diff options
Diffstat (limited to 'kubernetes')
59 files changed, 867 insertions, 376 deletions
diff --git a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml index c8921f9efa..500e3a536b 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml @@ -62,7 +62,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-blueprintsprocessor:0.7.3 +image: onap/ccsdk-blueprintsprocessor:0.7.5 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/cds/charts/cds-command-executor/values.yaml b/kubernetes/cds/charts/cds-command-executor/values.yaml index 8b4dbbfc16..f194c279c9 100755 --- a/kubernetes/cds/charts/cds-command-executor/values.yaml +++ b/kubernetes/cds/charts/cds-command-executor/values.yaml @@ -40,7 +40,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-commandexecutor:0.7.3 +image: onap/ccsdk-commandexecutor:0.7.5 pullPolicy: Always # application configuration diff --git a/kubernetes/cds/charts/cds-py-executor/resources/certs/py-executor-chain.pem b/kubernetes/cds/charts/cds-py-executor/resources/certs/py-executor-chain.pem new file mode 100644 index 0000000000..7d626d3922 --- /dev/null +++ b/kubernetes/cds/charts/cds-py-executor/resources/certs/py-executor-chain.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIGmjCCBIKgAwIBAgIUKY54WlWSTO1gukYe2chbzm9mVIowDQYJKoZIhvcNAQEL +BQAwfzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCk5ldyBKZXJzZXkxEzARBgNVBAcM +Ck1pZGRsZXRvd24xFzAVBgNVBAoMDk9OQVAgQ29tbXVuaXR5MQ4wDAYDVQQDDAVD +Q1NESzEdMBsGCSqGSIb3DQEJARYOYnMyNzk2QGF0dC5jb20wHhcNMjAwNjA1MDgx +NjAwWhcNMzAwNjAzMDgxNjAwWjB/MQswCQYDVQQGEwJVUzETMBEGA1UECAwKTmV3 +IEplcnNleTETMBEGA1UEBwwKTWlkZGxldG93bjEXMBUGA1UECgwOT05BUCBDb21t +dW5pdHkxDjAMBgNVBAMMBUNDU0RLMR0wGwYJKoZIhvcNAQkBFg5iczI3OTZAYXR0 +LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMNqVzDC+BpV9iV1 +2sB3ya9Bwx2qTqmygV/ZM/2/Bd6z4duUHd5dK3ZeRablfB2HmaFsjXTTvf+/nVC8 +Q0e4yrOBXRY6qGD27YEkwTebP1Mjvj5uOuamGr6bsZOuJr8HooIA5L25D5GZ37bV +H4Wq1xz1PG+PgldUf/YXOcwuzO2Nq3FS3I0xKeaNI5YmmlW8gFeGKtPR8vRwpg45 +I+orp2NnO7tFqjwxO3Ka7se9s9fy3GUg0Yn4N1So36r3G2NNbueN34I/d8IazT3Z +dnWT4amnMXy455ijr1yucaGwKkc7nQDn2cNGlQOIlpzEU90w/V8ne73hAfWKZ+7p +o3BFOE1X0PV1fFZ4d9rf7slUCWYiUcaKRBbCf+Tu3EBonpJJBQBJTb78pln/5x5r +d9av0eruCm0K8MZVgHPNRnZVeggi34YFGo1MmDMZDPAYSxBX7z106QmHJiuFvzdc +u2AIht5jMnXERGO1mzLtjUjWgdjN2zxpARiCPoR59jBuX/DO+vBeSJZ3dFjWFHrM +2bDg8328ZU6/cVoU30vKR9J+CrBv+V5mvpqRVx/atHIuJ6aQne1FW+qYE/aWw6CH +IrJbHXLYb1T6nMhzu7rX5YVXSDGu5wLTjnBZlh8XVjn3UBgopS4EnceJRW9Jn01L +sGlNoEamKVVZ8jS4dif+8zgLsznzAgMBAAGjggEMMIIBCDAdBgNVHQ4EFgQUaigR +IIb+2J4zJ4bi2IIxICIOSyMwHwYDVR0jBBgwFoAUaigRIIb+2J4zJ4bi2IIxICIO +SyMwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwEwYDVR0lBAwwCgYIKwYBBQUHAwEw +awYDVR0RBGQwYoIRKmNkcy1jb250cm9sbGVyLSqCEipjZHMtcHktZXhlY3V0b3It +KoIMKnB5LWV4ZWN1dG9ygg4qcHktZXhlY3V0b3ItKoIKKi1weWV4ZWMtKoIJbG9j +YWxob3N0hwR/AAABMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBD +ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAgEAMooc0ZyZVzLePmm0q2iU6jls +ORmfpNXe/MqCRfEPr7sZAy3jGtJK9+ShoVVbvQbXaQ2wDe9XxwnrblWB+SaAwZiL +A8gF7ozgwavatwZ70683fnCsPC061WDlC965UWCbPL5opxW4ulL3meSYEdzvS3hm +oxeMhaLJSZpkk4D9tyVHwPtLJBpWD5a3rp9y6e2Q87XhrQKB+y2/QHeaDs3l+tKa +o6GW/PqKKM3ktboXBlGDT7bLhCpg179dOzXgdtHNtqv7zmXLDbGKV0mbQpjBVu72 +tWKf6KoVFhvXQP2he6vgvcMeycOS9ff3RLePwt61WiDXnQ97kD2UubTrdsQ0QieZ +r5NHeDQEEnEMW9kHQrYDEGk5s881QTg8EmrKKdcUH9+65ka/0HnKF9cQ+MklRMtG +8QDiwTd8AIyeOLg/9l9VP09IglksrmkfxqWD7zFyFKlyZZbiBH5XrYGlnGgezIUx +T41ulfQyQ6Ef1z97EUzYTOmxWRWReoFbLsqFOg1KLD2Y0wZkT22IdBreEO9W/W+X +OQuLLA3qwOZMF/mKwzp6SSLbelVIOhhx4k1sQy95dqMMQQMuLK/uPNETlenE36fT +yhiCa7B6VyPKVsYDcte2Cs8wo2uhMb7i5VaFIZD8Cjswkx1GbcQs9X0Fm1W9g5J0 +j/cJjXSeCIp84F+fxZo= +-----END CERTIFICATE----- diff --git a/kubernetes/cds/charts/cds-py-executor/resources/certs/py-executor-key.pem b/kubernetes/cds/charts/cds-py-executor/resources/certs/py-executor-key.pem new file mode 100644 index 0000000000..c6ef005641 --- /dev/null +++ b/kubernetes/cds/charts/cds-py-executor/resources/certs/py-executor-key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDDalcwwvgaVfYl +ddrAd8mvQcMdqk6psoFf2TP9vwXes+HblB3eXSt2XkWm5Xwdh5mhbI10073/v51Q +vENHuMqzgV0WOqhg9u2BJME3mz9TI74+bjrmphq+m7GTria/B6KCAOS9uQ+Rmd+2 +1R+Fqtcc9Txvj4JXVH/2FznMLsztjatxUtyNMSnmjSOWJppVvIBXhirT0fL0cKYO +OSPqK6djZzu7Rao8MTtymu7HvbPX8txlINGJ+DdUqN+q9xtjTW7njd+CP3fCGs09 +2XZ1k+GppzF8uOeYo69crnGhsCpHO50A59nDRpUDiJacxFPdMP1fJ3u94QH1imfu +6aNwRThNV9D1dXxWeHfa3+7JVAlmIlHGikQWwn/k7txAaJ6SSQUASU2+/KZZ/+ce +a3fWr9Hq7gptCvDGVYBzzUZ2VXoIIt+GBRqNTJgzGQzwGEsQV+89dOkJhyYrhb83 +XLtgCIbeYzJ1xERjtZsy7Y1I1oHYzds8aQEYgj6EefYwbl/wzvrwXkiWd3RY1hR6 +zNmw4PN9vGVOv3FaFN9LykfSfgqwb/leZr6akVcf2rRyLiemkJ3tRVvqmBP2lsOg +hyKyWx1y2G9U+pzIc7u61+WFV0gxrucC045wWZYfF1Y591AYKKUuBJ3HiUVvSZ9N +S7BpTaBGpilVWfI0uHYn/vM4C7M58wIDAQABAoICAGFZMGZSOlakTCMNOxR2mDp+ +gDzfAqD3FAwzn/rgloQDCJjiiJ6lu2kUPY6O8+2iB56q/S0d7qDhS/VUVA/+trwF +zeGtBwSG/no/XSHebQV14Ogo8Z7FUL1zwlrXfuXbX9FzsH/zGRZnmVLziOiF2vPK +F3lb/IqUxcpKd7iH9/6/fJDPvp93xm/cD8ZVJL1hUm5HoD41cNrk41RiksmtRY33 +d4IrikrCG+NT23AVyOnjSnf2iWw6AxZhqkr5HuOxR3aC7r1r8LT5tRUCqEiaiuiB +Kd4AHx+jK1D4dhMeN3GU+PnihlEJcGJ6QM2H4F9ocFBe0v4cgWVYtb4HFixvz0OY +E+4vsrMObxVBkJtEvEntdQqBEKxdHUotTzJvF3NocncM65VzKViyCBiFXyijQ2Aw +zFtyBNSzMLMBfkfJNXKhlDz4sOeDFjVaDTl6Rn3tnIHpjgbbbm5CXqNi0JRNi36C +/ANTAoxrol/FSkPxdsCdhYaU6CxZpelu2FbwjyV189dEyCROOTelqAC0k0YsmcOJ +FsQEkr8baWTIjgKta+kxo8SllPWntDeXfiM6iI4NeAwneIIJwqQb5WQiJWtnv0QX +eH/cbnXHJgxTw4Hb0LzDBYG3nY5LHW//eaXTt1vSwJh7AbPo0hl7JBe6JNUMT9ih ++LUE1zzOj3dJbnFh+QLBAoIBAQD601wIBHeGnm4TwnjpEWExb2VlC0uMYhik1uql +1zCsn7vgCFspq2tJugfALG4QEoti51AHkOybHX43jD6wvtPFT1HNL7yP63Zm27GP +3bkCsZLVWnIEtPCR266ENSdGr3cnoO91Pf4efINKlZPIo4jLwfYgJhcVbhHb57uw +j/VKhit9Cm+OnPD7PpKiGi4vUQPnbeIZsUTf5v4lYLR5r9uW91q07mS+jsoKcPyy +dHZBM1nz7vMQitTYAhL17x6rINtTl7ulBHfLxHpPZxvVN5z+pJpKhYJP2pIWwKZY +EBBMefiJhx6pR/T4YlFMdx0AmvVbeYZraIhh2vyNH5IeygNXAoIBAQDHclpbFNyd +ZfkufMIq7N0oGDOuYwfzfAYK93lHgAm6NXibbyY7v49WAViOILSSGo4edCB53mLq +9bLCsc0x9SL/OgZTCHwlY3cgc3WNAbICCsvinZS87XwPU3ZEMzy5T9AA1WlV0QSv +6FXffF71skKM7yaWRhNJ6zWLSVBZ5iRAcmg5IboWFseGx845RSp/M1FZTuRvX5Ne +7qQyJfJ0pu72Y6KkICpOqLmWYbxs3bcBpXdIGueUC4A6QlY+QrbGjGapkNhWzM1x +vMK+8cpuSNhIHDtEWf43jw0Oz59vmPws/iTENtk4RDgIncD7bJ4HWjb+ZZtjHnSG +r7L/HKS69ZjFAoIBAQDbpCwKBUdZhfCksv5IMeTnckHa+socU2Z7Kovtz4ObFoFh +jE+wLKDVvea9nOqAfoy6fg4xofHfXzNAlznqciBlvrDGOhAoAyv6pFVXwvQY7MDE +vd/sSToEr9ehhB4xosN321D1XOTjc2tQ66yu3K2Up/PMcS5zoKBY7hMIaPeGW/lH +FNVdkAbiLAghlUVuP8ZoaWu9zeKfItrYhldj2+Ax0ccHe16TE9zOyeQurRdEvx/9 +IPiOOtRpl19dJxi3CB2nlM5HkaMJt7LXR1YzHvEGd8N4kHLtVFvrOqYvpVlwbrp6 +S+1IlW9p9kZ07DVka02B3egctDwBXM8dEVFWTtYfAoIBAFOhB3IZlUgKcimj9ma5 +WyJsw37j13mpD3+ZtSjd7zY9JY1HVejHsfqGJfOykwSQTfdHCjcPoLqUu5gXpcrE +1x/d3LkEXcnvowvgXfH6PAHPNR6YpL1zdwmWHYkLUvMBHF69HaX2NtjrutYy+D5d +uLoPrUZlq8Da92CoJSEM9zZuwnTyR2zrsE47iaVJ8z/S7NFd2zs4ADtWJVNBxiBT +vu9hZ9kaA6Nn7Cm6YZ/kd9Ag6Zs6bNAO4n2LQ05n+uvWA1YmfhAnYB3I4H/gMtl7 +gfT6oX9PnOD/AqKrPFc29saG6jO8K+kD8drrCvhh2wGKOnUBdd5h7spq8cs233vl +b2ECggEAKL5rjbcUhRtJjobcIqnk1FeN43cXmFnlIICsY3ouskzGgDx5z4f8e9Oo +1fzoV4PVBf7uVPjgyiQy4Zio3qOcodvUi1xdv0mQEJzwyKpd12842pqVh3IvcVwf +V64Yr5m5CylDAfIsabT4uP9Cmh7TC87YD3Fiu2OPUTTIWfLY16iJfV8lvLyBxFNE +8VAqgnf3EH9VBNFWVUSaPcLO2BoduC1v74utK+T9+bqdLujBP5ZfQ1anfvYMlQVE +1e5twdnYJTHHWhlT6EtnaHmLJ0SuTFJfZNxxdAeRWyyqnS0vZvWvIonafnVi6g5X +m3FiOonz1SF53erfm5chlHxpQbUIhA== +-----END PRIVATE KEY----- diff --git a/kubernetes/cds/charts/cds-py-executor/resources/certs/py-executor.conf b/kubernetes/cds/charts/cds-py-executor/resources/certs/py-executor.conf new file mode 100644 index 0000000000..547810b081 --- /dev/null +++ b/kubernetes/cds/charts/cds-py-executor/resources/certs/py-executor.conf @@ -0,0 +1,46 @@ +[req] +default_bits = 4096 +default_keyfile = py-executor-key.pem +distinguished_name = subject +req_extensions = extensions +x509_extensions = extensions +string_mask = utf8only + +[ subject ] +countryName = Country Name (2 letter code) +countryName_default = US + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = New Jersey + +localityName = Locality Name (eg, city) +localityName_default = Middletown + +organizationName = Organization Name (eg, company) +organizationName_default = ONAP Community + +commonName = Common Name (e.g. server FQDN or YOUR name) +commonName_default = CCSDK + +emailAddress = Email Address +emailAddress_default = bs2796@att.com + +[ extensions ] + +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth +subjectAltName = @alt_names +nsComment = "OpenSSL Generated Certificate" + +[alt_names] +DNS.1 = *cds-controller-* +DNS.2 = *cds-py-executor-* +DNS.3 = *py-executor +DNS.4 = *py-executor-* +DNS.5 = *-pyexec-* +DNS.6 = localhost +IP.1 = 127.0.0.1 diff --git a/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml b/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml index f9c3377dd8..4210a0311a 100755 --- a/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml +++ b/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml @@ -66,15 +66,14 @@ spec: readOnly: true - mountPath: {{ .Values.persistence.deployedBlueprint }} name: {{ include "common.fullname" . }}-blueprints - resources: -{{ include "common.resources" . | nindent 12 }} + - mountPath: /opt/app/onap/python/certs/py-executor/ + name: certificates + resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | nindent 10 }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | nindent 10 }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end }} volumes: - name: localtime @@ -86,5 +85,8 @@ spec: - name: {{ include "common.fullname" . }}-blueprints persistentVolumeClaim: claimName: {{ include "common.release" . }}-cds-blueprints + - name: certificates + secret: + secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "cds-py-onap-certs") }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml b/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml index c36607b172..c13b7d814b 100644 --- a/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml +++ b/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secretFast" . }}
\ No newline at end of file +{{ include "common.secretFast" . }} diff --git a/kubernetes/cds/charts/cds-py-executor/values.yaml b/kubernetes/cds/charts/cds-py-executor/values.yaml index bbae1b9e5a..73736f11bb 100755 --- a/kubernetes/cds/charts/cds-py-executor/values.yaml +++ b/kubernetes/cds/charts/cds-py-executor/values.yaml @@ -38,7 +38,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-py-executor:0.7.3 +image: onap/ccsdk-py-executor:0.7.5 pullPolicy: Always # default number of instances @@ -79,6 +79,14 @@ secrets: login: '{{ .Values.config.apiUsername }}' password: '{{ .Values.config.apiPassword }}' passwordPolicy: required + - uid: "cds-py-onap-certs" + name: '{{ include "common.release" . }}-cds-py-certs' + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: + - resources/certs/py-executor.conf + - resources/certs/py-executor-chain.pem + - resources/certs/py-executor-key.pem config: # the api credentials below are used to authenticate communication with blueprint diff --git a/kubernetes/cds/charts/cds-sdc-listener/values.yaml b/kubernetes/cds/charts/cds-sdc-listener/values.yaml index 57b9e49426..30f9451673 100644 --- a/kubernetes/cds/charts/cds-sdc-listener/values.yaml +++ b/kubernetes/cds/charts/cds-sdc-listener/values.yaml @@ -37,7 +37,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-sdclistener:0.7.3 +image: onap/ccsdk-sdclistener:0.7.5 name: sdc-listener pullPolicy: Always diff --git a/kubernetes/cds/charts/cds-ui/values.yaml b/kubernetes/cds/charts/cds-ui/values.yaml index aea1202d51..d8a87cc2ea 100644 --- a/kubernetes/cds/charts/cds-ui/values.yaml +++ b/kubernetes/cds/charts/cds-ui/values.yaml @@ -28,7 +28,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-cds-ui-server:0.7.3 +image: onap/ccsdk-cds-ui-server:0.7.5 pullPolicy: Always # application configuration diff --git a/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh b/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh new file mode 100755 index 0000000000..6c69694011 --- /dev/null +++ b/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh @@ -0,0 +1,193 @@ +#!/bin/bash +set -eo pipefail +shopt -s nullglob + +# if command starts with an option, prepend mysqld +if [ "${1:0:1}" = '-' ]; then + set -- mysqld "$@" +fi + +# skip setup if they want an option that stops mysqld +wantHelp= +for arg; do + case "$arg" in + -'?'|--help|--print-defaults|-V|--version) + wantHelp=1 + break + ;; + esac +done + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + val=`echo -n $val | sed -e "s/'/''/g"` + export "$var"="$val" + unset "$fileVar" +} + +_check_config() { + toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) + if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then + cat >&2 <<-EOM + + ERROR: mysqld failed while attempting to check config + command was: "${toRun[*]}" + + $errors + EOM + exit 1 + fi +} + +# Fetch value from server config +# We use mysqld --verbose --help instead of my_print_defaults because the +# latter only show values present in config files, and not server defaults +_get_config() { + local conf="$1"; shift + "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \ + | awk '$1 == "'"$conf"'" && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }' + # match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)" +} + +# allow the container to be started with `--user` +if [ "$1" = 'mysqld' -a -z "$wantHelp" -a "$(id -u)" = '0' ]; then + _check_config "$@" + DATADIR="$(_get_config 'datadir' "$@")" + mkdir -p "$DATADIR" + find "$DATADIR" \! -user mysql -exec chown mysql '{}' + + exec gosu mysql "$BASH_SOURCE" "$@" +fi + +if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then + # still need to check config, container may have started with --user + _check_config "$@" + # Get config + DATADIR="$(_get_config 'datadir' "$@")" + + if [ ! -d "$DATADIR/mysql" ]; then + file_env 'MYSQL_ROOT_PASSWORD' + if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then + echo >&2 'error: database is uninitialized and password option is not specified ' + echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD' + exit 1 + fi + + mkdir -p "$DATADIR" + + echo 'Initializing database' + # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here) + mysql_install_db --datadir="$DATADIR" --rpm "${@:2}" + echo 'Database initialized' + + SOCKET="$(_get_config 'socket' "$@")" + "$@" --skip-networking --socket="${SOCKET}" & + pid="$!" + + mysql=( mysql --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" ) + + for i in {30..0}; do + if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then + break + fi + echo 'MySQL init process in progress...' + sleep 1 + done + if [ "$i" = 0 ]; then + echo >&2 'MySQL init process failed.' + exit 1 + fi + + if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then + # sed is for https://bugs.mysql.com/bug.php?id=20545 + mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql + fi + + if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then + export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)" + echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD" + fi + + rootCreate= + # default root to listen for connections from anywhere + file_env 'MYSQL_ROOT_HOST' '%' + if [ ! -z "$MYSQL_ROOT_HOST" -a "$MYSQL_ROOT_HOST" != 'localhost' ]; then + # no, we don't care if read finds a terminating character in this heredoc + # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151 + read -r -d '' rootCreate <<-EOSQL || true + CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ; + GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ; + EOSQL + fi + + "${mysql[@]}" <<-EOSQL + -- What's done in this file shouldn't be replicated + -- or products like mysql-fabric won't work + SET @@SESSION.SQL_LOG_BIN=0; + + DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ; + SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ; + GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ; + ${rootCreate} + DROP DATABASE IF EXISTS test ; + FLUSH PRIVILEGES ; + EOSQL + + if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then + mysql+=( -p"${MYSQL_ROOT_PASSWORD}" ) + fi + + file_env 'MYSQL_DATABASE' + if [ "$MYSQL_DATABASE" ]; then + echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}" + mysql+=( "$MYSQL_DATABASE" ) + fi + + file_env 'MYSQL_USER' + file_env 'MYSQL_PASSWORD' + if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then + echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}" + + if [ "$MYSQL_DATABASE" ]; then + echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}" + fi + fi + + echo + for f in /docker-entrypoint-initdb.d/*; do + case "$f" in + *.sh) echo "$0: running $f"; . "$f" ;; + *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;; + *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;; + *) echo "$0: ignoring $f" ;; + esac + echo + done + + if ! kill -s TERM "$pid" || ! wait "$pid"; then + echo >&2 'MySQL init process failed.' + exit 1 + fi + + echo + echo 'MySQL init process done. Ready for start up.' + echo + fi +fi + +exec "$@" diff --git a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml b/kubernetes/clamp/charts/mariadb/templates/configmap.yaml index 522c5f9bf8..01420aa97b 100644 --- a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml +++ b/kubernetes/clamp/charts/mariadb/templates/configmap.yaml @@ -39,4 +39,17 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/mariadb/conf.d/conf1/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/init/*").AsConfig . | indent 2 }} #{{ end }} diff --git a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml b/kubernetes/clamp/charts/mariadb/templates/deployment.yaml index 7d22930b6a..b6af4e3d0b 100644 --- a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml +++ b/kubernetes/clamp/charts/mariadb/templates/deployment.yaml @@ -61,6 +61,9 @@ spec: - name: MYSQL_DATABASE value: {{ tpl .Values.db.databaseName .}} volumeMounts: + - mountPath: /docker-entrypoint.sh + subPath: docker-entrypoint.sh + name: init-script - mountPath: /etc/localtime name: localtime readOnly: true @@ -97,5 +100,9 @@ spec: - name: localtime hostPath: path: /etc/localtime + - name: init-script + configMap: + name: {{ include "common.fullname" . }} + defaultMode: 0755 imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/common/mariadb-galera/resources/create-deployment.yml b/kubernetes/common/mariadb-galera/resources/create-deployment.yml deleted file mode 100644 index 61bfc78945..0000000000 --- a/kubernetes/common/mariadb-galera/resources/create-deployment.yml +++ /dev/null @@ -1,50 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" (dict "suffix" "upgrade-deployment" "dot" .) | nindent 4 }} -spec: - replicas: 1 - selector: - matchLabels: - app: {{ include "common.fullname" . }} - template: - metadata: - labels: - app: {{ include "common.fullname" . }} - spec: - containers: - - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - ports: - - containerPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - - containerPort: {{ .Values.service.sstPort }} - name: {{ .Values.service.sstPortName }} - - containerPort: {{ .Values.service.replicationPort }} - name: {{ .Values.service.replicationName }} - - containerPort: {{ .Values.service.istPort }} - name: {{ .Values.service.istPortName }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: MYSQL_USER - valueFrom: - secretKeyRef: - key: login - name: {{ include "common.fullname" . }}-temp-upgrade-usercred - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: {{ include "common.fullname" . }}-temp-upgrade-usercred - - name: MYSQL_DATABASE - value: {{ default "" .Values.config.mysqlDatabase | quote }} - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: {{ include "common.fullname" . }}-temp-upgrade-root - subdomain: {{ .Values.service.name }} - hostname: {{ .Values.nameOverride }}-upgrade-deployment
\ No newline at end of file diff --git a/kubernetes/common/mariadb-galera/resources/post-upgrade-script.sh b/kubernetes/common/mariadb-galera/resources/post-upgrade-script.sh deleted file mode 100644 index 132ac27ea2..0000000000 --- a/kubernetes/common/mariadb-galera/resources/post-upgrade-script.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash - -TEMP_POD=$(kubectl get pod -n $NAMESPACE_ENV --selector \ - app='{{ include "common.fullname" . }}' -o \ - jsonpath='{.items[?(@.metadata.ownerReferences[].kind=="ReplicaSet")].metadata.name}') - -tmp_MYSQL_PASSWORD=$(echo -n $(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- printenv \ - MYSQL_PASSWORD) | base64) - -tmp_ROOT_PASSWORD=$(echo -n $(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- printenv \ - MYSQL_ROOT_PASSWORD) | base64) - -FLAG_EX_ROOT_SEC='{{ include "common.secret.getSecretNameFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .)) }}' - -FLAG_EX_SEC='{{ include "common.secret.getSecretNameFast" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .)) }}' - -kubectl patch secret $FLAG_EX_ROOT_SEC -p \ - '{"data":{"password":"'"$tmp_ROOT_PASSWORD"'"}}' - -kubectl patch secret $FLAG_EX_SEC -p \ - '{"data":{"password":"'"$tmp_MYSQL_PASSWORD"'"}}' - -kubectl delete pod -n $NAMESPACE_ENV {{ include "common.fullname" . }}-0 --now -kubectl delete deployment -n $NAMESPACE_ENV {{ include "common.fullname" . }}-upgrade-deployment -kubectl delete secret -n $NAMESPACE_ENV {{ include "common.fullname" . }}-temp-upgrade-root -kubectl delete secret -n $NAMESPACE_ENV {{ include "common.fullname" . }}-temp-upgrade-usercred
\ No newline at end of file diff --git a/kubernetes/common/mariadb-galera/resources/upgrade-scripts.sh b/kubernetes/common/mariadb-galera/resources/upgrade-scripts.sh deleted file mode 100644 index ff44606e23..0000000000 --- a/kubernetes/common/mariadb-galera/resources/upgrade-scripts.sh +++ /dev/null @@ -1,101 +0,0 @@ -#!/bin/bash -MYSQL_USER=$(kubectl exec -n $NAMESPACE_ENV \ - {{ include "common.fullname" . }}-0 -- printenv MYSQL_USER) - -MYSQL_PASSWORD=$(kubectl exec -n $NAMESPACE_ENV \ - {{ include "common.fullname" . }}-0 -- printenv MYSQL_PASSWORD) - -MYSQL_ROOT_PASSWORD=$(kubectl exec -n $NAMESPACE_ENV \ - {{ include "common.fullname" . }}-0 -- printenv MYSQL_ROOT_PASSWORD) - -kubectl create secret generic \ - '{{ include "common.fullname" . }}'-temp-upgrade-root \ - --from-literal=password=$MYSQL_ROOT_PASSWORD - -kubectl create secret generic \ - '{{ include "common.fullname" . }}'-temp-upgrade-usercred \ - --from-literal=login=$MYSQL_USER --from-literal=password=$MYSQL_PASSWORD - -kubectl create -f /upgrade/create-deployment.yml - -TEMP_POD=$(kubectl get pod -n $NAMESPACE_ENV --selector \ - app='{{ include "common.fullname" . }}' -o \ - jsonpath='{.items[?(@.metadata.ownerReferences[].kind=="ReplicaSet")].metadata.name}') - -CLUSTER_NO=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- \ - mysql --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ - -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_cluster_size';" | \ - awk '{print $2}') - -CLUSTER_STATE=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- \ - mysql --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ - -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';" \ - | awk '{print $2}') - -STS_REPLICA=$(kubectl get statefulsets -n $NAMESPACE_ENV \ - {{ include "common.fullname" . }} -o jsonpath='{.status.replicas}') - -DEPLOYMENT_REPLICA=$(kubectl get deployment -n $NAMESPACE_ENV \ - {{ include "common.fullname" . }}-upgrade-deployment -o \ - jsonpath='{.status.replicas}') - -while [[ ! $CLUSTER_NO == $((STS_REPLICA+DEPLOYMENT_REPLICA)) ]] \ - || [[ ! $CLUSTER_STATE == "Synced" ]] -do - echo "$CLUSTER_NO and $CLUSTER_STATE" - CLUSTER_NO=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysql \ - --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ - -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_cluster_size';" \ - | awk '{print $2}') - CLUSTER_STATE=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysql \ - --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ - -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';" \ - | awk '{print $2}') - sleep 2 - if [[ $CLUSTER_NO == $((STS_REPLICA+DEPLOYMENT_REPLICA)) ]] \ - && [[ $CLUSTER_STATE == "Synced" ]] - then - echo "The cluster has $CLUSTER_NO members and $CLUSTER_STATE state." - break - fi -done - -MYSQL_STATUS=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysqladmin \ - -uroot -p$MYSQL_ROOT_PASSWORD ping) - -while [[ ! $MYSQL_STATUS == "mysqld is alive" ]] -do - echo "Mariadb deployment is not ready yet." - sleep 2 - MYSQL_STATUS=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysqladmin \ - -uroot -p$MYSQL_ROOT_PASSWORD ping) - if [[ $MYSQL_STATUS == "mysqld is alive" ]] - then - echo "Mariadb deployment is ready." - break - fi -done - -kubectl scale statefulsets {{ include "common.fullname" . }} --replicas=0 -MY_REPLICA_NUMBER=$(kubectl get statefulsets -n $NAMESPACE_ENV \ - {{ include "common.fullname" . }} -o jsonpath='{.status.replicas}') -echo "The the cluster has $MY_REPLICA_NUMBER replicas." - -while [[ ! $MY_REPLICA_NUMBER == "0" ]] -do - echo "The cluster is not scaled to 0 yet. Please wait ..." - MY_REPLICA_NUMBER=$(kubectl get statefulsets -n $NAMESPACE_ENV \ - {{ include "common.fullname" . }} -o jsonpath='{.status.replicas}') - echo "The current status of the cluster is $MY_REPLICA_NUMBER" - sleep 2 - if [[ $MY_REPLICA_NUMBER == "0" ]] - then - break - fi -done - -for (( index=0; index<$STS_REPLICA; index+=1 )) -do - kubectl delete pvc \ - "{{ include "common.fullname" . }}-data-{{ include "common.fullname" . }}-$index" -done diff --git a/kubernetes/common/mariadb-galera/templates/configmap.yaml b/kubernetes/common/mariadb-galera/templates/configmap.yaml index 685901fa95..a7064d7ce4 100644 --- a/kubernetes/common/mariadb-galera/templates/configmap.yaml +++ b/kubernetes/common/mariadb-galera/templates/configmap.yaml @@ -1,6 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada -# Copyright © 2020 Samsung Electronics, and TATA Communications +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} + {{- if .Values.externalConfig }} apiVersion: v1 kind: ConfigMap @@ -42,37 +43,3 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-upgrade-deployment - annotations: - "helm.sh/hook": "pre-upgrade" - "helm.sh/hook-weight": "0" - "helm.sh/hook-delete-policy": hook-succeeded - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-post-upgrade-deployment - annotations: - "helm.sh/hook": "post-upgrade" - "helm.sh/hook-weight": "0" - "helm.sh/hook-delete-policy": hook-succeeded - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/post-upgrade-script.sh").AsConfig . | indent 2 }} diff --git a/kubernetes/common/mariadb-galera/templates/job.yaml b/kubernetes/common/mariadb-galera/templates/job.yaml deleted file mode 100644 index cc71bb855c..0000000000 --- a/kubernetes/common/mariadb-galera/templates/job.yaml +++ /dev/null @@ -1,107 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "common.fullname" . }}-pre-upgrade - annotations: - "helm.sh/hook": "pre-upgrade" - "helm.sh/hook-weight": "1" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -spec: - template: - spec: - securityContext: - fsGroup: 1001 - runAsUser: 1001 - containers: - - name: mariadb-job-pre-upgrade - image: {{ .Values.global.kubectlImage}} - imagePullPolicy: IfNotPresent - env: - - name: NAMESPACE_ENV - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - command: ["/bin/bash", "-c", "--"] - args: ["/upgrade/upgrade-scripts.sh"] - volumeMounts: - - name: config-mariadb-upgrade - mountPath: /upgrade - volumes: - - name: config-mariadb-upgrade - configMap: - name: {{ include "common.fullname" . }}-upgrade-deployment - defaultMode: 0777 - restartPolicy: OnFailure ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "common.fullname" . }}-post-upgrade - annotations: - "helm.sh/hook": "post-upgrade" - "helm.sh/hook-weight": "1" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -spec: - template: - spec: - securityContext: - fsGroup: 1001 - runAsUser: 0 - initContainers: - - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - name: mariadb-galera-upgrade-readiness - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - command: - - /root/ready.py - args: - - --container-name - - mariadb-galera - containers: - - name: mariadb-job-post-upgrade - image: {{ .Values.global.kubectlImage}} - imagePullPolicy: IfNotPresent - env: - - name: NAMESPACE_ENV - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - command: ["/bin/bash", "-c", "--"] - args: ["/upgrade/post-upgrade-script.sh"] - volumeMounts: - - name: config-mariadb-upgrade - mountPath: /upgrade - volumes: - - name: config-mariadb-upgrade - configMap: - name: {{ include "common.fullname" . }}-post-upgrade-deployment - defaultMode: 0777 - restartPolicy: OnFailure ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "common.fullname" . }}-post-delete - annotations: - "helm.sh/hook": "post-delete" - "helm.sh/hook-weight": "1" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -spec: - template: - spec: - containers: - - name: mariadb-job-post-delete - image: {{ .Values.global.kubectlImage}} - imagePullPolicy: IfNotPresent - command: ["/bin/bash", "-c", "--"] - args: - - for ((index=0;index<{{ $.Values.replicaCount }};index+=1)); - do kubectl delete pvc "{{ include "common.fullname" . }}-data-{{ include "common.fullname" . }}-$index"; - done; kubectl delete deployment {{ include "common.fullname" . }}-upgrade-deployment; - restartPolicy: OnFailure diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index 4ccb0e5c6e..af08ea3d58 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -42,10 +42,7 @@ global: readinessRepository: oomk8s readinessImage: readiness-check:2.0.2 - busyboxImage: busybox:1.30 - busyboxRepository: docker.io - # kubeclt image - kubectlImage: "bitnami/kubectl:1.15" + ################################################################# # Application configuration defaults. diff --git a/kubernetes/common/mariadb-init/resources/config/db_init.sh b/kubernetes/common/mariadb-init/resources/config/db_init.sh index b2fdb14b12..40254d469b 100755 --- a/kubernetes/common/mariadb-init/resources/config/db_init.sh +++ b/kubernetes/common/mariadb-init/resources/config/db_init.sh @@ -14,11 +14,14 @@ # See the License for the specific language governing permissions and # limitations under the License. +# make sure the script fails if any of commands failed +set -e + while read DB ; do USER_VAR="MYSQL_USER_${DB^^}" PASS_VAR="MYSQL_PASSWORD_${DB^^}" USER=${!USER_VAR} - PASS=${!PASS_VAR} + PASS=`echo -n ${!PASS_VAR} | sed -e "s/'/''/g"` MYSQL_OPTS=( -h ${DB_HOST} -P ${DB_PORT} -uroot -p${MYSQL_ROOT_PASSWORD} ) echo "Creating database ${DB} and user ${USER}..." diff --git a/kubernetes/onap/Chart.yaml b/kubernetes/onap/Chart.yaml index 65588b5f39..874d498284 100644 --- a/kubernetes/onap/Chart.yaml +++ b/kubernetes/onap/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 name: onap version: 6.0.0 -appVersion: El Alto +appVersion: Frankfurt description: Open Network Automation Platform (ONAP) home: https://www.onap.org/ sources: diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 2f42223452..1723ad5d39 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -53,16 +53,6 @@ global: # logging agent - temporary repo until images migrated to nexus3 loggingRepository: docker.elastic.co - # dockerHub main repository - dockerHubRepository: docker.io - - # busybox repo and image - busyboxRepository: docker.io - busyboxImage: busybox:1.30 - - # kubeclt image - kubectlImage: "bitnami/kubectl:1.15" - # image pull policy pullPolicy: Always diff --git a/kubernetes/policy/charts/pap/templates/deployment.yaml b/kubernetes/policy/charts/pap/templates/deployment.yaml index 39ac8a81ec..6925d772d1 100644 --- a/kubernetes/policy/charts/pap/templates/deployment.yaml +++ b/kubernetes/policy/charts/pap/templates/deployment.yaml @@ -68,6 +68,11 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/opt/app/policy/pap/bin/policy-pap.sh"] args: ["/opt/app/policy/pap/etc/mounted/config.json"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger diff --git a/kubernetes/policy/charts/pap/values.yaml b/kubernetes/policy/charts/pap/values.yaml index dc7a58d804..47597f08c2 100644 --- a/kubernetes/policy/charts/pap/values.yaml +++ b/kubernetes/policy/charts/pap/values.yaml @@ -54,6 +54,17 @@ secrets: login: '{{ .Values.healthCheckRestClient.distribution.user }}' password: '{{ .Values.healthCheckRestClient.distribution.password }}' passwordPolicy: required + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required + ################################################################# # Application configuration defaults. @@ -81,6 +92,9 @@ healthCheckRestClient: distribution: user: healthcheck password: zb!XztG34 +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/charts/policy-api/templates/deployment.yaml b/kubernetes/policy/charts/policy-api/templates/deployment.yaml index e1f699eccf..53f232af74 100644 --- a/kubernetes/policy/charts/policy-api/templates/deployment.yaml +++ b/kubernetes/policy/charts/policy-api/templates/deployment.yaml @@ -61,6 +61,11 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/opt/app/policy/api/bin/policy-api.sh"] args: ["/opt/app/policy/api/etc/mounted/config.json"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger diff --git a/kubernetes/policy/charts/policy-api/values.yaml b/kubernetes/policy/charts/policy-api/values.yaml index ba12db21de..00675399b4 100644 --- a/kubernetes/policy/charts/policy-api/values.yaml +++ b/kubernetes/policy/charts/policy-api/values.yaml @@ -40,6 +40,16 @@ secrets: login: '{{ .Values.restServer.user }}' password: '{{ .Values.restServer.password }}' passwordPolicy: required + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -59,6 +69,9 @@ db: restServer: user: healthcheck password: zb!XztG34 +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml b/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml index b3b017acd3..b0dbac9526 100644 --- a/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml +++ b/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml @@ -53,6 +53,11 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/opt/app/policy/distribution/bin/policy-dist.sh"] args: ["/opt/app/policy/distribution/etc/mounted/config.json"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger diff --git a/kubernetes/policy/charts/policy-distribution/values.yaml b/kubernetes/policy/charts/policy-distribution/values.yaml index 73c9e99e61..dfed7648d4 100644 --- a/kubernetes/policy/charts/policy-distribution/values.yaml +++ b/kubernetes/policy/charts/policy-distribution/values.yaml @@ -45,6 +45,16 @@ secrets: login: '{{ .Values.sdcBe.user }}' password: '{{ .Values.sdcBe.password }}' passwordPolicy: required + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required ################################################################# # Global configuration defaults. @@ -78,6 +88,9 @@ papParameters: sdcBe: user: policy password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml index bd126b810b..eb2c776f0d 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml +++ b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml @@ -63,6 +63,11 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"] args: ["/opt/app/policy/pdpx/etc/mounted/config.json"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger diff --git a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml index c9ced1fc13..e3feeab950 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml @@ -45,6 +45,16 @@ secrets: login: '{{ .Values.apiServer.user }}' password: '{{ .Values.apiServer.password }}' passwordPolicy: required + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -68,6 +78,9 @@ restServer: apiServer: user: healthcheck password: zb!XztG34 +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap # default number of instances replicaCount: 1 diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties index eff236a962..6d5afef190 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties +++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties @@ -2,7 +2,7 @@ TransportType=HTTPNOAUTH Latitude =50.000000 Longitude =-100.000000 Version =1.0 -ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} +ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events Environment =TEST Partner = routeOffer=MR1 @@ -32,4 +32,4 @@ sessionstickinessrequired=NO DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt sdnc.odl.user=${ODL_USER} sdnc.odl.password=${ODL_PASSWORD} -sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations +sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties index 944b63f4c2..fcb56e08c3 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties +++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties @@ -2,7 +2,7 @@ TransportType=HTTPNOAUTH Latitude =50.000000 Longitude =-100.000000 Version =1.0 -ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} +ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events Environment =TEST Partner = routeOffer=MR1 @@ -32,4 +32,4 @@ sessionstickinessrequired=NO DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt sdnc.odl.user=${ODL_USER} sdnc.odl.password=${ODL_PASSWORD} -sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations +sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties index b670d436c0..a03871d428 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties +++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties @@ -2,7 +2,7 @@ TransportType=HTTPNOAUTH Latitude =50.000000 Longitude =-100.000000 Version =1.0 -ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} +ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events Environment =TEST Partner = routeOffer=MR1 @@ -30,6 +30,6 @@ AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000 AFT_DME2_EP_READ_TIMEOUT_MS=50000 sessionstickinessrequired=NO DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt -sdnc.odl.user=$(ODL_USER} +sdnc.odl.user=${ODL_USER} sdnc.odl.password=${ODL_PASSWORD} -sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations +sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations diff --git a/kubernetes/sdnc/charts/dmaap-listener/values.yaml b/kubernetes/sdnc/charts/dmaap-listener/values.yaml index 5713b0918e..9fe8232532 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/charts/dmaap-listener/values.yaml @@ -56,7 +56,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-dmaap-listener-image:1.8.3 +image: onap/sdnc-dmaap-listener-image:1.8.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml index 749fe62459..fc93a6ea32 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml @@ -56,7 +56,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ansible-server-image:1.8.3 +image: onap/sdnc-ansible-server-image:1.8.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/charts/sdnc-portal/values.yaml b/kubernetes/sdnc/charts/sdnc-portal/values.yaml index 029159d03f..f2ce269505 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-portal/values.yaml @@ -73,7 +73,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/admportal-sdnc-image:1.8.3 +image: onap/admportal-sdnc-image:1.8.4 config: dbFabricDB: mysql dbFabricUser: admin diff --git a/kubernetes/sdnc/charts/ueb-listener/values.yaml b/kubernetes/sdnc/charts/ueb-listener/values.yaml index 2754ab274a..d9baeab11c 100644 --- a/kubernetes/sdnc/charts/ueb-listener/values.yaml +++ b/kubernetes/sdnc/charts/ueb-listener/values.yaml @@ -62,7 +62,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ueb-listener-image:1.8.3 +image: onap/sdnc-ueb-listener-image:1.8.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 6001fab2c1..f16f3b1925 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -112,7 +112,7 @@ secrets: # application images repository: nexus3.onap.org:10001 pullPolicy: Always -image: onap/sdnc-image:1.8.3 +image: onap/sdnc-image:1.8.4 # flag to enable debugging - application support required diff --git a/kubernetes/so/charts/so-appc-orchestrator/Chart.yaml b/kubernetes/so/charts/so-appc-orchestrator/Chart.yaml new file mode 100644 index 0000000000..ab2bad332a --- /dev/null +++ b/kubernetes/so/charts/so-appc-orchestrator/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: A Helm chart for so appc orchestrator +name: so-appc-orchestrator +version: 6.0.0 diff --git a/kubernetes/so/charts/so-appc-orchestrator/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-appc-orchestrator/resources/config/overrides/override.yaml new file mode 100644 index 0000000000..c897f48e4a --- /dev/null +++ b/kubernetes/so/charts/so-appc-orchestrator/resources/config/overrides/override.yaml @@ -0,0 +1,57 @@ +# Copyright © 2020 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +server: + port: {{ index .Values.containerPort }} + tomcat: + max-threads: 50 + ssl-enable: false +mso: + logPath: ./logs/soappcorch + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.auth.rest.aafEncrypted "value2" .Values.mso.auth )}} + msoKey: {{ .Values.global.app.msoKey }} + config: + {{ if eq .Values.global.security.aaf.enabled true }} + cadi: {{ include "cadi.keys" . | nindent 8}} + {{- else }} + cadi: + aafId: {{ .Values.mso.basicUser }} + {{- end }} + workflow: + endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine + topics: + retryMultiplier: 1000 +appc: + client: + topic: + read: + name: {{ .Values.appc.client.topic.read.name }} + timeout: {{ .Values.appc.client.topic.read.timeout }} + write: {{ .Values.appc.client.topic.write }} + sdnc: + read: {{ .Values.appc.client.topic.sdnc.read }} + write: {{ .Values.appc.client.topic.sdnc.write }} + response: + timeout: {{ .Values.appc.client.response.timeout }} + key: {{ .Values.appc.client.key }} + secret: {{ .Values.appc.client.secret }} + service: ueb + poolMembers: message-router.{{ include "common.namespace" . }}:3904,message-router.{{ include "common.namespace" . }}:3904 +spring: + security: + usercredentials: + - + username: ${ACTUATOR_USERNAME} + password: ${ACTUATOR_PASSWORD} + role: ACTUATOR diff --git a/kubernetes/so/charts/so-appc-orchestrator/templates/configmap.yaml b/kubernetes/so/charts/so-appc-orchestrator/templates/configmap.yaml new file mode 100755 index 0000000000..8c0ee290ce --- /dev/null +++ b/kubernetes/so/charts/so-appc-orchestrator/templates/configmap.yaml @@ -0,0 +1,41 @@ +# Copyright © 2020 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +data: + LOG_PATH: {{ index .Values.logPath }} + APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-app-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} diff --git a/kubernetes/so/charts/so-appc-orchestrator/templates/deployment.yaml b/kubernetes/so/charts/so-appc-orchestrator/templates/deployment.yaml new file mode 100644 index 0000000000..b9a39fe8c3 --- /dev/null +++ b/kubernetes/so/charts/so-appc-orchestrator/templates/deployment.yaml @@ -0,0 +1,83 @@ +# Copyright © 2020 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ index .Values.replicaCount }} + minReadySeconds: {{ index .Values.minReadySeconds }} + strategy: + type: {{ index .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ index .Values.updateStrategy.maxSurge }} + template: + metadata: + labels: {{- include "common.labels" . | nindent 8 }} + spec: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} + - name: {{ include "common.name" . }}-pass-encoder + command: + - sh + args: + {{/* bcrypt plain text and convert to OpenBSD variant using sed */}} + - -c + - htpasswd -bnBC 10 "" "${ACTUATOR_PASSWORD}" | tr -d ':\n' | sed 's/\$2y/\$2a/' 1>/tmp/app/encoded; + env: + - name: ACTUATOR_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 10 }} + image: {{ .Values.global.dockerHubRepository }}/{{ .Values.global.htpasswdImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: encoder + mountPath: /tmp/app + containers: + - name: {{ include "common.name" . }} + command: + - sh + args: + - -c + - export ACTUATOR_PASSWORD="$(cat /tmp/app/encoded)"; ./start-app.sh + image: {{ include "common.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + env: + - name: ACTUATOR_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 10 }} + envFrom: + - configMapRef: + name: {{ include "common.fullname" . }}-configmap + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{- include "common.containerPorts" . | nindent 10 }} + volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} + - name: logs + mountPath: /app/logs + - name: encoder + mountPath: /tmp/app + - name: config + mountPath: /app/config + readOnly: true +{{ include "helpers.livenessProbe" .| indent 8 }} + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} + - name: logs + emptyDir: {} + - name: encoder + emptyDir: + medium: Memory + - name: config + configMap: + name: {{ include "common.fullname" . }}-app-configmap + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/charts/so-appc-orchestrator/templates/secret.yaml b/kubernetes/so/charts/so-appc-orchestrator/templates/secret.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/so/charts/so-appc-orchestrator/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-appc-orchestrator/templates/service.yaml b/kubernetes/so/charts/so-appc-orchestrator/templates/service.yaml new file mode 100644 index 0000000000..fc3e2879ce --- /dev/null +++ b/kubernetes/so/charts/so-appc-orchestrator/templates/service.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/so/charts/so-appc-orchestrator/values.yaml b/kubernetes/so/charts/so-appc-orchestrator/values.yaml new file mode 100644 index 0000000000..f10873d66b --- /dev/null +++ b/kubernetes/so/charts/so-appc-orchestrator/values.yaml @@ -0,0 +1,125 @@ +# Copyright © 2020 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +################################################################# +# Global configuration defaults. +################################################################# + +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + repository: nexus3.onap.org:10001 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + persistence: + mountPath: /dockerdata-nfs + htpasswdImage: xmartlabs/htpasswd + dockerHubRepository: docker.io +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + - uid: "so-onap-certs" + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + - uid: server-actuator-creds + name: '{{ include "common.release" . }}-so-appc-actuator-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}' + login: '{{ .Values.server.actuator.username }}' + password: '{{ .Values.server.actuator.password }}' + passwordPolicy: required + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' + +################################################################# +# Application configuration defaults. +################################################################# +repository: nexus3.onap.org:10001 +image: onap/so/so-appc-orchestrator:1.6.0 +pullPolicy: Always + +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret +server: + actuator: + username: mso_admin + password: password1$ +replicaCount: 1 +minReadySeconds: 10 +containerPort: 8080 +logPath: ./logs/soappcorch +app: appc-orchestrator +service: + name: so-appc-orchestrator + type: ClusterIP + ports: + - port: 8080 + name: http +updateStrategy: + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + memory: 4Gi + cpu: 2000m + requests: + memory: 1Gi + cpu: 500m + large: + limits: + memory: 8Gi + cpu: 4000m + requests: + memory: 2Gi + cpu: 1000m + unlimited: {} +livenessProbe: + path: /manage/health + port: 8083 + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +ingress: + enabled: false +nodeSelector: {} +tolerations: [] +affinity: {} diff --git a/kubernetes/so/charts/so-bpmn-infra/values.yaml b/kubernetes/so/charts/so-bpmn-infra/values.yaml index b73032e0b7..775df5ecc0 100755 --- a/kubernetes/so/charts/so-bpmn-infra/values.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/values.yaml @@ -57,7 +57,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/bpmn-infra:1.6.3 +image: onap/so/bpmn-infra:1.6.4 pullPolicy: Always db: diff --git a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml index a66a869fb1..9aa9c98fbc 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml +++ b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml @@ -54,7 +54,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/catalog-db-adapter:1.6.3 +image: onap/so/catalog-db-adapter:1.6.4 pullPolicy: Always db: diff --git a/kubernetes/so/charts/so-monitoring/values.yaml b/kubernetes/so/charts/so-monitoring/values.yaml index fc91ee2abc..27fba13521 100644 --- a/kubernetes/so/charts/so-monitoring/values.yaml +++ b/kubernetes/so/charts/so-monitoring/values.yaml @@ -57,7 +57,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/so-monitoring:1.6.3 +image: onap/so/so-monitoring:1.6.4 pullPolicy: Always db: diff --git a/kubernetes/so/charts/so-nssmf-adapter/values.yaml b/kubernetes/so/charts/so-nssmf-adapter/values.yaml index 8a0d4e4386..43d757ea38 100755 --- a/kubernetes/so/charts/so-nssmf-adapter/values.yaml +++ b/kubernetes/so/charts/so-nssmf-adapter/values.yaml @@ -69,7 +69,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/nssmf-adapter:1.6.3 +image: onap/so/nssmf-adapter:1.6.4 pullPolicy: Always db: diff --git a/kubernetes/so/charts/so-openstack-adapter/values.yaml b/kubernetes/so/charts/so-openstack-adapter/values.yaml index 9f50806ede..cf86817ff8 100755 --- a/kubernetes/so/charts/so-openstack-adapter/values.yaml +++ b/kubernetes/so/charts/so-openstack-adapter/values.yaml @@ -51,7 +51,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/openstack-adapter:1.6.3 +image: onap/so/openstack-adapter:1.6.4 pullPolicy: Always repository: nexus3.onap.org:10001 diff --git a/kubernetes/so/charts/so-request-db-adapter/values.yaml b/kubernetes/so/charts/so-request-db-adapter/values.yaml index e79b57c5f9..107b7cde0c 100755 --- a/kubernetes/so/charts/so-request-db-adapter/values.yaml +++ b/kubernetes/so/charts/so-request-db-adapter/values.yaml @@ -52,7 +52,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/request-db-adapter:1.6.3 +image: onap/so/request-db-adapter:1.6.4 pullPolicy: Always db: diff --git a/kubernetes/so/charts/so-sdc-controller/values.yaml b/kubernetes/so/charts/so-sdc-controller/values.yaml index ee4b5f965d..a477678c1b 100755 --- a/kubernetes/so/charts/so-sdc-controller/values.yaml +++ b/kubernetes/so/charts/so-sdc-controller/values.yaml @@ -52,7 +52,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/sdc-controller:1.6.3 +image: onap/so/sdc-controller:1.6.4 pullPolicy: Always db: diff --git a/kubernetes/so/charts/so-sdnc-adapter/values.yaml b/kubernetes/so/charts/so-sdnc-adapter/values.yaml index 9337721ac0..c4c0b3c300 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/values.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/values.yaml @@ -55,7 +55,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/sdnc-adapter:1.6.3 +image: onap/so/sdnc-adapter:1.6.4 pullPolicy: Always db: diff --git a/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks b/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks Binary files differindex 9ebe9a8041..31ea6ba650 100644 --- a/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks +++ b/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml index 69c877a228..65e11b41c8 100755 --- a/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml @@ -37,7 +37,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/ve-vnfm-adapter:1.6.3 +image: onap/so/ve-vnfm-adapter:1.6.4 pullPolicy: Always replicaCount: 1 service: diff --git a/kubernetes/so/charts/so-vfc-adapter/values.yaml b/kubernetes/so/charts/so-vfc-adapter/values.yaml index 9128a5205e..85aeef9b5c 100755 --- a/kubernetes/so/charts/so-vfc-adapter/values.yaml +++ b/kubernetes/so/charts/so-vfc-adapter/values.yaml @@ -52,7 +52,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/vfc-adapter:1.6.3 +image: onap/so/vfc-adapter:1.6.4 pullPolicy: Always db: diff --git a/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml index 1166eab0c4..4128bc36ee 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml @@ -55,11 +55,11 @@ etsi-catalog-manager: vnfpkgm: {{- if .Values.global.msbEnabled }} endpoint: https://msb-iag:443/api/vnfpkgm/v1 - http: - client: - ssl: - trust-store: ${TRUSTSTORE} - trust-store-password: ${TRUSTSTORE_PASSWORD} + http: + client: + ssl: + trust-store: ${TRUSTSTORE} + trust-store-password: ${TRUSTSTORE_PASSWORD} {{- else }} endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api/vnfpkgm/v1 {{- end }} diff --git a/kubernetes/so/charts/so-vnfm-adapter/values.yaml b/kubernetes/so/charts/so-vnfm-adapter/values.yaml index 7547096842..0454892119 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/values.yaml +++ b/kubernetes/so/charts/so-vnfm-adapter/values.yaml @@ -40,7 +40,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/vnfm-adapter:1.6.3 +image: onap/so/vnfm-adapter:1.6.4 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index bc7cba36cd..bc7ff5cb92 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -137,7 +137,7 @@ dbCreds: adminName: so_admin repository: nexus3.onap.org:10001 -image: onap/so/api-handler-infra:1.6.3 +image: onap/so/api-handler-infra:1.6.4 pullPolicy: Always replicaCount: 1 minReadySeconds: 10 @@ -457,3 +457,35 @@ so-mariadb: backupCredsExternalSecret: *dbBackupCredsSecretName userCredsExternalSecret: *dbUserCredsSecretName adminCredsExternalSecret: *dbAdminCredsSecretName +so-appc-orchestrator: + certSecret: *so-certs + db: + <<: *dbSecrets + mso: + basicUser: poBpmn + auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4 + config: + cadi: + aafId: so@so.onap.org + aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 + apiEnforcement: org.onap.so.openStackAdapterPerm + noAuthn: /manage/health + appc: + client: + topic: + read: + name: APPC-LCM-WRITE + timeout: 360000 + write: APPC-LCM-READ + sdnc: + read: SDNC-LCM-WRITE + write: SDNC-LCM-READ + response: + timeout: 3600000 + key: VIlbtVl6YLhNUrtU + secret: 64AG2hF4pYeG2pq7CT6XwUOT + service: ueb + auth: + rest: + aaf: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + aafEncrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 |