diff options
Diffstat (limited to 'kubernetes')
24 files changed, 99 insertions, 48 deletions
diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml index 32bba457ee..b1e85c00cc 100644 --- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml +++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml @@ -84,12 +84,19 @@ env: - name: APP_FQI value: "{{ $initRoot.fqi }}" + {{- if $initRoot.aaf_namespace }} - name: aaf_locate_url - value: "https://aaf-locate.{{ $dot.Release.Namespace}}:8095" - - name: aaf_locator_container - value: "oom" + value: "https://aaf-locate.{{ $initRoot.aaf_namespace }}:8095" + - name: aaf_locator_container_ns + value: "{{ $initRoot.aaf_namespace }}" + {{- else }} + - name: aaf_locate_url + value: "https://aaf-locate.{{ $dot.Release.Namespace }}:8095" - name: aaf_locator_container_ns value: "{{ $dot.Release.Namespace }}" + {{- end }} + - name: aaf_locator_container + value: "oom" - name: aaf_locator_fqdn value: "{{ $initRoot.fqdn }}" - name: aaf_locator_app_ns @@ -183,7 +190,7 @@ {{- define "common.certInitializer._volumes" -}} {{- $dot := default . .dot -}} {{- $initRoot := default $dot.Values.certInitializer .initRoot -}} -{{- $subchartDot := mergeOverwrite (deepCopy (omit $dot "Values")) (dict "Chart" (set (fromJson (toJson $dot.Chart)) "Name" $initRoot.nameOverride) "Values" (mergeOverwrite (deepCopy $initRoot) (dict "global" $dot.Values.global))) }} +{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot))}} - name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }} emptyDir: medium: Memory diff --git a/kubernetes/common/common/templates/_utils.tpl b/kubernetes/common/common/templates/_utils.tpl index ece786f49f..52826c2bd2 100644 --- a/kubernetes/common/common/templates/_utils.tpl +++ b/kubernetes/common/common/templates/_utils.tpl @@ -36,6 +36,5 @@ Usage: {{- define "common.subChartDot" }} {{- $initRoot := .initRoot }} {{- $dot := .dot }} -{{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}} -{{ mergeOverwrite (deepCopy (omit $dot "Values")) (dict "Chart" (set (fromJson (toJson $dot.Chart)) "Name" $initRoot.nameOverride) "Values" (mergeOverwrite (deepCopy $initRoot) (dict "global" $dot.Values.global))) | toJson }} +{{ mergeOverwrite (deepCopy (omit $dot "Values" "Chart")) (dict "Chart" (set (set (fromJson (toJson $dot.Chart)) "Name" $initRoot.nameOverride) "Version" $dot.Chart.Version) "Values" (mergeOverwrite (deepCopy $initRoot) (dict "global" $dot.Values.global))) | toJson }} {{- end -}} diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index bc9273f41f..769c9b7946 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -50,7 +50,7 @@ global: clusterDomain: cluster.local metrics: {} -image: bitnami/mariadb-galera:10.5.8 +image: bitnami/mariadb-galera:10.6.5 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/kubernetes/common/mongo/templates/statefulset.yaml b/kubernetes/common/mongo/templates/statefulset.yaml index 11602054e8..e156db27db 100644 --- a/kubernetes/common/mongo/templates/statefulset.yaml +++ b/kubernetes/common/mongo/templates/statefulset.yaml @@ -39,6 +39,23 @@ spec: {{ include "common.podSecurityContext" . | indent 6 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" + initContainers: + # we shouldn't need this but for unknown reason, it's fsGroup is not + # applied + - name: fix-permission + command: + - /bin/sh + args: + - -c + - | + chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /data + image: {{ include "repositoryGenerator.image.busybox" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + runAsUser: 0 + volumeMounts: + - name: {{ include "common.fullname" . }}-data + mountPath: /data containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} @@ -72,7 +89,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - name: {{ include "common.fullname" . }}-data - mountPath: /var/lib/mongo + mountPath: /data/db resources: {{ include "common.resources" . | nindent 12 }} {{ include "common.containerSecurityContext" . | indent 10 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/common/mongo/values.yaml b/kubernetes/common/mongo/values.yaml index ee1d8c72fa..caab71890d 100644 --- a/kubernetes/common/mongo/values.yaml +++ b/kubernetes/common/mongo/values.yaml @@ -24,7 +24,7 @@ global: # Application configuration defaults. ################################################################# -image: library/mongo:4.0.8 +image: library/mongo:4.4.10 pullPolicy: Always # application configuration diff --git a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl index 71201a1cc6..90c278e4c5 100644 --- a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl +++ b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl @@ -83,10 +83,14 @@ {{- end }} env: - name: NAMESPACE + {{- if $subchartDot.Values.namespace }} + value: {{ $subchartDot.Values.namespace }} + {{- else }} valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{- end }} resources: limits: cpu: {{ $subchartDot.Values.limits.cpu }} diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml index e2fe1ffbdb..e36ad4904c 100644 --- a/kubernetes/common/repositoryGenerator/values.yaml +++ b/kubernetes/common/repositoryGenerator/values.yaml @@ -24,15 +24,15 @@ global: # common global images busyboxImage: busybox:1.32 - curlImage: curlimages/curl:7.69.1 + curlImage: curlimages/curl:7.80.0 envsubstImage: dibi/envsubst:1 # there's only latest image for htpasswd htpasswdImage: xmartlabs/htpasswd:latest jettyImage: jetty:9-jdk11-slim - jreImage: onap/integration-java11:7.1.0 + jreImage: onap/integration-java11:10.0.0 kubectlImage: bitnami/kubectl:1.19 loggingImage: beats/filebeat:5.5.0 - mariadbImage: bitnami/mariadb:10.5.8 + mariadbImage: bitnami/mariadb:10.6.5 nginxImage: bitnami/nginx:1.18-debian-10 postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1 readinessImage: onap/oom/readiness:3.0.1 diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl index aac0f4b3a9..5ba7d2977a 100644 --- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl @@ -229,10 +229,12 @@ policies: {{- $policy := default dict .Values.policies -}} {{- $policyRls := default $commonRelease $policy.policyRelease -}} {{- $drFeedConfig := default "" .Values.drFeedConfig -}} - +{{- $dcaeName := print (include "common.fullname" .) }} +{{- $dcaeLabel := (dict "dcaeMicroserviceName" $dcaeName) -}} +{{- $dot := . -}} apiVersion: apps/v1 kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +metadata: {{- include "common.resourceMetadata" (dict "dot" $dot "labels" $dcaeLabel) | nindent 2 }} spec: replicas: 1 selector: {{- include "common.selectors" . | nindent 4 }} diff --git a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/deployment.yaml index 2b3ab328b5..4a51c7f9d8 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/deployment.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/deployment.yaml @@ -59,6 +59,8 @@ spec: value: {{ include "common.namespace" . }} - name: HELM_RELEASE value: {{ include "common.release" . }} + - name: DEPLOY_LABEL + value: {{ .Values.deployLabel }} volumes: - name: {{ include "common.fullname" . }}-expected-components configMap: diff --git a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml index 58ae706e0a..3b47e7f70e 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml @@ -31,6 +31,11 @@ service: - port: 8080 name: http +# Label on DCAE microservice deployments +# (Used by healthcheck code to find deployments +# created after initial DCAE installation) +deployLabel: dcaeMicroserviceName + # probe configuration parameters liveness: initialDelaySeconds: 10 @@ -43,7 +48,7 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 # application image -image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.3.0 +image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.4.0 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml index 1e60d24d7a..54dcda831e 100644 --- a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml @@ -38,6 +38,11 @@ secrets: login: '{{ .Values.aafCreds.identity }}' password: '{{ .Values.aafCreds.password }}' passwordPolicy: required + - uid: &cpsCredsUID cpscreds + type: basicAuth + login: '{{ .Values.cpsCreds.identity }}' + password: '{{ .Values.cpsCreds.password }}' + passwordPolicy: required - uid: &pgUserCredsSecretUid pg-user-creds name: &pgUserCredsSecretName '{{ include "common.release" . }}-sonhms-pg-user-creds' type: basicAuth @@ -70,7 +75,7 @@ certDirectory: /opt/app/sonhms/etc/certs # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: true +tlsServer: false # Policy configuraiton properties # if present, policy-sync side car will be deployed @@ -92,7 +97,7 @@ readiness: periodSeconds: 15 timeoutSeconds: 1 path: /healthcheck - scheme: HTTPS + scheme: HTTP port: 8080 # Service Configuration @@ -108,6 +113,9 @@ service: aafCreds: identity: dcae@dcae.onap.org password: demo123456! +cpsCreds: + identity: cps + password: cpsr0cks! credentials: - name: AAF_IDENTITY @@ -116,6 +124,12 @@ credentials: - name: AAF_PASSWORD uid: *aafCredsUID key: password +- name: CPS_IDENTITY + uid: *cpsCredsUID + key: login +- name: CPS_PASSWORD + uid: *cpsCredsUID + key: password - name: PG_USERNAME uid: *pgUserCredsSecretUid key: login @@ -130,6 +144,8 @@ applicationConfig: postgres.port: 5432 postgres.username: ${PG_USERNAME} postgres.password: ${PG_PASSWORD} + cps.username: ${CPS_IDENTITY} + cps.password: ${CPS_PASSWORD} sonhandler.pollingInterval: 20 sonhandler.pollingTimeout: 60 cbsPollingInterval: 60 @@ -145,6 +161,12 @@ applicationConfig: sonhandler.bufferTime: 60 sonhandler.cg: sonhms-cg sonhandler.cid: sonhms-cid + sonhandler.clientType: cps + cps.service.url: http://cps-tbdmt:8080 + cps.get.celldata: execute/cps-ran-schemaset/get-cell-data + cps.get.nbr.list.url: execute/cps-ran-schemaset/get-nbr-list + cps.get.pci.url: execute/ran-network-schemaset/get-pci + cps.get.pnf.url: execute/ran-network-schemaset/get-pnf sonhandler.configDb.service: http://configdb:8080 sonhandler.oof.service: https://oof-osdf:8698 sonhandler.oof.endpoint: /api/oof/v1/pci diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml index 8134e0df9d..67312d73a0 100644 --- a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml @@ -42,7 +42,7 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 # application image -image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.3.0 +image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.4.0 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml index bbc72a5b08..73661ac843 100644 --- a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml @@ -42,7 +42,7 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 # application image -image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.2.0 +image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.4.0 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/onap-holmes_engine-createobj.sql b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/onap-holmes_engine-createobj.sql index 81998453e4..e5eecb1a5a 100644 --- a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/onap-holmes_engine-createobj.sql +++ b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/onap-holmes_engine-createobj.sql @@ -22,12 +22,10 @@ CREATE ROLE ${JDBC_USERNAME} with PASSWORD '${JDBC_PASSWORD}' LOGIN; \encoding UTF8; -/******************DELETE OLD TABLE AND CREATE NEW***************************/ +/******************CREATE NEW TABLE***************************/ \c ${DB_NAME}; -DROP TABLE IF EXISTS ALARM_INFO; - -CREATE TABLE ALARM_INFO ( +CREATE TABLE IF NOT EXISTS ALARM_INFO ( EVENTID VARCHAR(150) NOT NULL, EVENTNAME VARCHAR(150) NOT NULL, ALARMISCLEARED SMALLINT NOT NULL, @@ -36,7 +34,8 @@ CREATE TABLE ALARM_INFO ( LASTEPOCHMICROSEC BIGINT NOT NULL, SOURCEID VARCHAR(150) NOT NULL, SOURCENAME VARCHAR(150) NOT NULL, - PRIMARY KEY (EVENTID) + SEQUENCE SMALLINT NOT NULL, + PRIMARY KEY (EVENTID, SEQUENCE, SOURCENAME) ); CREATE TABLE IF NOT EXISTS ENGINE_ENTITY ( diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 133e59fb01..1b6099a0cd 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -81,7 +81,7 @@ global: busyboxImage: busybox:1.32 # curl image - curlImage: curlimages/curl:7.69.1 + curlImage: curlimages/curl:7.80.0 # env substitution image envsubstImage: dibi/envsubst:1 @@ -97,7 +97,7 @@ global: loggingImage: beats/filebeat:5.5.0 # mariadb client image - mariadbImage: bitnami/mariadb:10.5.8 + mariadbImage: bitnami/mariadb:10.6.5 # nginx server image nginxImage: bitnami/nginx:1.18-debian-10 @@ -112,7 +112,7 @@ global: pullPolicy: Always # default java image - jreImage: onap/integration-java11:7.2.0 + jreImage: onap/integration-java11:10.0.0 # default clusterName # {{ template "common.fullname" . }}.{{ template "common.namespace" . }}.svc.{{ .Values.global.clusterName }} diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml index 26ed0a77eb..43ec1d7e62 100755 --- a/kubernetes/policy/components/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@ -93,7 +93,7 @@ db: internalPort: 3306 restServer: - user: healthcheck + user: policyadmin password: none # default number of instances diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties b/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties index aa9870ae41..cd6c6faa03 100644 --- a/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties +++ b/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties @@ -53,10 +53,10 @@ clamp.config.files.sdcController=file:/opt/policy/clamp/sdc-controllers-config-p # # Configuration Settings for Policy Engine Components clamp.config.policy.api.url=https://policy-api.{{ include "common.namespace" . }}:6969 -clamp.config.policy.api.userName=healthcheck +clamp.config.policy.api.userName=policyadmin clamp.config.policy.api.password=zb!XztG34 clamp.config.policy.pap.url=https://policy-pap.{{ include "common.namespace" . }}:6969 -clamp.config.policy.pap.userName=healthcheck +clamp.config.policy.pap.userName=policyadmin clamp.config.policy.pap.password=zb!XztG34 #DCAE Inventory Url Properties diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/values.yaml index 791b785502..a831da8df4 100644 --- a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/values.yaml @@ -89,10 +89,10 @@ replicaCount: 1 # application configuration restServer: api: - user: healthcheck + user: policyadmin password: none pap: - user: healthcheck + user: policyadmin password: none nodeSelector: {} diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml index 2d80fbb216..ef676bb2c4 100755 --- a/kubernetes/policy/components/policy-distribution/values.yaml +++ b/kubernetes/policy/components/policy-distribution/values.yaml @@ -79,10 +79,10 @@ restServer: user: healthcheck password: zb!XztG34 apiParameters: - user: healthcheck + user: policyadmin password: zb!XztG34 papParameters: - user: healthcheck + user: policyadmin password: zb!XztG34 sdcBe: user: policy diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml index fa0fda80e1..4d7c0f2fac 100755 --- a/kubernetes/policy/components/policy-drools-pdp/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -124,7 +124,7 @@ db: password: policy_user pap: - user: healthcheck + user: policyadmin password: zb!XztG34 pdp: diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index d7135524d3..e7db99e2c6 100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -108,12 +108,12 @@ db: internalPort: 3306 restServer: - user: healthcheck + user: policyadmin password: none healthCheckRestClient: api: - user: healthcheck + user: policyadmin password: none distribution: user: healthcheck diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index 7c2d1b13a8..2007ab29c6 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -103,7 +103,7 @@ restServer: password: zb!XztG34 apiServer: - user: healthcheck + user: policyadmin password: zb!XztG34 # default number of instances diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 5204aa7568..851c8957ae 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -183,9 +183,9 @@ mariadb-galera: nameOverride: *policy-mariadb restServer: - policyPapUserName: healthcheck + policyPapUserName: policyadmin policyPapUserPassword: zb!XztG34 - policyApiUserName: healthcheck + policyApiUserName: policyadmin policyApiUserPassword: zb!XztG34 # Resource Limit flavor -By Default using small diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh index fe496bc47d..ddaf099bdf 100644 --- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh +++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh @@ -50,13 +50,6 @@ file_env() { unset "$fileVar" } -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} # usage: docker_process_init_files [file [file [...]]] # ie: docker_process_init_files /always-initdb.d/* @@ -378,6 +371,7 @@ _main() { } # If we are sourced from elsewhere, don't perform any further actions -if ! _is_sourced; then +# https://stackoverflow.com/questions/2683279/how-to-detect-if-a-script-is-being-sourced/2942183#2942183 +if [ "$(basename $0)" = "docker-entrypoint.sh" ]; then _main "$@" fi |