix domain socket path for pcp - # The Debian package defaults to - # /var/run/postgresql - # (change requires restart) - -# - Backend Connection Settings - - -backend_hostname0 = '{{.Values.container.name.primary}}' -backend_port0 = 5432 -backend_weight0= 1 -backend_flag0= 'DISALLOW_TO_FAILOVER' - -backend_hostname1 = '{{.Values.container.name.replica}}' -backend_port1 = 5432 -backend_weight1= 1 -backend_flag1= 'DISALLOW_TO_FAILOVER' - -#backend_hostname0 = 'master' - # Host name or IP address to connect to for backend 0 -#backend_port0 = 5432 - # Port number for backend 0 -#backend_weight0 = 1 - # Weight for backend 0 (only in load balancing mode) -#backend_data_directory0 = '/data' - # Data directory for backend 0 -#backend_flag0 = 'ALLOW_TO_FAILOVER' - # Controls various backend behavior - # ALLOW_TO_FAILOVER or DISALLOW_TO_FAILOVER -#backend_hostname1 = 'standby' -#backend_port1 = 5432 -#backend_weight1 = 1 -#backend_data_directory1 = '/data1' -#backend_flag1 = 'ALLOW_TO_FAILOVER' - -# - Authentication - - -enable_pool_hba = on - # Use pool_hba.conf for client authentication -pool_passwd = 'pool_passwd' - # File name of pool_passwd for md5 authentication. - # "" disables pool_passwd. - # (change requires restart) -authentication_timeout = 60 - # Delay in seconds to complete client authentication - # 0 means no timeout. - -# - SSL Connections - - -ssl = off - # Enable SSL support - # (change requires restart) -#ssl_key = './server.key' - # Path to the SSL private key file - # (change requires restart) -#ssl_cert = './server.cert' - # Path to the SSL public certificate file - # (change requires restart) -#ssl_ca_cert = '' - # Path to a single PEM format file - # containing CA root certificate(s) - # (change requires restart) -#ssl_ca_cert_dir = '' - # Directory containing CA root certificate(s) - # (change requires restart) - - -#------------------------------------------------------------------------------ -# POOLS -#------------------------------------------------------------------------------ - -# - Pool size - - -num_init_children = 5 - # Number of pools - # (change requires restart) -max_pool = 1 - # Number of connections per pool - # (change requires restart) - -# - Life time - - -child_life_time = 300 - # Pool exits after being idle for this many seconds -child_max_connections = 0 - # Pool exits after receiving that many connections - # 0 means no exit -connection_life_time = 0 - # Connection to backend closes after being idle for this many seconds - # 0 means no close -client_idle_limit = 0 - # Client is disconnected after being idle for that many seconds - # (even inside an explicit transactions!) - # 0 means no disconnection - - -#------------------------------------------------------------------------------ -# LOGS -#------------------------------------------------------------------------------ - -# - Where to log - - -log_destination = 'stderr' - # Where to log - # Valid values are combinations of stderr, - # and syslog. Default to stderr. - -# - What to log - - -print_timestamp = on - # Print timestamp on each line - # (change requires restart) - -log_connections = on - # Log connections -log_hostname = on - # Hostname will be shown in ps status - # and in logs if connections are logged -log_statement = on - # Log all statements -log_per_node_statement = off - # Log all statements - # with node and backend informations -log_standby_delay = 'if_over_threshold' - # Log standby delay - # Valid values are combinations of always, - # if_over_threshold, none - -# - Syslog specific - - -syslog_facility = 'LOCAL0' - # Syslog local facility. Default to LOCAL0 -syslog_ident = 'pgpool' - # Syslog program identification string - # Default to 'pgpool' - -# - Debug - - -debug_level = 1 - # Debug message verbosity level - # 0 means no message, 1 or more mean verbose - - -#------------------------------------------------------------------------------ -# FILE LOCATIONS -#------------------------------------------------------------------------------ - -pid_file_name = '/tmp/pgpool.pid' - # PID file name - # (change requires restart) -logdir = '/tmp' - # Directory of pgPool status file - # (change requires restart) - - -#------------------------------------------------------------------------------ -# CONNECTION POOLING -#------------------------------------------------------------------------------ - -connection_cache = off - # Activate connection pools - # (change requires restart) - - # Semicolon separated list of queries - # to be issued at the end of a session - # The default is for 8.3 and later -reset_query_list = 'ABORT; DISCARD ALL' - # The following one is for 8.2 and before -#reset_query_list = 'ABORT; RESET ALL; SET SESSION AUTHORIZATION DEFAULT' - - -#------------------------------------------------------------------------------ -# REPLICATION MODE -#------------------------------------------------------------------------------ - -replication_mode = off - # Activate replication mode - # (change requires restart) -replicate_select = off - # Replicate SELECT statements - # when in replication or parallel mode - # replicate_select is higher priority than - # load_balance_mode. - -insert_lock = off - # Automatically locks a dummy row or a table - # with INSERT statements to keep SERIAL data - # consistency - # Without SERIAL, no lock will be issued -lobj_lock_table = '' - # When rewriting lo_creat command in - # replication mode, specify table name to - # lock - -# - Degenerate handling - - -replication_stop_on_mismatch = off - # On disagreement with the packet kind - # sent from backend, degenerate the node - # which is most likely "minority" - # If off, just force to exit this session - -failover_if_affected_tuples_mismatch = off - # On disagreement with the number of affected - # tuples in UPDATE/DELETE queries, then - # degenerate the node which is most likely - # "minority". - # If off, just abort the transaction to - # keep the consistency - - -#------------------------------------------------------------------------------ -# LOAD BALANCING MODE -#------------------------------------------------------------------------------ - -load_balance_mode = on - # Activate load balancing mode - # (change requires restart) -ignore_leading_white_space = on - # Ignore leading white spaces of each query -white_function_list = '' - # Comma separated list of function names - # that don't write to database - # Regexp are accepted -black_function_list = 'currval,lastval,nextval,setval' - # Comma separated list of function names - # that write to database - # Regexp are accepted - - -#------------------------------------------------------------------------------ -# MASTER/SLAVE MODE -#------------------------------------------------------------------------------ - -master_slave_mode = on - # Activate master/slave mode - # (change requires restart) -master_slave_sub_mode = 'stream' - # Master/slave sub mode - # Valid values are combinations slony or - # stream. Default is slony. - # (change requires restart) - -# - Streaming - - -sr_check_period = 10 - # Streaming replication check period - # Disabled (0) by default -sr_check_user = '{{.Values.credentials.pgusername}}' - # Streaming replication check user - # This is neccessary even if you disable streaming - # replication delay check by sr_check_period = 0 -sr_check_password = '{{.Values.credentials.pgpassword}}' - # Password for streaming replication check user -delay_threshold = 10000000 - # Threshold before not dispatching query to standby node - # Unit is in bytes - # Disabled (0) by default - -# - Special commands - - -follow_master_command = '' - # Executes this command after master failover - # Special values: - # %d = node id - # %h = host name - # %p = port number - # %D = database cluster path - # %m = new master node id - # %H = hostname of the new master node - # %M = old master node id - # %P = old primary node id - # %r = new master port number - # %R = new master database cluster path - # %% = '%' character - - -#------------------------------------------------------------------------------ -# PARALLEL MODE -#------------------------------------------------------------------------------ - -parallel_mode = off - # Activates parallel query mode - # (change requires restart) -pgpool2_hostname = '' - # Set pgpool2 hostname - # (change requires restart) - -# - System DB info - - -#system_db_hostname = 'localhost' - # (change requires restart) -#system_db_port = 5432 - # (change requires restart) -#system_db_dbname = 'pgpool' - # (change requires restart) -#system_db_schema = 'pgpool_catalog' - # (change requires restart) -#system_db_user = 'pgpool' - # (change requires restart) -#system_db_password = '' - # (change requires restart) - - -#------------------------------------------------------------------------------ -# HEALTH CHECK -#------------------------------------------------------------------------------ - -health_check_period = 20 - # Health check period - # Disabled (0) by default -health_check_timeout = 10 - # Health check timeout - # 0 means no timeout -health_check_user = '{{.Values.credentials.pgusername}}' - # Health check user -health_check_password = '{{.Values.credentials.pgpassword}}' - # Password for health check user -health_check_max_retries = 3 -connect_timeout = 10000 # Timeout value in milliseconds before giving up to connect to backend. - - # Maximum number of times to retry a failed health check before giving up. -health_check_retry_delay = 1 - # Amount of time to wait (in seconds) between retries. - - -#------------------------------------------------------------------------------ -# FAILOVER AND FAILBACK -#------------------------------------------------------------------------------ - -failover_command = '' - # Executes this command at failover - # Special values: - # %d = node id - # %h = host name - # %p = port number - # %D = database cluster path - # %m = new master node id - # %H = hostname of the new master node - # %M = old master node id - # %P = old primary node id - # %r = new master port number - # %R = new master database cluster path - # %% = '%' character -failback_command = '' - # Executes this command at failback. - # Special values: - # %d = node id - # %h = host name - # %p = port number - # %D = database cluster path - # %m = new master node id - # %H = hostname of the new master node - # %M = old master node id - # %P = old primary node id - # %r = new master port number - # %R = new master database cluster path - # %% = '%' character - -fail_over_on_backend_error = off - # Initiates failover when reading/writing to the - # backend communication socket fails - # If set to off, pgpool will report an - # error and disconnect the session. - -search_primary_node_timeout = 10 - # Timeout in seconds to search for the - # primary node when a failover occurs. - # 0 means no timeout, keep searching - # for a primary node forever. - -#------------------------------------------------------------------------------ -# ONLINE RECOVERY -#------------------------------------------------------------------------------ - -recovery_user = '{{.Values.credentials.pgusername}}' - # Online recovery user -recovery_password = '{{.Values.credentials.pgpassword}}' - # Online recovery password -recovery_1st_stage_command = '' - # Executes a command in first stage -recovery_2nd_stage_command = '' - # Executes a command in second stage -recovery_timeout = 90 - # Timeout in seconds to wait for the - # recovering node's postmaster to start up - # 0 means no wait -client_idle_limit_in_recovery = 0 - # Client is disconnected after being idle - # for that many seconds in the second stage - # of online recovery - # 0 means no disconnection - # -1 means immediate disconnection - - -#------------------------------------------------------------------------------ -# WATCHDOG -#------------------------------------------------------------------------------ - -# - Enabling - - -use_watchdog = off - # Activates watchdog - # (change requires restart) - -# -Connection to up stream servers - - -trusted_servers = '' - # trusted server list which are used - # to confirm network connection - # (hostA,hostB,hostC,...) - # (change requires restart) -ping_path = '/bin' - # ping command path - # (change requires restart) - -# - Watchdog communication Settings - - -wd_hostname = '' - # Host name or IP address of this watchdog - # (change requires restart) -wd_port = 9000 - # port number for watchdog service - # (change requires restart) -wd_authkey = '' - # Authentication key for watchdog communication - # (change requires restart) - -# - Virtual IP control Setting - - -delegate_IP = '' - # delegate IP address - # If this is empty, virtual IP never bring up. - # (change requires restart) -ifconfig_path = '/sbin' - # ifconfig command path - # (change requires restart) -if_up_cmd = 'ifconfig eth0:0 inet $_IP_$ netmask 255.255.255.0' - # startup delegate IP command - # (change requires restart) -if_down_cmd = 'ifconfig eth0:0 down' - # shutdown delegate IP command - # (change requires restart) - -arping_path = '/usr/sbin' # arping command path - # (change requires restart) - -arping_cmd = 'arping -U $_IP_$ -w 1' - # arping command - # (change requires restart) - -# - Behaivor on escalation Setting - - -clear_memqcache_on_escalation = on - # Clear all the query cache on shared memory - # when standby pgpool escalate to active pgpool - # (= virtual IP holder). - # This should be off if client connects to pgpool - # not using virtual IP. - # (change requires restart) -wd_escalation_command = '' - # Executes this command at escalation on new active pgpool. - # (change requires restart) - -# - Lifecheck Setting - - -# -- common -- - -wd_lifecheck_method = 'heartbeat' - # Method of watchdog lifecheck ('heartbeat' or 'query') - # (change requires restart) -wd_interval = 10 - # lifecheck interval (sec) > 0 - # (change requires restart) - -# -- heartbeat mode -- - -wd_heartbeat_port = 9694 - # Port number for receiving heartbeat signal - # (change requires restart) -wd_heartbeat_keepalive = 2 - # Interval time of sending heartbeat signal (sec) - # (change requires restart) -wd_heartbeat_deadtime = 30 - # Deadtime interval for heartbeat signal (sec) - # (change requires restart) -heartbeat_destination0 = 'host0_ip1' - # Host name or IP address of destination 0 - # for sending heartbeat signal. - # (change requires restart) -heartbeat_destination_port0 = 9694 - # Port number of destination 0 for sending - # heartbeat signal. Usually this is the - # same as wd_heartbeat_port. - # (change requires restart) -heartbeat_device0 = '' - # Name of NIC device (such like 'eth0') - # used for sending/receiving heartbeat - # signal to/from destination 0. - # This works only when this is not empty - # and pgpool has root privilege. - # (change requires restart) - -#heartbeat_destination1 = 'host0_ip2' -#heartbeat_destination_port1 = 9694 -#heartbeat_device1 = '' - -# -- query mode -- - -wd_life_point = 3 - # lifecheck retry times - # (change requires restart) -wd_lifecheck_query = 'SELECT 1' - # lifecheck query to pgpool from watchdog - # (change requires restart) -wd_lifecheck_dbname = 'template1' - # Database name connected for lifecheck - # (change requires restart) -wd_lifecheck_user = 'nobody' - # watchdog user monitoring pgpools in lifecheck - # (change requires restart) -wd_lifecheck_password = '' - # Password for watchdog user in lifecheck - # (change requires restart) - -# - Other pgpool Connection Settings - - -#other_pgpool_hostname0 = 'host0' - # Host name or IP address to connect to for other pgpool 0 - # (change requires restart) -#other_pgpool_port0 = 5432 - # Port number for othet pgpool 0 - # (change requires restart) -#other_wd_port0 = 9000 - # Port number for othet watchdog 0 - # (change requires restart) -#other_pgpool_hostname1 = 'host1' -#other_pgpool_port1 = 5432 -#other_wd_port1 = 9000 - - -#------------------------------------------------------------------------------ -# OTHERS -#------------------------------------------------------------------------------ -relcache_expire = 0 - # Life time of relation cache in seconds. - # 0 means no cache expiration(the default). - # The relation cache is used for cache the - # query result against PostgreSQL system - # catalog to obtain various information - # including table structures or if it's a - # temporary table or not. The cache is - # maintained in a pgpool child local memory - # and being kept as long as it survives. - # If someone modify the table by using - # ALTER TABLE or some such, the relcache is - # not consistent anymore. - # For this purpose, cache_expiration - # controls the life time of the cache. -relcache_size = 256 - # Number of relation cache - # entry. If you see frequently: - # "pool_search_relcache: cache replacement happend" - # in the pgpool log, you might want to increate this number. - -check_temp_table = on - # If on, enable temporary table check in SELECT statements. - # This initiates queries against system catalog of primary/master - # thus increases load of master. - # If you are absolutely sure that your system never uses temporary tables - # and you want to save access to primary/master, you could turn this off. - # Default is on. - - -#------------------------------------------------------------------------------ -# ON MEMORY QUERY MEMORY CACHE -#------------------------------------------------------------------------------ -memory_cache_enabled = off - # If on, use the memory cache functionality, off by default -memqcache_method = 'shmem' - # Cache storage method. either 'shmem'(shared memory) or - # 'memcached'. 'shmem' by default - # (change requires restart) -memqcache_memcached_host = 'localhost' - # Memcached host name or IP address. Mandatory if - # memqcache_method = 'memcached'. - # Defaults to localhost. - # (change requires restart) -memqcache_memcached_port = 11211 - # Memcached port number. Mondatory if memqcache_method = 'memcached'. - # Defaults to 11211. - # (change requires restart) -memqcache_total_size = 67108864 - # Total memory size in bytes for storing memory cache. - # Mandatory if memqcache_method = 'shmem'. - # Defaults to 64MB. - # (change requires restart) -memqcache_max_num_cache = 1000000 - # Total number of cache entries. Mandatory - # if memqcache_method = 'shmem'. - # Each cache entry consumes 48 bytes on shared memory. - # Defaults to 1,000,000(45.8MB). - # (change requires restart) -memqcache_expire = 0 - # Memory cache entry life time specified in seconds. - # 0 means infinite life time. 0 by default. - # (change requires restart) -memqcache_auto_cache_invalidation = on - # If on, invalidation of query cache is triggered by corresponding - # DDL/DML/DCL(and memqcache_expire). If off, it is only triggered - # by memqcache_expire. on by default. - # (change requires restart) -memqcache_maxcache = 409600 - # Maximum SELECT result size in bytes. - # Must be smaller than memqcache_cache_block_size. Defaults to 400KB. - # (change requires restart) -memqcache_cache_block_size = 1048576 - # Cache block size in bytes. Mandatory if memqcache_method = 'shmem'. - # Defaults to 1MB. - # (change requires restart) -memqcache_oiddir = '/var/log/pgpool/oiddir' - # Temporary work directory to record table oids - # (change requires restart) -white_memqcache_table_list = '' - # Comma separated list of table names to memcache - # that don't write to database - # Regexp are accepted -black_memqcache_table_list = '' - # Comma separated list of table names not to memcache - # that don't write to database - # Regexp are accepted diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/configs/pool_hba.conf b/kubernetes/common/postgres-legacy/charts/pgpool/configs/pool_hba.conf deleted file mode 100644 index d8918409e8..0000000000 --- a/kubernetes/common/postgres-legacy/charts/pgpool/configs/pool_hba.conf +++ /dev/null @@ -1,67 +0,0 @@ -# pgpool Client Authentication Configuration File a custom version -# =============================================== -# -# The format rule in this file follows the rules in the PostgreSQL -# Administrator's Guide. Refer to chapter "Client Authentication" for a -# complete description. A short synopsis follows. -# -# This file controls: which hosts are allowed to connect, how clients -# are authenticated, which user names they can use, which databases they -# can access. Records take one of these forms: -# -# local DATABASE USER METHOD [OPTION] -# host DATABASE USER CIDR-ADDRESS METHOD [OPTION] -# -# (The uppercase items must be replaced by actual values.) -# -# The first field is the connection type: "local" is a Unix-domain -# socket, "host" is either a plain or SSL-encrypted TCP/IP socket. -# -# DATABASE can be "all", "sameuser", a database name, or a comma-separated -# list thereof. Note that "samegroup" like in PostgreSQL's pg_hba.conf -# file is not supported, since pgpool does not know which group a user -# belongs to. Also note that the database specified here may not exist in -# the backend PostgreSQL. pgpool will authenticate based on the database's -# name, not based on whether it exists or not. -# -# USER can be "all", a user name, or a comma-separated list thereof. In -# both the DATABASE and USER fields you can also write a file name prefixed -# with "@" to include names from a separate file. Note that a group name -# prefixed with "+" like in PostgreSQL's pg_hba.conf file is not supported -# because of the same reason as "samegroup" token. Also note that a user -# name specified here may not exist in the backend PostgreSQL. pgpool will -# authenticate based on the user's name, not based on whether he/she exists. -# -# CIDR-ADDRESS specifies the set of hosts the record matches. -# It is made up of an IP address and a CIDR mask that is an integer -# (between 0 and 32 (IPv4) that specifies the number of significant bits in -# the mask. Alternatively, you can write an IP address and netmask in -# separate columns to specify the set of hosts. -# -# METHOD can be "trust", "reject", "md5" or "pam". Note that "pam" sends passwords -# in clear text. -# -# OPTION is the name of the PAM service. Default service name is "pgpool" -# -# Database and user names containing spaces, commas, quotes and other special -# characters must be quoted. Quoting one of the keywords "all" or "sameuser" -# makes the name lose its special character, and just match a database or -# username with that name. -# -# This file is read on pgpool startup. If you edit the file on a running -# system, you have to restart the pgpool for the changes to take effect. - -# Put your actual configuration here -# ---------------------------------- -# -# If you want to allow non-local connections, you need to add more -# "host" records. In that case you will also need to make pgpool listen -# on a non-local interface via the listen_addresses configuration parameter. -# - -# TYPE DATABASE USER CIDR-ADDRESS METHOD - -# "local" is for Unix domain socket connections only -#local all all trust -# IPv4 local connections: -host all all 0.0.0.0/0 md5 diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/configs/pool_passwd b/kubernetes/common/postgres-legacy/charts/pgpool/configs/pool_passwd deleted file mode 100644 index 3636d1de74..0000000000 --- a/kubernetes/common/postgres-legacy/charts/pgpool/configs/pool_passwd +++ /dev/null @@ -1,2 +0,0 @@ -testuser:md599e8713364988502fa6189781bcf648f -postgres:md53175bce1d3201d16594cebf9d7eb3f9d diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/templates/deployment.yaml b/kubernetes/common/postgres-legacy/charts/pgpool/templates/deployment.yaml deleted file mode 100644 index 7572d7f444..0000000000 --- a/kubernetes/common/postgres-legacy/charts/pgpool/templates/deployment.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. -*/}} -kind: Deployment -apiVersion: extensions/v1beta1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: 2 - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - containers: - - image: "{{.Values.repository}}/{{.Values.image}}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }} - env: - - name: PG_PRIMARY_SERVICE_NAME - value: {{.Values.container.name.primary}} - - name: PG_REPLICA_SERVICE_NAME - value: {{.Values.container.name.replica}} - - name: PG_USERNAME - value: {{.Values.credentials.pgusername}} - - name: PG_PASSWORD - value: {{.Values.credentials.pgpassword}} - ports: - - containerPort: 5432 - name: pgpool - protocol: TCP - readinessProbe: - tcpSocket: - port: 5432 - initialDelaySeconds: 20 - periodSeconds: 10 - livenessProbe: - tcpSocket: - port: 5432 - initialDelaySeconds: 15 - periodSeconds: 20 - volumeMounts: - - name: pgpool-pgconf - mountPath: /pgconf/pgpoolconfigdir - readOnly: false - volumes: - - name: pgpool-pgconf - configMap: - name: {{ include "common.fullname" . }}-pgpool-configmap diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/templates/service.yaml b/kubernetes/common/postgres-legacy/charts/pgpool/templates/service.yaml deleted file mode 100644 index 8c066e5b7a..0000000000 --- a/kubernetes/common/postgres-legacy/charts/pgpool/templates/service.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.name }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.name }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/values.yaml b/kubernetes/common/postgres-legacy/charts/pgpool/values.yaml deleted file mode 100644 index cb732b7cd7..0000000000 --- a/kubernetes/common/postgres-legacy/charts/pgpool/values.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - persistence: {} - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: crunchydata -image: crunchy-pgpool:centos7-10.4-2.0.0 -pullPolicy: Always - -container: - port: 5432 - name: - primary: pgset-primary - replica: pgset-replica -credentials: - pgusername: testuser - pgpassword: password -service: - name: pgpool - type: ClusterIP - externalPort: 5432 - internalPort: 5432 diff --git a/kubernetes/common/postgres-legacy/templates/pv.yaml b/kubernetes/common/postgres-legacy/templates/pv.yaml deleted file mode 100644 index 2ac5d979d5..0000000000 --- a/kubernetes/common/postgres-legacy/templates/pv.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. -*/}} -{{- $global := . }} -{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} -{{- if eq "True" (include "common.needPV" .) -}} -{{- range $i := until (int $global.Values.replicaCount)}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" $global }}-data-{{ $i }} - namespace: {{ include "common.namespace" $global }} - labels: - app: {{ include "common.fullname" $global }} - chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" $global }}" - heritage: "{{ $global.Release.Service }}" - name: {{ include "common.fullname" $global }} -spec: - capacity: - storage: {{ $global.Values.persistence.size}} - accessModes: - - {{ $global.Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" $global }}-data" - hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} -{{if ne $i (int $global.Values.replicaCount) }} ---- -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/kubernetes/common/postgres-legacy/templates/secrets.yaml b/kubernetes/common/postgres-legacy/templates/secrets.yaml deleted file mode 100644 index db1bc5bb15..0000000000 --- a/kubernetes/common/postgres-legacy/templates/secrets.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. -*/}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - pg-primary-password: {{ .Values.config.pgPrimaryPassword | b64enc | quote }} - pg-user-password: {{ .Values.config.pgUserPassword | b64enc | quote }} - pg-root-password: {{ .Values.config.pgRootPassword | b64enc | quote }} - diff --git a/kubernetes/common/postgres-legacy/templates/service.yaml b/kubernetes/common/postgres-legacy/templates/service.yaml deleted file mode 100644 index 30d824bbd7..0000000000 --- a/kubernetes/common/postgres-legacy/templates/service.yaml +++ /dev/null @@ -1,95 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. -*/}} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.name }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.name }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name2 }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type2 }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.name2 }} - {{- else -}} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.name2 }} - {{- end}} - selector: - name: "{{.Values.container.name.primary}}" - release: {{ include "common.release" . }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name3 }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type3 }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort3 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }} - name: {{ .Values.service.name3 }} - {{- else -}} - - port: {{ .Values.service.externalPort3 }} - targetPort: {{ .Values.service.internalPort3 }} - name: {{ .Values.service.name3 }} - {{- end}} - selector: - name: "{{.Values.container.name.replica}}" - release: {{ include "common.release" . }} diff --git a/kubernetes/common/postgres-legacy/templates/statefulset.yaml b/kubernetes/common/postgres-legacy/templates/statefulset.yaml deleted file mode 100644 index 5333a0d310..0000000000 --- a/kubernetes/common/postgres-legacy/templates/statefulset.yaml +++ /dev/null @@ -1,143 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. -*/}} -apiVersion: apps/v1beta1 -kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - serviceName: {{ .Values.service.name }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - command: - - /bin/sh - - -c - - | - chown -R 26:26 /podroot/; - chmod 700 /podroot/; - image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.busyboxImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-prepare - volumeMounts: - - name: {{ include "common.fullname" . }}-data - mountPath: /podroot/ - containers: - - name: {{ include "common.name" . }} - image: "{{ .Values.postgresRepository }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - name: postgres - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - {{end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: PGHOST - value: /tmp - - name: PG_PRIMARY_USER - value: primaryuser - - name: PG_MODE - value: set - - name: PG_PRIMARY_HOST - value: "{{.Values.container.name.primary}}" - - name: PG_REPLICA_HOST - value: "{{.Values.container.name.replica}}" - - name: PG_PRIMARY_PORT - value: "{{.Values.service.internalPort}}" - - name: PG_PRIMARY_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: pg-primary-password - - name: PG_USER - value: "{{.Values.config.pgUserName}}" - - name: PG_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: pg-user-password - - name: PG_DATABASE - value: "{{.Values.config.pgDatabase}}" - - name: PG_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: pg-root-password - volumeMounts: - - mountPath: /pgdata - name: {{ include "common.fullname" . }}-data - - mountPath: /backup - name: {{ include "common.fullname" . }}-backup - readOnly: true - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: {{ include "common.fullname" . }}-backup - emptyDir: {} -{{- if not .Values.persistence.enabled }} - - name: {{ include "common.fullname" . }}-data - emptyDir: {} -{{- else }} - volumeClaimTemplates: - - metadata: - name: {{ include "common.fullname" . }}-data - labels: - name: {{ include "common.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} -{{- end }} diff --git a/kubernetes/common/postgres-legacy/values.yaml b/kubernetes/common/postgres-legacy/values.yaml deleted file mode 100644 index 8dd5d0aaac..0000000000 --- a/kubernetes/common/postgres-legacy/values.yaml +++ /dev/null @@ -1,139 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - persistence: {} - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - -################################################################# -# Application configuration defaults. -################################################################# - -# BusyBox image -busyboxRepository: registry.hub.docker.com -busyboxImage: library/busybox:latest - -postgresRepository: crunchydata -image: crunchy-postgres:centos7-10.4-2.0.0 -pullPolicy: Always - -# application configuration -config: - pgUserName: testuser - pgDatabase: userdb - pgPrimaryPassword: password - pgUserPassword: password - pgRootPassword: password - -container: - name: - primary: pgset-primary - replica: pgset-replica - -pgpool: - container: - port: 5432 - name: - primary: pgset-primary - replica: pgset-replica - credentials: - pgusername: testuser - pgpassword: password - service: - name: pgpool - - -# default number of instances -replicaCount: 2 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 300 - periodSeconds: 10 - timeoutSeconds: 5 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -## Persist data to a persitent volume -persistence: - enabled: true - - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - volumeReclaimPolicy: Retain - - ## database data Persistent Volume Storage Class - ## If defined, storageClassName: <storageClass> - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - accessMode: ReadWriteOnce - size: 1Gi - mountPath: /dockerdata-nfs - mountSubPath: postgres/data - mountInitPath: postgres - -service: - type: ClusterIP - name: pgset - externalPort: 5432 - internalPort: 5432 - type2: ClusterIP - name2: pgset-primary - externalPort2: 5432 - internalPort2: 5432 - type3: ClusterIP - name3: pgset-replica - externalPort3: 5432 - internalPort3: 5432 - -ingress: - enabled: false - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi - diff --git a/kubernetes/common/postgres/templates/pvc-primary.yaml b/kubernetes/common/postgres/templates/pvc-primary.yaml index fa25f19077..a47d3ed56e 100644 --- a/kubernetes/common/postgres/templates/pvc-primary.yaml +++ b/kubernetes/common/postgres/templates/pvc-primary.yaml @@ -41,5 +41,4 @@ spec: {{- else }} storageClassName: {{ include "common.storageClass" . }} {{- end }} - storageClassName: "{{ include "common.fullname" . }}-primary" {{- end -}} diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml index c2131e9ad0..7aff189ba9 100644 --- a/kubernetes/common/postgres/values.yaml +++ b/kubernetes/common/postgres/values.yaml @@ -48,7 +48,7 @@ busyboxRepository: registry.hub.docker.com busyboxImage: library/busybox:latest postgresRepository: crunchydata -image: crunchy-postgres:centos7-10.4-2.0.0 +image: crunchy-postgres:centos7-10.11-4.2.1 pullPolicy: Always # application configuration diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/README.md b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/README.md new file mode 100644 index 0000000000..dced68d7c6 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/README.md @@ -0,0 +1,23 @@ +# Motivations +Ingress controller implementation in the ONAP cluster is based on the virtual host routing. +Testing ONAP cluster requires a lot of entries on the target machines in the /etc/hosts. +Adding many entries into the configuration files on testing machines is quite problematic and error prone. +The better wait is to create central DNS server with entries for all virtual host pointed to simpledemo.onap.org and add custom DNS server as a target DNS server for testing machines and/or as external DNS for kubernetes cluster. + +# How to deploy test DNS server: +Run script ./deploy\_dns.sh + +# How to add DNS address on testing machines: +See post deploy info + +# Test DNS inside cluster (optional) +1. You can add the following entry after DNS deploy on running cluster at the end of cluster.yaml file (rke) +~~~yaml +dns: + provider: coredns + upstreamnameservers: + - <cluster_ip>:31555 +~~~ +2. You can edit coredns configuration with command: + kubectl -n kube-system edit configmap coredns + diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/.helmignore b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/.helmignore new file mode 100644 index 0000000000..dacad44a66 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/.helmignore @@ -0,0 +1,37 @@ +# +# Copyright 2020 Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/Chart.yaml b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/Chart.yaml new file mode 100644 index 0000000000..a618fd792c --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/Chart.yaml @@ -0,0 +1,20 @@ +# +# Copyright 2020 Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: v1 +appVersion: "1.0" +description: bind9 DNS server for kubernetes cluster +name: bind9dns +version: 0.1.0 diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/NOTES.txt b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/NOTES.txt new file mode 100644 index 0000000000..7211966b89 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/NOTES.txt @@ -0,0 +1,21 @@ +1. Get the installed DNS host and port by running this commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range $.Values.ingress.paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}{{ . }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "bind9dns.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo DNS host: $NODE_IP dns port: $NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "bind9dns.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "bind9dns.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "bind9dns.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/_helpers.tpl b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/_helpers.tpl new file mode 100644 index 0000000000..3efbbbf831 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/_helpers.tpl @@ -0,0 +1,49 @@ +{{/* + + Copyright 2020 Samsung Electronics Co., Ltd. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "bind9dns.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "bind9dns.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "bind9dns.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/deployment.yaml b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/deployment.yaml new file mode 100644 index 0000000000..1a76ba0a96 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/deployment.yaml @@ -0,0 +1,76 @@ +{{/* + Copyright 2020 Samsung Electronics Co., Ltd. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "bind9dns.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "bind9dns.name" . }} + helm.sh/chart: {{ include "bind9dns.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "bind9dns.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "bind9dns.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: DNS_FORWARDER + value: {{ .Values.dnsconf.forwarder }} + - name: WILDCARD_DNS + value: {{ .Values.dnsconf.wildcard }} + - name: ALLOW_RECURSION + value: any + - name: ALLOW_QUERY + value: any + ports: + - name: dnsport + containerPort: {{ .Values.service.port }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/service.yaml b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/service.yaml new file mode 100644 index 0000000000..715f2ff78e --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/service.yaml @@ -0,0 +1,39 @@ +{{/* + Copyright 2020 Samsung Electronics Co., Ltd. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "bind9dns.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "bind9dns.name" . }} + helm.sh/chart: {{ include "bind9dns.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + nodePort: {{ .Values.service.nodePort }} + protocol: TCP + name: dnstcp + - port: {{ .Values.service.port }} + nodePort: {{ .Values.service.nodePort }} + protocol: UDP + name: dnsudp + selector: + app.kubernetes.io/name: {{ include "bind9dns.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/tests/test-connection.yaml b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/tests/test-connection.yaml new file mode 100644 index 0000000000..4fe5d05b02 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/tests/test-connection.yaml @@ -0,0 +1,34 @@ +{{/* + Copyright 2020 Samsung Electronics Co., Ltd. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "bind9dns.fullname" . }}-test-connection" + labels: + app.kubernetes.io/name: {{ include "bind9dns.name" . }} + helm.sh/chart: {{ include "bind9dns.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "bind9dns.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/values.yaml b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/values.yaml new file mode 100644 index 0000000000..c9e19f41d0 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/values.yaml @@ -0,0 +1,46 @@ +# +# Copyright 2020 Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +replicaCount: 1 + +image: + repository: luccksam/docker-bind + tag: 0.1.0 + pullPolicy: IfNotPresent + +nameOverride: "" +fullnameOverride: "" + +service: + type: NodePort + port: 53 + nodePort: 31555 + +ingress: + enabled: false + annotations: {} + paths: [] + hosts: + - dnsserver.local + tls: [] + +resources: {} +nodeSelector: {} +tolerations: [] +affinity: {} + +dnsconf: + forwarder: "8.8.8.8,8.8.4.4" + wildcard: "simpledemo.onap.org=0.0.0.0" diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh new file mode 100755 index 0000000000..a78bc077d8 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh @@ -0,0 +1,62 @@ +#!/bin/bash -e +# +# Copyright 2020 Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +DNS_PORT=31555 +CLUSTER_CONTROL=$( kubectl get no -l node-role.kubernetes.io/controlplane=true -o jsonpath='{.items..metadata.name}') +CLUSTER_IP=$(kubectl get no $CLUSTER_CONTROL -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }') +SPATH="$( dirname "$( which "$0" )" )" + + + +usage() { +cat << ==usage +$0 [cluster_domain] [helm_chart_args ...] + [cluster_domain] Default value simpledemo.onap.org + [helm_chart_args...] Optional arguments passed to helm install command +==usage +} + + +target_machine_notice_info() { +cat << ==infodeploy +Extra DNS server already deployed: +1. You can add the DNS server to the target machine using following commands: + sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT + sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT + sudo sysctl -w net.ipv4.conf.all.route_localnet=1 + sudo sysctl -w net.ipv4.ip_forward=1 +2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine +==infodeploy +} + +deploy() { + pushd "$SPATH/bind9dns" > /dev/null + if [ $# -eq 0 ]; then + local cl_domain="simpledemo.onap.org" + else + local cl_domain=$1 + shift + fi + helm install . --set dnsconf.wildcard="$cl_domain=$CLUSTER_IP" $@ + popd > /dev/null + target_machine_notice_info +} + +if [[ $# -eq 1 ]] && [[ $1 == "-h" || $1 == "--help" ]]; then + usage +else + deploy $@ +fi diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml index 6b90aa3144..09436356ea 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml @@ -20,7 +20,7 @@ dependencies: - name: common version: ~5.x-0 repository: '@local' - - name: postgres-legacy + - name: postgres version: ~5.x-0 repository: '@local' alias: postgres diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml index 3e79830cc1..4c4f567956 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml @@ -17,7 +17,7 @@ dependencies: - name: common version: ~5.x-0 repository: '@local' - - name: postgres-legacy + - name: postgres version: ~5.x-0 repository: '@local' alias: postgres diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml index ba247e151c..8756d57516 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml +++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml @@ -211,7 +211,7 @@ </logger> - <root level="INFO"> + <root level="{{.Values.config.dmaapDrNode.logLevel}}"> <appender-ref ref="asyncAudit" /> <appender-ref ref="asyncMetrics" /> <appender-ref ref="asyncDebug" /> diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml index 00e0d2d339..871a4228a2 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml @@ -120,3 +120,6 @@ config: portName2: dr-node-port2 nodePort: 93 nodePort2: 94 + # dr uses the EELF Logging framework https://github.com/att/EELF + # and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF + logLevel: "INFO" diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml index f67b1cf380..dba613c33c 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml @@ -397,7 +397,7 @@ - <root level="INFO"> + <root level="{{.Values.config.dmaapDrProv.logLevel}}"> <appender-ref ref="asyncEELF" /> <appender-ref ref="asyncEELFError" /> <appender-ref ref="asyncEELFjettylog" /> diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml index 8e3364f879..4dcd7c3319 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml @@ -79,6 +79,10 @@ config: portName2: dr-prov-port2 nodePort: 59 nodePort2: 69 + # dr uses the EELF Logging framework https://github.com/att/EELF + # and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF + logLevel: "INFO" + # dr-prov db configuration dmaapDrDb: mariadbServiceName: dmaap-dr-db-svc diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml index 30e4c77576..aa97e32a9a 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml @@ -75,6 +75,7 @@ spec: - -exec - | chown -R 1000:1000 /opt/kafka/data; + rm -rf '/opt/kafka/data/lost+found'; cp /opt/kafka/tmpconfig/server.properties /opt/kafka/config/; chown 1000:1000 /opt/kafka/config/server.properties; cd /opt/kafka/config; diff --git a/kubernetes/esr/charts/esr-server/values.yaml b/kubernetes/esr/charts/esr-server/values.yaml index 98203fc12f..5316210f38 100644 --- a/kubernetes/esr/charts/esr-server/values.yaml +++ b/kubernetes/esr/charts/esr-server/values.yaml @@ -27,7 +27,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/aai/esr-server:1.4.0 +image: onap/aai/esr-server:1.5.1 pullPolicy: Always msbaddr: msb-iag.{{ include "common.namespace" . }}:80 diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml index a2e03b8bf6..fb31b8b65e 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml @@ -79,8 +79,6 @@ spec: value: {{ (index .Values "mariadb-galera" "service" "name") }}:{{ (index .Values "mariadb-galera" "service" "internalPort") }} - name: MYSQL_ROOT_PASSWORD {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12}} - - name: REDIS_ADDR - value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}" volumeMounts: - name: {{ include "common.fullname" . }}-etsicatalog mountPath: /service/modeling/etsicatalog/static diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml index bb5a76b0ee..353f2a7c70 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml @@ -24,9 +24,7 @@ global: config: msbServiceName: msb-iag - msbPort: 80 - redisServiceName: vfc-redis - redisPort: 6379 + msbPort: 443 persistence: mountPath: /dockerdata-nfs diff --git a/kubernetes/onap/resources/overrides/openstack.yaml b/kubernetes/onap/resources/overrides/openstack.yaml index a8294d249f..5e09d7cfe9 100644 --- a/kubernetes/onap/resources/overrides/openstack.yaml +++ b/kubernetes/onap/resources/overrides/openstack.yaml @@ -55,8 +55,12 @@ so: openStackUserName: "OPENSTACK_USERNAME_HERE" openStackKeyStoneUrl: "http://10.12.25.2:5000/v2.0" openStackEncryptedPasswordHere: "XXXXXXXXXXXXXXXXXXXXXXXX_OPENSTACK_ENCRYPTED_PASSWORD_HERE_XXXXXXXXXXXXXXXX" + # For Support of Keystone v3, uncomment and fill + # openStackKeystoneVersion: "KEYSTONE_V3" + # openStackProjectDomainName: "DEFAULT" + # openStackUserDomainName: "DEFAULT" nbi: config: # openstack configuration openStackRegion: "Yolo" - openStackVNFTenantId: "1234"
\ No newline at end of file + openStackVNFTenantId: "1234" diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml index d7a0ea5ca3..f623496537 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml @@ -35,7 +35,7 @@ spec: - /root/ready.py args: - --container-name - - {{ .Values.mariadb.nameOverride }} + - {{ .Values.config.db.container }} env: - name: NAMESPACE valueFrom: @@ -50,18 +50,15 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: DB_HOST - value: {{ .Values.config.db_host }}.{{.Release.Namespace}} + value: {{ .Values.config.db.host }}.{{.Release.Namespace}} - name: DB_PORT - value: {{ .Values.config.db_port | quote}} + value: {{ .Values.config.db.port | quote}} - name: DB_USERNAME - value: {{ .Values.config.db_root }} + value: {{ .Values.config.db.root }} - name: DB_SCHEMA - value: {{ .Values.config.mysqlDatabase }} + value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-cmso-db-db-root-password - key: password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} terminationMessagePolicy: File volumeMounts: - name: {{ include "common.fullname" . }}-config @@ -74,18 +71,15 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: DB_HOST - value: {{ .Values.config.db_host }}.{{.Release.Namespace}} + value: {{ .Values.config.db.host }}.{{.Release.Namespace}} - name: DB_PORT - value: {{ .Values.config.db_port | quote}} + value: {{ .Values.config.db.port | quote}} - name: DB_USERNAME - value: {{ .Values.config.db_root }} + value: {{ .Values.config.db.root }} - name: DB_SCHEMA - value: {{ .Values.config.mysqlDatabase }} + value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-cmso-db-db-root-password - key: password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} - name: JAVA_TRUSTSTORE value: /share/etc/certs/{{ .Values.global.truststoreFile }} - name: SSL_KEYSTORE diff --git a/kubernetes/common/postgres-legacy/requirements.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml index 5b097f3ab7..dee311c336 100644 --- a/kubernetes/common/postgres-legacy/requirements.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml @@ -1,4 +1,4 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,7 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -dependencies: - - name: common - version: ~5.x-0 - repository: '@local' +{{ include "common.secret" . }} diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml index af56717fdc..a9a89ddd72 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml @@ -35,6 +35,23 @@ dbinit: # flag to enable debugging - application support required debugEnabled: false + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: cmso-db-root-password + type: password + password: '{{ .Values.config.db.rootPassword }}' + externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}' + policy: required + - uid: cmso-db-user-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.user }}' + password: '{{ .Values.config.db.password }}' + passwordPolicy: required + ################################################################# # Application configuration defaults. ################################################################# @@ -70,19 +87,22 @@ service: config: - db_root: root - db_user: cmso-admin - mysqlDatabase: optimizer - db_host: oof-cmso-dbhost - db_port: 3306 + db: + port: 3306 + root: root +# rootPassword: pass +# rootPasswordExternalSecret: some secret +# user: cmso-admin +# password: pass +# userCredentialsExternalSecret: some-secret +# host: host +# container: container +# mysqlDatabase: optimizer topology_host: oof-cmso-topology topology_port: 7998 ticketmgt_host: oof-cmso-ticketmgt ticketmgt_port: 7999 -mariadb: - nameOverride: cmso-db - ingress: enabled: false diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml index 385d61684f..b0afb6e285 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml @@ -35,7 +35,7 @@ spec: - /root/ready.py args: - --container-name - - {{ .Values.mariadb.nameOverride }} + - {{ .Values.config.db.container }} env: - name: NAMESPACE valueFrom: @@ -50,18 +50,15 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: DB_HOST - value: {{ .Values.config.db_host }}.{{.Release.Namespace}} + value: {{ .Values.config.db.host }}.{{.Release.Namespace}} - name: DB_PORT - value: {{ .Values.config.db_port | quote}} + value: {{ .Values.config.db.port | quote}} - name: DB_USERNAME - value: {{ .Values.config.db_root }} + value: {{ .Values.config.db.root }} - name: DB_SCHEMA - value: {{ .Values.config.mysqlDatabase }} + value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-cmso-db-db-root-password - key: password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} terminationMessagePolicy: File volumeMounts: - name: {{ include "common.fullname" . }}-config @@ -98,18 +95,15 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: DB_HOST - value: {{ .Values.config.db_host }}.{{.Release.Namespace}} + value: {{ .Values.config.db.host }}.{{.Release.Namespace}} - name: DB_PORT - value: {{ .Values.config.db_port | quote}} + value: {{ .Values.config.db.port | quote}} - name: DB_USERNAME - value: {{ .Values.config.db_user }} + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}} - name: DB_SCHEMA - value: {{ .Values.config.mysqlDatabase }} + value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-cmso-db-db-user-credentials - key: password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}} - name: JAVA_TRUSTSTORE value: /share/etc/certs/{{ .Values.global.truststoreFile }} - name: SSL_KEYSTORE diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/requirements.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml index 5b097f3ab7..dee311c336 100644 --- a/kubernetes/common/postgres-legacy/charts/pgpool/requirements.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml @@ -1,4 +1,4 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,7 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -dependencies: - - name: common - version: ~5.x-0 - repository: '@local' +{{ include "common.secret" . }} diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml index 85f6094615..345f03d4d3 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml @@ -37,6 +37,22 @@ dbinit: debugEnabled: false ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: cmso-db-root-password + type: password + password: '{{ .Values.config.db.rootPassword }}' + externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}' + policy: required + - uid: cmso-db-user-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.user }}' + password: '{{ .Values.config.db.password }}' + passwordPolicy: required + +################################################################# # Application configuration defaults. ################################################################# # default number of instances @@ -71,17 +87,20 @@ service: config: - db_root: root - db_user: cmso-admin - mysqlDatabase: cmso - db_host: oof-cmso-dbhost - db_port: 3306 + db: + port: 3306 + root: root +# rootPassword: pass +# rootPasswordExternalSecret: some secret +# user: cmso-admin +# password: pass +# userCredentialsExternalSecret: some-secret +# host: host +# container: container +# mysqlDatabase: cmso optimizer_host: oof-cmso-optimizer optimizer_port: 7997 -mariadb: - nameOverride: cmso-db - ingress: enabled: false diff --git a/kubernetes/oof/charts/oof-cmso/templates/secret.yaml b/kubernetes/oof/charts/oof-cmso/templates/secret.yaml index 11a9221fed..3c61bf3bdc 100644 --- a/kubernetes/oof/charts/oof-cmso/templates/secret.yaml +++ b/kubernetes/oof/charts/oof-cmso/templates/secret.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada, AT&T +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +{{ include "common.secret" . }} +--- apiVersion: v1 kind: Secret metadata: diff --git a/kubernetes/oof/charts/oof-cmso/values.yaml b/kubernetes/oof/charts/oof-cmso/values.yaml index c97138bded..2b8ad9487d 100644 --- a/kubernetes/oof/charts/oof-cmso/values.yaml +++ b/kubernetes/oof/charts/oof-cmso/values.yaml @@ -12,6 +12,23 @@ # See the License for the specific language governing permissions and # limitations under the License. +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: cmso-db-root-password + name: '{{ include "common.release" . }}-cmso-db-root-password' + type: password + password: '' + policy: generate + - uid: cmso-db-secret + name: '{{ include "common.release" . }}-cmso-db-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.userName }}' + password: '{{ .Values.config.db.userPassword }}' + passwordPolicy: generate + mariadb-galera: replicaCount: 1 nameOverride: cmso-db @@ -26,9 +43,8 @@ mariadb-galera: enabled: true disableNfsProvisioner: true config: - mariadbRootPassword: beer - userName: cmso-admin - userPassword: nimda-osmc + mariadbRootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password' + userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret' mysqlDatabase: cmso externalConfig: | [mysqld] @@ -49,4 +65,26 @@ flavor: small config: log: logstashServiceName: log-ls - logstashPort: 5044
\ No newline at end of file + logstashPort: 5044 + db: + # userCredentialsExternalsecret: some secret + userName: cmso-admin + # userPassword: password + +oof-cmso-service: + config: + db: + userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret' + rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password' + host: oof-cmso-dbhost + container: cmso-db + mysqlDatabase: cmso + +oof-cmso-optimizer: + config: + db: + userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret' + rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password' + host: oof-cmso-dbhost + container: cmso-db + mysqlDatabase: optimizer diff --git a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml index ca1390a407..1aa0010289 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml @@ -70,7 +70,7 @@ spec: {{ if eq .Values.liveness.enabled true }} livenessProbe: httpGet: - path: /sdc2/rest/version + path: /sdc2/rest/healthCheck port: {{ .Values.service.internalPort }} scheme: HTTPS initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} diff --git a/kubernetes/sdc/charts/sdc-be/values.yaml b/kubernetes/sdc/charts/sdc-be/values.yaml index 8ac6c27dba..a9e5b292fb 100644 --- a/kubernetes/sdc/charts/sdc-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-backend:1.5.2 -backendInitImage: onap/sdc-backend-init:1.5.2 +image: onap/sdc-backend:1.6.1 +backendInitImage: onap/sdc-backend-init:1.6.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdc/charts/sdc-cs/values.yaml b/kubernetes/sdc/charts/sdc-cs/values.yaml index 21b35cefd8..150b9618ef 100644 --- a/kubernetes/sdc/charts/sdc-cs/values.yaml +++ b/kubernetes/sdc/charts/sdc-cs/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-cassandra:1.5.2 -cassandraInitImage: onap/sdc-cassandra-init:1.5.2 +image: onap/sdc-cassandra:1.6.1 +cassandraInitImage: onap/sdc-cassandra-init:1.6.1 pullPolicy: Always @@ -61,10 +61,8 @@ service: type: ClusterIP name: sdc-cs portName: sdc-cs - externalPort: 9160 - internalPort: 9160 - externalPort2: 9042 - internalPort2: 9042 + externalPort: 9042 + internalPort: 9042 ## Persist data to a persitent volume diff --git a/kubernetes/sdc/charts/sdc-es/.helmignore b/kubernetes/sdc/charts/sdc-es/.helmignore deleted file mode 100644 index 542b3390d8..0000000000 --- a/kubernetes/sdc/charts/sdc-es/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-es/Chart.yaml b/kubernetes/sdc/charts/sdc-es/Chart.yaml deleted file mode 100644 index d1c46d06ba..0000000000 --- a/kubernetes/sdc/charts/sdc-es/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T, ZTE -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -description: ONAP Service Design and Creation Elasticsearch -name: sdc-es -version: 5.0.0 diff --git a/kubernetes/sdc/charts/sdc-es/templates/NOTES.txt b/kubernetes/sdc/charts/sdc-es/templates/NOTES.txt deleted file mode 100644 index 3a5553b84f..0000000000 --- a/kubernetes/sdc/charts/sdc-es/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada, AT&T, ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/sdc/charts/sdc-es/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-es/templates/deployment.yaml deleted file mode 100644 index c5ab2be09c..0000000000 --- a/kubernetes/sdc/charts/sdc-es/templates/deployment.yaml +++ /dev/null @@ -1,92 +0,0 @@ -# Copyright © 2017 Amdocs, AT&T, Bell Canada -# Modifications Copyright © 2018 ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - containers: - - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - - containerPort: {{ .Values.service.internalPort2 }} - {{ if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end }} - readinessProbe: - httpGet: - path: "_cluster/health?wait_for_status=yellow&timeout=120s" - port: {{ .Values.service.internalPort }} - scheme: HTTP - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: -{{ include "common.resources" . | indent 12 }} - env: - - name: ENVNAME - value: {{ .Values.global.env.name }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: ES_HEAP_SIZE - value: {{ .Values.config.JvmHeapSize }} - - name: ES_JAVA_OPTS - value: {{ .Values.config.JvmOptions }} - volumeMounts: - - name: {{ include "common.fullname" . }}-environments - mountPath: /root/chef-solo/environments/ - - name: {{ include "common.fullname" . }}-localtime - mountPath: /etc/localtime - readOnly: true - - name: {{ include "common.fullname" . }}-data - mountPath: /usr/share/elasticsearch/data/ - volumes: - - name: {{ include "common.fullname" . }}-localtime - hostPath: - path: /etc/localtime - {{- if .Values.persistence.enabled }} - - name: {{ include "common.fullname" . }}-data - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }} - {{- else }} - emptyDir: {} - {{- end }} - - name: {{ include "common.fullname" . }}-environments - configMap: - name: {{ include "common.release" . }}-sdc-environments-configmap - defaultMode: 0755 - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-es/templates/job.yaml b/kubernetes/sdc/charts/sdc-es/templates/job.yaml deleted file mode 100644 index 8a73eaec17..0000000000 --- a/kubernetes/sdc/charts/sdc-es/templates/job.yaml +++ /dev/null @@ -1,67 +0,0 @@ -# Copyright © 2017 Amdocs, AT&T, Bell Canada -# Modifications Copyright © 2018 ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "common.fullname" . }}-config-elasticsearch - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-job - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - backoffLimit: 20 - template: - metadata: - labels: - app: {{ include "common.name" . }}-job - release: {{ include "common.release" . }} - spec: - restartPolicy: Never - initContainers: - - name: {{ include "common.name" . }}-init-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /root/ready.py - args: - - --container-name - - sdc-es - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - containers: - - name: {{ include "common.name" . }}-job - image: "{{ include "common.repository" . }}/{{ .Values.elasticInitImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-environments - mountPath: /root/chef-solo/environments/ - env: - - name: ENVNAME - value: {{ .Values.global.env.name }} - volumes: - - name: {{ include "common.fullname" . }}-environments - configMap: - name: {{ include "common.release" . }}-sdc-environments-configmap - defaultMode: 0755 - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" - restartPolicy: Never diff --git a/kubernetes/sdc/charts/sdc-es/templates/pv.yaml b/kubernetes/sdc/charts/sdc-es/templates/pv.yaml deleted file mode 100644 index 4733fed749..0000000000 --- a/kubernetes/sdc/charts/sdc-es/templates/pv.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T, ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) -}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" . }}-data" - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} -{{- end -}} -{{- end -}} diff --git a/kubernetes/sdc/charts/sdc-es/templates/pvc.yaml b/kubernetes/sdc/charts/sdc-es/templates/pvc.yaml deleted file mode 100644 index ab97f9541a..0000000000 --- a/kubernetes/sdc/charts/sdc-es/templates/pvc.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T, ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.size }} -{{- end -}}
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-es/templates/service.yaml b/kubernetes/sdc/charts/sdc-es/templates/service.yaml deleted file mode 100644 index a49982c432..0000000000 --- a/kubernetes/sdc/charts/sdc-es/templates/service.yaml +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T, ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - - port: {{ .Values.service.internalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName }}2 - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName }}2 - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/sdc/charts/sdc-es/values.yaml b/kubernetes/sdc/charts/sdc-es/values.yaml deleted file mode 100644 index adb0595b3d..0000000000 --- a/kubernetes/sdc/charts/sdc-es/values.yaml +++ /dev/null @@ -1,119 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T, ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - ubuntuInitRepository: oomk8s - ubuntuInitImage: ubuntu-init:1.0.0 - - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/sdc-elasticsearch:1.5.2 -elasticInitImage: onap/sdc-init-elasticsearch:1.5.2 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -config: - JvmHeapSize: "1024M" - JvmOptions: "-Xms512m -Xmx512m" - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 60 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 60 - periodSeconds: 10 - -service: - type: ClusterIP - name: sdc-es - portName: sdc-es - externalPort: 9200 - internalPort: 9200 - externalPort2: 9300 - internalPort2: 9300 - -## Persist data to a persitent volume -persistence: - enabled: true - - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - volumeReclaimPolicy: Retain - - ## database data Persistent Volume Storage Class - ## If defined, storageClassName: <storageClass> - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - accessMode: ReadWriteOnce - size: 2Gi - mountPath: /dockerdata-nfs - mountSubPath: /sdc/sdc-es/ES - -ingress: - enabled: false - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 1 - memory: 4Gi - requests: - cpu: 10m - memory: 1Gi - large: - limits: - cpu: 2 - memory: 8Gi - requests: - cpu: 20m - memory: 2Gi - unlimited: {} - diff --git a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml index 4c2baaf57f..6f35f6bd06 100644 --- a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml @@ -32,20 +32,6 @@ spec: release: {{ include "common.release" . }} spec: initContainers: - - name: {{ include "common.name" . }}-readiness - command: - - /root/ready.py - args: - - --container-name - - "sdc-kb" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-job-completion image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" diff --git a/kubernetes/sdc/charts/sdc-fe/values.yaml b/kubernetes/sdc/charts/sdc-fe/values.yaml index c6f39f9822..78f8b90f66 100644 --- a/kubernetes/sdc/charts/sdc-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-fe/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-frontend:1.5.2 +image: onap/sdc-frontend:1.6.1 pullPolicy: Always config: diff --git a/kubernetes/sdc/charts/sdc-kb/.helmignore b/kubernetes/sdc/charts/sdc-kb/.helmignore deleted file mode 100644 index ce90c2db1e..0000000000 --- a/kubernetes/sdc/charts/sdc-kb/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-
-
-#TODO:REMOVE
-sdc-kb.yaml
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-kb/Chart.yaml b/kubernetes/sdc/charts/sdc-kb/Chart.yaml deleted file mode 100644 index d6f0b32e26..0000000000 --- a/kubernetes/sdc/charts/sdc-kb/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T, ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Service Design and Creation Kibana -name: sdc-kb -version: 5.0.0 diff --git a/kubernetes/sdc/charts/sdc-kb/templates/NOTES.txt b/kubernetes/sdc/charts/sdc-kb/templates/NOTES.txt deleted file mode 100644 index 3a5553b84f..0000000000 --- a/kubernetes/sdc/charts/sdc-kb/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada, AT&T, ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/sdc/charts/sdc-kb/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-kb/templates/deployment.yaml deleted file mode 100644 index 8911dbc5a3..0000000000 --- a/kubernetes/sdc/charts/sdc-kb/templates/deployment.yaml +++ /dev/null @@ -1,93 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T, ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - name: {{ include "common.name" . }}-job-completion - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" - command: - - /root/job_complete.py - args: - - --job-name - - {{ include "common.release" . }}-sdc-es-config-elasticsearch - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - containers: - - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - {{ if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: -{{ include "common.resources" . | indent 12 }} - env: - - name: ENVNAME - value: {{ .Values.global.env.name }} - - name: NODE_OPTIONS - value: {{ .Values.config.nodeOptions }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - volumeMounts: - - name: {{ include "common.fullname" . }}-environments - mountPath: /root/chef-solo/environments/ - - name: {{ include "common.fullname" . }}-localtime - mountPath: /etc/localtime - readOnly: true - volumes: - - name: {{ include "common.fullname" . }}-localtime - hostPath: - path: /etc/localtime - - name: {{ include "common.fullname" . }}-environments - configMap: - name: {{ include "common.release" . }}-sdc-environments-configmap - defaultMode: 0755 - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-kb/templates/service.yaml b/kubernetes/sdc/charts/sdc-kb/templates/service.yaml deleted file mode 100644 index 2d1c27df86..0000000000 --- a/kubernetes/sdc/charts/sdc-kb/templates/service.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T, ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/sdc/charts/sdc-kb/values.yaml b/kubernetes/sdc/charts/sdc-kb/values.yaml deleted file mode 100644 index c2859e2983..0000000000 --- a/kubernetes/sdc/charts/sdc-kb/values.yaml +++ /dev/null @@ -1,89 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T, ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/sdc-kibana:1.5.2 -pullPolicy: Always - -config: - nodeOptions: "--max-old-space-size=200" - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: false - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: ClusterIP - name: sdc-kb - portName: sdc-kb - externalPort: 5601 - internalPort: 5601 - - -sdc-es: - service: - name: sdc-es - -ingress: - enabled: false - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 1 - memory: 4Gi - requests: - cpu: 10m - memory: 1Gi - large: - limits: - cpu: 2 - memory: 8Gi - requests: - cpu: 20m - memory: 2Gi - unlimited: {} diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml index a6a3f6bd22..7e026f9da5 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-onboard-backend:1.5.2 -onboardingInitImage: onap/sdc-onboard-cassandra-init:1.5.2 +image: onap/sdc-onboard-backend:1.6.1 +onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.1 pullPolicy: Always # flag to enable debugging - application support required @@ -99,7 +99,7 @@ cert: persistence: enabled: true size: 10Mi - accessMode: ReadOnlyMany + accessMode: ReadWriteOnce volumeReclaimPolicy: Retain mountSubPath: /sdc/onbaording/cert diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml index 97caae2727..cc9f38be6d 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml @@ -56,7 +56,7 @@ spec: - name: CS_HOST value: "{{ .Values.global.cassandra.serviceName }}" - name: CS_PORT - value: "{{ .Values.config.cassandraThriftClientPort }}" + value: "{{ .Values.config.cassandraClientPort }}" - name: CS_AUTHENTICATE value: "{{ .Values.config.cassandraAuthenticationEnabled }}" - name: CS_USER diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml index 68f487674d..3e5a83aee7 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/workflow-backend:1.6.0 -configInitImage: onap/workflow-init:1.6.0 +image: onap/workflow-backend:1.6.1 +configInitImage: onap/workflow-init:1.6.1 pullPolicy: Always initJob: @@ -38,7 +38,6 @@ initJob: config: javaOptions: "-Xmx1536m -Xms1536m" cassandraAuthenticationEnabled: true - cassandraThriftClientPort: 9160 cassandraClientPort: 9042 sdcProtocol: HTTPS diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml index fc30297885..66eb22e50c 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/workflow-frontend:1.6.0 +image: onap/workflow-frontend:1.6.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdc/resources/config/environments/AUTO.json b/kubernetes/sdc/resources/config/environments/AUTO.json index b642e859f7..67ee6f9973 100755 --- a/kubernetes/sdc/resources/config/environments/AUTO.json +++ b/kubernetes/sdc/resources/config/environments/AUTO.json @@ -16,8 +16,6 @@ "DCAE_FE_VIP": "sdc-dcae-fe.{{include "common.namespace" .}}", "DCAE_TOSCA_LAB_VIP": "sdc-dcae-tosca-lab.{{include "common.namespace" .}}", "FE_VIP": "sdc-fe.{{include "common.namespace" .}}", - "ES_VIP": "sdc-es.{{include "common.namespace" .}}", - "KB_VIP": "sdc-kb.{{include "common.namespace" .}}", "interfaces": { "application": "eth0", "private": "eth0" @@ -46,11 +44,7 @@ ], "BE": "sdc-be.{{include "common.namespace" .}}", "ONBOARDING_BE": "sdc-onboarding-be.{{include "common.namespace" .}}", - "FE": "sdc-fe.{{include "common.namespace" .}}", - "ES": [ - "sdc-es.{{include "common.namespace" .}}" - ], - "KB": "sdc-kb.{{include "common.namespace" .}}" + "FE": "sdc-fe.{{include "common.namespace" .}}" }, "VnfRepo": { "vnfRepoPort": "{{.Values.config.environment.vnfRepoPort}}", @@ -71,14 +65,6 @@ "https_port": "8445", "catalog_notification_url": "%s://%s:%s/sdc2/rest/v1/catalog/notif/vsp/" }, - "elasticsearch": { - "cluster_name": "SDC-ES-", - "ES_path_home": "/usr/share/elasticsearch", - "ES_path_data": "/usr/share/elasticsearch/data", - "num_of_replicas": "0", - "num_of_shards": "1" - }, - "cassandra": { "cassandra_port": 9042, "concurrent_reads": "32", @@ -99,6 +85,25 @@ "socket_connect_timeout": "20000", "janusgraph_connection_timeout": "10000", "replication_factor": "{{.Values.global.cassandra.replicaCount}}" - } + }, + "DMAAP": { + "consumer": { + "host": "dcae-mrtr.com:3905", + "topic": "operationalEnvironmentEvent", + "serviceName": "dcae-mrtr.com:3905/events", + "environment": "TEST", + "partner": "BOT_R", + "username": "user1@sdc.com", + "password": "password==" + }, + "producer": { + "host": "olsd004.com:3905", + "topic": "SDC-FACADE-NOTIF-v1 ", + "serviceName": "dmaap.com:3905/events", + "environment": "TEST", + "username": "user1@sdc.com", + "password": "password==" + } + } } } diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml index 6abf911a89..3d35814f2e 100644 --- a/kubernetes/sdc/values.yaml +++ b/kubernetes/sdc/values.yaml @@ -47,10 +47,6 @@ config: workflowUrl: 10.0.2.15 vnfRepoPort: 8702 -sdc-es: - service: - name: sdc-es - #Used only if localCluster is enabled. Instantiates SDC's own cassandra cluster cassandra: nameOverride: sdc-cs diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/aai.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/aai.properties index 66e62672b2..f9640a95db 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/aai.properties +++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/aai.properties @@ -30,6 +30,6 @@ AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000 AFT_DME2_EP_READ_TIMEOUT_MS=50000 sessionstickinessrequired=NO DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt -sdnc.odl.user=admin -sdnc.odl.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U +sdnc.odl.user=${ODL_USER} +sdnc.odl.password=${ODL_PASSWORD} sdnc.odl.url-base=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
\ No newline at end of file diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dblib.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dblib.properties index 8a0a102396..beb514e583 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dblib.properties +++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dblib.properties @@ -1,7 +1,6 @@ ### # ============LICENSE_START======================================================= -# Copyright (C) 2018 ONAP Intellectual Property. All rights -# reserved. +# Copyright (C) 2018 ONAP Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,11 +17,11 @@ ### org.onap.ccsdk.sli.dbtype=jdbc org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01 -org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}:{{.Values.config.mariadbGalera.internalPort}}/sdnctl +org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}} org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver -org.onap.ccsdk.sli.jdbc.database=sdnctl -org.onap.ccsdk.sli.jdbc.user=sdnctl -org.onap.ccsdk.sli.jdbc.password=gamma +org.onap.ccsdk.sli.jdbc.database={{index $.Values "mariadb-galera" "config" "mysqlDatabase"}} +org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER} +org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD} org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01 org.onap.ccsdk.sli.jdbc.connection.timeout=50 org.onap.ccsdk.sli.jdbc.request.timeout=100 diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dhcpalert.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dhcpalert.properties index 422696afbd..96f40790c6 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dhcpalert.properties +++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dhcpalert.properties @@ -30,6 +30,6 @@ AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000 AFT_DME2_EP_READ_TIMEOUT_MS=50000 sessionstickinessrequired=NO DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt -sdnc.odl.user=admin -sdnc.odl.password={{.Values.config.odlPassword}} +sdnc.odl.user=${ODL_USER} +sdnc.odl.password=${ODL_PASSWORD} sdnc.odl.url-base=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/lcm.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/lcm.properties index f38f701064..0b52b3febb 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/lcm.properties +++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/lcm.properties @@ -30,6 +30,6 @@ AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000 AFT_DME2_EP_READ_TIMEOUT_MS=50000 sessionstickinessrequired=NO DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt -sdnc.odl.user=admin -sdnc.odl.password={{.Values.config.odlPassword}} +sdnc.odl.user=${ODL_USER} +sdnc.odl.password=${ODL_PASSWORD} sdnc.odl.url-base=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
\ No newline at end of file diff --git a/kubernetes/sdnc/charts/dmaap-listener/templates/deployment.yaml b/kubernetes/sdnc/charts/dmaap-listener/templates/deployment.yaml index 7d8178b7b5..7ef5ca4998 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/templates/deployment.yaml +++ b/kubernetes/sdnc/charts/dmaap-listener/templates/deployment.yaml @@ -32,10 +32,33 @@ spec: spec: initContainers: - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: SDNC_DB_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: SDNC_DB_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: ODL_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }} + - name: ODL_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: config-input + - mountPath: /config + name: properties + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + + - command: - /root/ready.py args: - --container-name - - {{ .Values.config.mariadbGalera.chartName }} + - {{ include "common.mariadbService" . }} - --container-name - {{ .Values.config.sdncChartName }} - --container-name @@ -91,9 +114,12 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: properties + - name: config-input configMap: name: {{ include "common.fullname" . }} defaultMode: 0644 + - name: properties + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdnc/charts/dmaap-listener/values.yaml b/kubernetes/sdnc/charts/dmaap-listener/values.yaml index 4965d96908..d90da63e6d 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/charts/dmaap-listener/values.yaml @@ -21,6 +21,35 @@ global: readinessImage: readiness-check:2.0.2 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + # envsusbt + envsubstImage: dibi/envsubst + mariadbGalera: + #This flag allows SO to instantiate its own mariadb-galera cluster + #If shared instance is used, this chart assumes that DB already exists + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-secret + name: &dbSecretName '{{ include "common.release" . }}-sdnc-dmaap-listener-db-secret' + type: basicAuth + # This is a nasty trick that allows you override this secret using external one + # with the same field that is used to pass this to subchart + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-dmaap-listener-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}' + login: '{{ index .Values "mariadb-galera" "config" "userName" }}' + password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}' + passwordPolicy: required + - uid: odl-creds + type: basicAuth + externalSecret: '{{ .Values.config.odlCredsExternalSecret }}' + login: '{{ .Values.config.odlUser }}' + password: '{{ .Values.config.odlPassword }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -40,11 +69,25 @@ config: sdncPort: 8282 msgRouterContainerName: message-router configDir: /opt/onap/sdnc/data/properties + odlUser: admin odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U - mariadbGalera: - chartName: mariadb-galera - serviceName: mariadb-galera + # odlCredsExternalSecret: some secret + +mariadb-galera: + config: + userCredentialsExternalSecret: *dbSecretName + userName: sdnctl + userPassword: gamma + mysqlDatabase: sdnctl + nameOverride: dmaap-listener-galera + service: + name: dmaap-listener-galera + portName: dmaap-listener-galera internalPort: 3306 + replicaCount: 1 + persistence: + enabled: true + mountSubPath: dmaap-listener/maria/data # default number of instances replicaCount: 1 diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/resources/config/RestServer_config b/kubernetes/sdnc/charts/sdnc-ansible-server/resources/config/RestServer_config index eb88d7236b..7dc5c19e12 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/resources/config/RestServer_config +++ b/kubernetes/sdnc/charts/sdnc-ansible-server/resources/config/RestServer_config @@ -13,33 +13,33 @@ # limitations under the License. # Host definition -ip: 0.0.0.0 -port: {{.Values.service.internalPort}} +ip: 0.0.0.0 +port: {{.Values.service.internalPort}} # Security (controls use of TLS encrypton and RestServer authentication) -tls: no -auth: no +tls: no +auth: no # TLS certificates (must be built on application host) -priv: provide_privated_key.pem -pub: provide_public_key.pem +priv: provide_privated_key.pem +pub: provide_public_key.pem # RestServer authentication -id: sdnc -psswd: sdnc +id: ${REST_USER} +psswd: ${REST_PASSWORD} # Mysql -host: {{.Values.config.mariadbGalera.serviceName}} -user: sdnc -passwd: sdnc -db: ansible +host: {{ include "common.mariadbService" $ }} +user: ${DB_USER} +passwd: ${DB_PASSWORD} +db: {{ index .Values "mariadb-galera" "config" "mysqlDatabase" }} # Playbooks -from_files: yes -ansible_path: /opt/onap/sdnc/Playbooks -ansible_inv: Ansible_inventory -ansible_temp: PlaybooksTemp -timeout_seconds: 60 +from_files: yes +ansible_path: /opt/onap/sdnc/Playbooks +ansible_inv: Ansible_inventory +ansible_temp: PlaybooksTemp +timeout_seconds: 60 # Blocking on GetResults -getresults_block: yes +getresults_block: yes diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml index 2233099224..d353adaf58 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml +++ b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml @@ -32,6 +32,29 @@ spec: spec: initContainers: - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: DB_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: REST_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "rest-creds" "key" "login") | indent 10 }} + - name: REST_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "rest-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: config-input + - mountPath: /config + name: config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + + - command: - /root/ready.py args: - --container-name @@ -89,9 +112,12 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: config + - name: config-input configMap: name: {{ include "common.fullname" . }} defaultMode: 0644 + - name: config + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/common/postgres-legacy/Chart.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/secret.yaml index eff8e36eba..dee311c336 100644 --- a/kubernetes/common/postgres-legacy/Chart.yaml +++ b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/secret.yaml @@ -1,4 +1,4 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,7 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -description: ONAP Postgres Server -name: postgres-legacy -version: 5.0.0 +{{ include "common.secret" . }} diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml index db7c63cfa4..b0b3c81c8f 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml @@ -21,6 +21,35 @@ global: readinessImage: readiness-check:2.0.2 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + # envsusbt + envsubstImage: dibi/envsubst + mariadbGalera: + #This flag allows SO to instantiate its own mariadb-galera cluster + #If shared instance is used, this chart assumes that DB already exists + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-secret + name: &dbSecretName '{{ include "common.release" . }}-sdnc-ansible-server-db-secret' + type: basicAuth + # This is a nasty trick that allows you override this secret using external one + # with the same field that is used to pass this to subchart + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-ansible-server-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}' + login: '{{ index .Values "mariadb-galera" "config" "userName" }}' + password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}' + passwordPolicy: required + - uid: rest-creds + type: basicAuth + externalSecret: '{{ .Values.config.restCredsExternalSecret }}' + login: '{{ .Values.config.restUser }}' + password: '{{ .Values.config.restPassword }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -37,9 +66,25 @@ debugEnabled: false config: sdncChartName: sdnc configDir: /opt/onap/sdnc - mariadbGalera: - serviceName: mariadb-galera + restUser: sdnc + restPassword: sdnc + # restCredsExternalSecret: some secret +mariadb-galera: + config: + userCredentialsExternalSecret: *dbSecretName + userName: sdnc + userPassword: sdnc + mysqlDatabase: ansible + nameOverride: ansible-server-galera + service: + name: ansible-server-galera + portName: ansible-server-galera + internalPort: 3306 + replicaCount: 1 + persistence: + enabled: true + mountSubPath: ansible-server/maria/data # default number of instances replicaCount: 1 diff --git a/kubernetes/sdnc/charts/ueb-listener/resources/config/dblib.properties b/kubernetes/sdnc/charts/ueb-listener/resources/config/dblib.properties index fdc2218532..b4e69d36f5 100644 --- a/kubernetes/sdnc/charts/ueb-listener/resources/config/dblib.properties +++ b/kubernetes/sdnc/charts/ueb-listener/resources/config/dblib.properties @@ -2,8 +2,8 @@ # ============LICENSE_START======================================================= # openECOMP : SDN-C # ================================================================================ -# Copyright (C) 2017 AT&T Intellectual Property. All rights -# reserved. +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2020 Samsung Electrinics # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,11 +23,11 @@ org.onap.ccsdk.sli.dbtype=jdbc org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01 -org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}:{{.Values.config.mariadbGalera.internalPort}}/sdnctl +org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}} org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver -org.onap.ccsdk.sli.jdbc.database=sdnctl -org.onap.ccsdk.sli.jdbc.user=sdnctl -org.onap.ccsdk.sli.jdbc.password=gamma +org.onap.ccsdk.sli.jdbc.database={{index $.Values "mariadb-galera" "config" "mysqlDatabase"}} +org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER} +org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD} org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01 org.onap.ccsdk.sli.jdbc.connection.timeout=50 org.onap.ccsdk.sli.jdbc.request.timeout=100 diff --git a/kubernetes/sdnc/charts/ueb-listener/resources/config/ueb-listener.properties b/kubernetes/sdnc/charts/ueb-listener/resources/config/ueb-listener.properties index 86e51317f2..946773b18b 100644 --- a/kubernetes/sdnc/charts/ueb-listener/resources/config/ueb-listener.properties +++ b/kubernetes/sdnc/charts/ueb-listener/resources/config/ueb-listener.properties @@ -2,10 +2,10 @@ org.onap.ccsdk.sli.northbound.uebclient.asdc-address=sdc-be.{{.Release.Namespace org.onap.ccsdk.sli.northbound.uebclient.consumer-group=sdc-OpenSource-Env1-sdnc-dockero org.onap.ccsdk.sli.northbound.uebclient.consumer-id=sdc-COpenSource-Env11-sdnc-dockero org.onap.ccsdk.sli.northbound.uebclient.environment-name=AUTO -org.onap.ccsdk.sli.northbound.uebclient.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U -org.onap.ccsdk.sli.northbound.uebclient.user=sdnc -org.onap.ccsdk.sli.northbound.uebclient.sdnc-user=admin -org.onap.ccsdk.sli.northbound.uebclient.sdnc-passwd={{.Values.config.odlPassword}} +org.onap.ccsdk.sli.northbound.uebclient.password=${UEB_PASSWORD} +org.onap.ccsdk.sli.northbound.uebclient.user=${UEB_USER} +org.onap.ccsdk.sli.northbound.uebclient.sdnc-user=${ODL_USER} +org.onap.ccsdk.sli.northbound.uebclient.sdnc-passwd=${ODL_PASSWORD} org.onap.ccsdk.sli.northbound.uebclient.asdc-api-base-url=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations/ org.onap.ccsdk.sli.northbound.uebclient.asdc-api-namespace=org:onap:ccsdk org.onap.ccsdk.sli.northbound.uebclient.spool.incoming=/opt/onap/sdnc/ueb-listener/spool/incoming diff --git a/kubernetes/sdnc/charts/ueb-listener/templates/deployment.yaml b/kubernetes/sdnc/charts/ueb-listener/templates/deployment.yaml index 154d36c411..da72e1e558 100644 --- a/kubernetes/sdnc/charts/ueb-listener/templates/deployment.yaml +++ b/kubernetes/sdnc/charts/ueb-listener/templates/deployment.yaml @@ -32,10 +32,36 @@ spec: spec: initContainers: - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: SDNC_DB_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: SDNC_DB_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: UEB_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ueb-creds" "key" "login") | indent 10 }} + - name: UEB_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ueb-creds" "key" "password") | indent 10 }} + - name: ODL_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }} + - name: ODL_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: config-input + - mountPath: /config + name: properties + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + - command: - /root/ready.py args: - --container-name - - {{ .Values.config.mariadbGalera.chartName }} + - {{ include "common.mariadbService" . }} - --container-name - {{ .Values.config.sdncChartName }} - --container-name @@ -87,9 +113,12 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: properties + - name: config-input configMap: name: {{ include "common.fullname" . }} defaultMode: 0644 + - name: properties + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdnc/charts/ueb-listener/templates/secret.yaml b/kubernetes/sdnc/charts/ueb-listener/templates/secret.yaml new file mode 100644 index 0000000000..dee311c336 --- /dev/null +++ b/kubernetes/sdnc/charts/ueb-listener/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/sdnc/charts/ueb-listener/values.yaml b/kubernetes/sdnc/charts/ueb-listener/values.yaml index b4b42fdbc5..03fbf52f9b 100644 --- a/kubernetes/sdnc/charts/ueb-listener/values.yaml +++ b/kubernetes/sdnc/charts/ueb-listener/values.yaml @@ -21,6 +21,41 @@ global: readinessImage: readiness-check:2.0.2 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + # envsusbt + envsubstImage: dibi/envsubst + mariadbGalera: + #This flag allows SO to instantiate its own mariadb-galera cluster + #If shared instance is used, this chart assumes that DB already exists + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-secret + name: '{{ include "common.release" . }}-sdnc-ueb-listener-db-secret' + type: basicAuth + # This is a nasty trick that allows you override this secret using external one + # with the same field that is used to pass this to subchart + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-ueb-listener-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}' + login: '{{ index .Values "mariadb-galera" "config" "userName" }}' + password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}' + passwordPolicy: required + - uid: odl-creds + type: basicAuth + externalSecret: '{{ .Values.config.odlCredsExternalSecret }}' + login: '{{ .Values.config.odlUser }}' + password: '{{ .Values.config.odlPassword }}' + passwordPolicy: required + - uid: ueb-creds + type: basicAuth + externalSecret: '{{ .Values.config.odlCredsExternalSecret }}' + login: '{{ .Values.config.uebUser }}' + password: '{{ .Values.config.uebPassword }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -40,11 +75,30 @@ config: sdcbeChartName: sdc-be msgRouterContainerName: message-router configDir: /opt/onap/sdnc/data/properties + uebUser: sdnc + uebPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + # uebCredsExternalSecret: some secret + odlUser: admin odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U - mariadbGalera: - chartName: mariadb-galera - serviceName: mariadb-galera + # odlCredsExternalSecret: some secret + +mariadb-galera: + # '&mariadbConfig' means we "store" the values for later use in the file + # with '*mariadbConfig' pointer. + config: + userCredentialsExternalSecret: '{{ include "common.release" . }}-sdnc-ueb-listener-db-secret' + userName: sdnctl + userPassword: gamma + mysqlDatabase: sdnctl + nameOverride: ueb-listener-galera + service: + name: ueb-listener-galera + portName: ueb-listener-galera internalPort: 3306 + replicaCount: 1 + persistence: + enabled: true + mountSubPath: ueb-listener/maria/data # default number of instances replicaCount: 1 diff --git a/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml index 952642c48a..fb83e4e26b 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml @@ -69,7 +69,7 @@ cloud_config: admin_tenant: "{{ .Values.config.openStackServiceTenantName }}" member_role: "admin" tenant_metadata: true - identity_server_type: "KEYSTONE" + identity_server_type: "{{ .Values.config.openStackKeystoneVersion }}" identity_authentication_type: "USERNAME_PASSWORD" project_domain_name: "{{ .Values.config.openStackProjectDomainName }}" user_domain_name: "{{ .Values.config.openStackUserDomainName }}" diff --git a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml index 4685fd166a..c4e23164f2 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml +++ b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml @@ -83,6 +83,8 @@ config: openStackTenantId: "d570c718cbc545029f40e50b75eb13df" openStackProjectDomainName: "openStackProjectDomainName" openStackUserDomainName: "openStackUserDomainName" + # "KEYSTONE" for keystone v2, "KEYSTONE_V3" for keystone v3 + openStackKeystoneVersion: "KEYSTONE" nodeSelector: {} tolerations: [] affinity: {} diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/Chart.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/Chart.yaml index e2818139fa..9ea7a7efc2 100644..100755 --- a/kubernetes/common/postgres-legacy/charts/pgpool/Chart.yaml +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/Chart.yaml @@ -1,4 +1,4 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada +# Copyright © 2020 Samsung # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +13,6 @@ # limitations under the License. apiVersion: v1 -description: ONAP Postgres Server -name: pgpool +description: ONAP SO VE VNFM Adapter (SOL002) +name: so-ve-vnfm-adapter version: 5.0.0 diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/resources/config/overrides/override.yaml new file mode 100755 index 0000000000..88d805d81e --- /dev/null +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/resources/config/overrides/override.yaml @@ -0,0 +1,25 @@ +# Copyright © 2020 Samsung# Copyright © 2020 Samsung +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +server: + port: {{ (index .Values.service.ports 0).port }} + +vevnfmadapter: + endpoint: https://msb-iag:30283/api/{{ include "common.servicename" . }}/v1 + +aai: + endpoint: https://aai.{{ include "common.namespace" . }}:8443 + +dmaap: + endpoint: http://message-router.{{ include "common.namespace" . }}:3904 diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/templates/configmap.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/configmap.yaml index 099c8dd12e..e940811883 100755 --- a/kubernetes/common/postgres-legacy/charts/pgpool/templates/configmap.yaml +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/configmap.yaml @@ -1,4 +1,4 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2020 Samsung # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,12 +15,17 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-pgpool-configmap + name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} data: -{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} + APP: {{ include "common.name" . }} +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-app-configmap + namespace: {{ include "common.namespace" . }} + labels: {{- include "common.labels" . | nindent 4 }} +data: {{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | nindent 2 }} diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/deployment.yaml new file mode 100755 index 0000000000..03b3441c93 --- /dev/null +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/deployment.yaml @@ -0,0 +1,69 @@ +# Copyright © 2020 Samsung +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ index .Values.replicaCount }} + template: + metadata: + labels: {{- include "common.labels" . | nindent 8 }} + spec: + initContainers: + - name: {{ include "common.name" . }}-readiness + command: + - /root/ready.py + args: + - --container-name + - aai + - --container-name + - message-router + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + containers: + - name: {{ include "common.name" . }} + envFrom: + - configMapRef: + name: {{ include "common.fullname" . }}-configmap + image: {{ include "common.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: logs + mountPath: /app/logs + - name: config + mountPath: /app/config + readOnly: true + livenessProbe: + tcpSocket: + port: {{ index .Values.livenessProbe.port }} + initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} + periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} + successThreshold: {{ index .Values.livenessProbe.successThreshold}} + failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} + ports: {{- include "common.containerPorts" . | nindent 10 }} + volumes: + - name: logs + emptyDir: {} + - name: config + configMap: + name: {{ include "common.fullname" . }}-app-configmap diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/service.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/service.yaml new file mode 100755 index 0000000000..f3ef1138b8 --- /dev/null +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/service.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml new file mode 100755 index 0000000000..53106004a9 --- /dev/null +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml @@ -0,0 +1,68 @@ +# Copyright © 2020 Samsung +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +global: + repository: nexus3.onap.org:10001 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + persistence: + mountPath: /dockerdata-nfs +image: onap/so/ve-vnfm-adapter:1.6.0 +pullPolicy: Always +replicaCount: 1 +service: + name: ve-vnfm-adapter + type: ClusterIP + annotations: + msb.onap.org/service-info: | + {{ if not .Values.global.msbDisabled -}}[ + { + "serviceName": "{{ include "common.servicename" . }}", + "version": "v1", + "url": "/", + "protocol": "REST", + "port": "{{ (index .Values.service.ports 0).port }}", + "visualRange": "1" + } + ]{{ end }} + ports: + - name: http + port: 9098 +flavor: small +resources: + small: + limits: + memory: 512Mi + cpu: 500m + requests: + memory: 256Mi + cpu: 250m + large: + limits: + memory: 8Gi + cpu: 4000m + requests: + memory: 2Gi + cpu: 1000m + unlimited: {} +livenessProbe: + port: 9098 + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +nodeSelector: {} +tolerations: [] +affinity: {} diff --git a/kubernetes/uui/charts/uui-server/templates/service.yaml b/kubernetes/uui/charts/uui-server/templates/service.yaml index 353fb308dd..9c799cffec 100644 --- a/kubernetes/uui/charts/uui-server/templates/service.yaml +++ b/kubernetes/uui/charts/uui-server/templates/service.yaml @@ -30,7 +30,8 @@ metadata: "url": "/api/usecaseui-server/v1", "protocol": "REST", "port": "{{.Values.service.internalPort}}", - "visualRange":"1" + "visualRange":"1", + "enable_ssl": true } ]' spec: diff --git a/kubernetes/uui/charts/uui-server/values.yaml b/kubernetes/uui/charts/uui-server/values.yaml index e7856d3a4d..3da0bdf976 100644 --- a/kubernetes/uui/charts/uui-server/values.yaml +++ b/kubernetes/uui/charts/uui-server/values.yaml @@ -30,7 +30,7 @@ pullPolicy: Always # application configuration -msbaddr: msb-iag.{{include "common.namespace" .}}:80 +msbaddr: msb-iag.{{include "common.namespace" .}}:443 mraddr: message-router.{{include "common.namespace" .}}:3904 # flag to enable debugging - application support required @@ -85,10 +85,10 @@ resources: small: limits: cpu: 250m - memory: 250Mi + memory: 500Mi requests: cpu: 250m - memory: 250Mi + memory: 500Mi large: limits: cpu: 500m diff --git a/kubernetes/vid/templates/deployment.yaml b/kubernetes/vid/templates/deployment.yaml index 0a5c0c5ba4..d449da1140 100644 --- a/kubernetes/vid/templates/deployment.yaml +++ b/kubernetes/vid/templates/deployment.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -105,14 +106,9 @@ spec: - name: VID_MYSQL_DBNAME value: {{ index .Values "mariadb-galera" "config" "mysqlDatabase" }} - name: VID_MYSQL_USER - value: {{ index .Values "mariadb-galera" "config" "userName" }} + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 14 }} - name: VID_MYSQL_PASS - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }}-db - key: db-user-password - #valueFrom: - # secretKeyRef: {name: {{ include "common.fullname" . }}, key: vid-password} + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 14 }} - name: VID_MYSQL_MAXCONNECTIONS value: "{{ .Values.config.vidmysqlmaxconnections }}" volumeMounts: diff --git a/kubernetes/vid/templates/job.yaml b/kubernetes/vid/templates/job.yaml index 625fb0c6a1..75e40a1201 100644 --- a/kubernetes/vid/templates/job.yaml +++ b/kubernetes/vid/templates/job.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -60,14 +61,11 @@ spec: - /dbcmd-config/db_cmd.sh env: - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }}-db - key: db-user-password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 10 }} - name: MYSQL_HOST value: {{ index .Values "mariadb-galera" "service" "name" }} - name: MYSQL_USER - value: {{ index .Values "mariadb-galera" "config" "userName" }} + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 10 }} - name: MYSQL_PORT value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}" restartPolicy: Never diff --git a/kubernetes/vid/templates/secrets.yaml b/kubernetes/vid/templates/secrets.yaml index 2a66c4fbec..44a9b3e9e0 100644 --- a/kubernetes/vid/templates/secrets.yaml +++ b/kubernetes/vid/templates/secrets.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,19 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - vid-password: {{ .Values.config.vidmysqlpassword | b64enc | quote }} +{{ include "common.secret" . }} --- apiVersion: v1 kind: Secret @@ -39,18 +28,3 @@ metadata: type: Opaque data: {{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-db - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -type: Opaque -data: - db-user-password: {{ index .Values "mariadb-galera" "config" "userPassword" | b64enc | quote }} - db-root-password: {{ index .Values "mariadb-galera" "config" "mariadbRootPassword" | b64enc | quote }} diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml index 805e337f57..e8d0595284 100644 --- a/kubernetes/vid/values.yaml +++ b/kubernetes/vid/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,6 +23,17 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: vid-db-user-secret + name: '{{ include "common.release" . }}-vid-db-user-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.userName }}' + password: '{{ .Values.config.db.userPassword }}' + subChartsOnly: enabled: true @@ -35,7 +47,10 @@ mariadb_image: library/mariadb:10 # application configuration config: - vidmysqlpassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + db: + userName: vidadmin +# userCredentialsExternalSecret: some secret +# userPassword: password vidkeystorepassword: '\^7w\!f+aR\{EJcTRsDuA7x\,+c\!' asdcclientrestauth: "Basic dmlkOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU=" asdcclientrestport: "8443" @@ -54,9 +69,7 @@ config: mariadb-galera: config: - userName: vidadmin - userPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U - mariadbRootPassword: kjgsdhjqhawxvnbpoiawsfgjsqhsgjhjhdqihhjqdvcbxkjchizpw + userCredentialsExternalSecret: '{{ include "common.release" . }}-vid-db-user-secret' mysqlDatabase: vid_openecomp_epsdk nameOverride: vid-galera service: |