diff options
Diffstat (limited to 'kubernetes')
221 files changed, 2522 insertions, 357 deletions
diff --git a/kubernetes/aaf/Makefile b/kubernetes/aaf/Makefile new file mode 100644 index 0000000000..9396001ebc --- /dev/null +++ b/kubernetes/aaf/Makefile @@ -0,0 +1,50 @@ +# Copyright © 2020 Samsung Electronics, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/aaf/components/Makefile b/kubernetes/aaf/components/Makefile new file mode 100644 index 0000000000..2fc0cbe4ab --- /dev/null +++ b/kubernetes/aaf/components/Makefile @@ -0,0 +1,50 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/aaf/charts/aaf-cass/.helmignore b/kubernetes/aaf/components/aaf-cass/.helmignore index daebc7da77..daebc7da77 100644 --- a/kubernetes/aaf/charts/aaf-cass/.helmignore +++ b/kubernetes/aaf/components/aaf-cass/.helmignore diff --git a/kubernetes/aaf/charts/aaf-cass/Chart.yaml b/kubernetes/aaf/components/aaf-cass/Chart.yaml index 42b4076689..42b4076689 100644 --- a/kubernetes/aaf/charts/aaf-cass/Chart.yaml +++ b/kubernetes/aaf/components/aaf-cass/Chart.yaml diff --git a/kubernetes/aaf/components/aaf-cass/requirements.yaml b/kubernetes/aaf/components/aaf-cass/requirements.yaml new file mode 100644 index 0000000000..6afaa06e8a --- /dev/null +++ b/kubernetes/aaf/components/aaf-cass/requirements.yaml @@ -0,0 +1,18 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/charts/aaf-cass/templates/NOTES.txt b/kubernetes/aaf/components/aaf-cass/templates/NOTES.txt index bd74a42cd5..bd74a42cd5 100644 --- a/kubernetes/aaf/charts/aaf-cass/templates/NOTES.txt +++ b/kubernetes/aaf/components/aaf-cass/templates/NOTES.txt diff --git a/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml b/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml index 309a9f38c6..309a9f38c6 100644 --- a/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml diff --git a/kubernetes/aaf/charts/aaf-cass/templates/pv.yaml b/kubernetes/aaf/components/aaf-cass/templates/pv.yaml index 187e9b75de..187e9b75de 100644 --- a/kubernetes/aaf/charts/aaf-cass/templates/pv.yaml +++ b/kubernetes/aaf/components/aaf-cass/templates/pv.yaml diff --git a/kubernetes/aaf/charts/aaf-cass/templates/pvc.yaml b/kubernetes/aaf/components/aaf-cass/templates/pvc.yaml index e56c98751c..e56c98751c 100644 --- a/kubernetes/aaf/charts/aaf-cass/templates/pvc.yaml +++ b/kubernetes/aaf/components/aaf-cass/templates/pvc.yaml diff --git a/kubernetes/aaf/charts/aaf-cass/templates/service.yaml b/kubernetes/aaf/components/aaf-cass/templates/service.yaml index 8f80ee12a2..8f80ee12a2 100644 --- a/kubernetes/aaf/charts/aaf-cass/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-cass/templates/service.yaml diff --git a/kubernetes/aaf/charts/aaf-cass/values.yaml b/kubernetes/aaf/components/aaf-cass/values.yaml index 3d9f21e297..c5e5811fd1 100644 --- a/kubernetes/aaf/charts/aaf-cass/values.yaml +++ b/kubernetes/aaf/components/aaf-cass/values.yaml @@ -12,6 +12,25 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" flavor: small @@ -34,7 +53,7 @@ liveness: enabled: true port: tcp-cql -image: onap/aaf/aaf_cass:2.1.20 +image: onap/aaf/aaf_cass:2.1.23 config: cluster_name: osaaf diff --git a/kubernetes/aaf/components/aaf-cert-service/.helmignore b/kubernetes/aaf/components/aaf-cert-service/.helmignore new file mode 100644 index 0000000000..50af031725 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/kubernetes/aaf/components/aaf-cert-service/Chart.yaml b/kubernetes/aaf/components/aaf-cert-service/Chart.yaml new file mode 100644 index 0000000000..525b2ac4b6 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAF Cert Service +name: aaf-cert-service +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-cert-service/requirements.yaml b/kubernetes/aaf/components/aaf-cert-service/requirements.yaml new file mode 100644 index 0000000000..6afaa06e8a --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/requirements.yaml @@ -0,0 +1,18 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks Binary files differnew file mode 100644 index 0000000000..d32eb887e5 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks Binary files differnew file mode 100644 index 0000000000..c8f4e9cfaf --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12 b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12 Binary files differnew file mode 100644 index 0000000000..f6cf008c24 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12 diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/default/cmpServers.json b/kubernetes/aaf/components/aaf-cert-service/resources/default/cmpServers.json new file mode 100644 index 0000000000..358f2a82c7 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/resources/default/cmpServers.json @@ -0,0 +1,3 @@ +{ + "cmpv2Servers": [] +}
\ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/root.crt b/kubernetes/aaf/components/aaf-cert-service/resources/root.crt new file mode 100644 index 0000000000..41c34cd18c --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/resources/root.crt @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFnjCCA4agAwIBAgIEME0OlzANBgkqhkiG9w0BAQwFADB3MQswCQYDVQQGEwJV
+UzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuLUZyYW5jaXNjbzEZ
+MBcGA1UEChMQTGludXgtRm91bmRhdGlvbjENMAsGA1UECxMET05BUDERMA8GA1UE
+AxMIb25hcC5vcmcwHhcNMjAwNzA4MTIzMjM4WhcNMjEwNzA4MTIzMjM4WjB3MQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuLUZy
+YW5jaXNjbzEZMBcGA1UEChMQTGludXgtRm91bmRhdGlvbjENMAsGA1UECxMET05B
+UDERMA8GA1UEAxMIb25hcC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
+AoICAQCSOtWaxbK6xUflOCynK93ukBJ00PwxJ4MuuXUuJNr9bnf2gsHnGrfwTftW
+ktqutTC0DquXxVM6WsoxQZQ0fBcxOFFeptWzMOwgZLmVu0AwyY6uu26s8GEYDQh+
+artB9ojCSe5m/4r6vaUB69/wt33rIY0qykkXOZ88sIoRrFBbdRGO7XmIeTOayg4N
+LmtvsbRh5QZpxYYcdjzkabZOhcO68KEVvbTWiDA4s67wircH+KrImPfsx1LZ1IHB
+y7LM/p8fb5ELQCaOT+F+cqUsXrRih2s4paVJuNbxyRsEMG8H0L/8/jWLzfS+Vf19
+SjATd54wTOvzpIYlOePtkuTNaZS+5k+FSWMkLTc/I6Fu/qp1mQfQBZoiWtlth8Wr
+695B3mdJke1Up++HByz5OyVq5rkAO8TbqqsMqnyZxPfg2x+SXu2BghugB+A+uWum
+hciSiSMjMEyrGy8Fc8gkKm3zwpEufQ+GijP0JyC3Cl5A36JsFBugsy1DZqUXAqZ1
+LEHuDvJ08HgXcdZA9m8NmRsahYkfAIuSaTxo7NCmpbEJ91VmZsQXxM0pQSbBMXUJ
+I51inIDeScdyooamQWKDoFqeMfnLo0g53xbdS14jNj3aNC1zAoMIxvx9eoEwEqvQ
+Cb2LhAyOqbbwYXvwolDw5C2lgiMF2n9GhtOxVB+oXO/+6FC4sQIDAQABozIwMDAd
+BgNVHQ4EFgQUZnohC3x+LwsiB8Qwx2wssx7qNxgwDwYDVR0TAQH/BAUwAwEB/zAN
+BgkqhkiG9w0BAQwFAAOCAgEAUDcyvn1EcR6gULjX10sjYbnBej/dcyQy9sMgs9bz
+7ypJ6RTUOujBHBx7OIuIpLLVSow4pCJiM9Qxn/DSlWA/G1YK1g3/BdtNDhiOy+Bw
+SkofSJ+HY8ljDWXlONHvSH0gXEqm4MBoV1nOSHNXyYA4ITtX98UsN0xx4T531o06
+X8IPagCz2DHPMYVxyjJdWhl9VEWo9BmOmxkXXjAEn93ege/WJ/23GAyEyrAlWgiC
+glrvGWQy90PNMS+Z7JfMcHEn76d0Am9goIkhg+jGQwUlPCUxFzaWdH5903S6qQqI
+B1X1YGCKWcM5h9DetUdNqS4sv/msVzG3h5Z3UzXDNIKibH04B0ibeybrq+OHIxbS
+GAXYIScGEqrldG2FTC/C0ybg9juOxrrThrjas2rmvXpLRbbhoYl0LZS7+ZSXT3+a
+pFC1FXJyy45Uf0ulBB4vEeO8CQbSrPKus+H65+dJsrvi3yX7SuCLr6Ob7aLvJmQk
+h1fiXGeHnD5oMtGksC9cXdym62ec7VRvX+KiD6BBNOfuo/3bi7Dz3xzsjQc8O4bz
+hb7oLHHUwRkzT9DmQT9l3+vohnzlxf+G+/8FXwjZh+/2PzbDfRrmAIp8sZYWv1Q1
+OMh02nlLk2xq9fAgER0xKWnIsPdjQo3tP3fREmOYtHNvlZzyBswZ6PfOLC/fW3BH
+WO8= +-----END CERTIFICATE----- diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/test/cmpServers.json b/kubernetes/aaf/components/aaf-cert-service/resources/test/cmpServers.json new file mode 100644 index 0000000000..06e1087f60 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/resources/test/cmpServers.json @@ -0,0 +1,24 @@ +{ + "cmpv2Servers": [ + { + "caName": "CLIENT", + "url": "http://ejbca:8080/ejbca/publicweb/cmp/cmp", + "issuerDN": "CN=ManagementCA", + "caMode": "CLIENT", + "authentication": { + "iak": "${CLIENT_IAK}", + "rv": "${CLIENT_RV}" + } + }, + { + "caName": "RA", + "url": "http://ejbca:8080/ejbca/publicweb/cmp/cmpRA", + "issuerDN": "CN=ManagementCA", + "caMode": "RA", + "authentication": { + "iak": "${RA_IAK}", + "rv": "${RA_RV}" + } + } + ] +}
\ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks b/kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks Binary files differnew file mode 100644 index 0000000000..4dd41f287a --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks diff --git a/kubernetes/aaf/components/aaf-cert-service/templates/deployment.yaml b/kubernetes/aaf/components/aaf-cert-service/templates/deployment.yaml new file mode 100644 index 0000000000..a44066461b --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/templates/deployment.yaml @@ -0,0 +1,123 @@ +# Copyright © 2020, Nokia +# Modifications Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.global.cmpv2Enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + volumes: +{{- if .Values.global.addTestingComponents }} + - name: cmp-servers-template-volume + secret: + secretName: {{ .Values.cmpServers.secret.name }} + - name: {{ .Values.cmpServers.volume.name }} + emptyDir: + medium: Memory +{{- else }} + - name: {{ .Values.cmpServers.volume.name }} + secret: + secretName: {{ .Values.cmpServers.secret.name }} +{{- end }} + - name: {{ .Values.tls.server.volume.name }} + secret: + secretName: {{ .Values.tls.server.secret.name }} +{{- if .Values.global.addTestingComponents }} + initContainers: + - name: wait-for-ejbca + command: + - /root/ready.py + args: + - --container-name + - ejbca-ejbca + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + - name: subsitute-envs + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ['sh', '-c', "cd /config-input && envsubst < cmpServers.json > {{ .Values.cmpServers.volume.mountPath }}/cmpServers.json"] + volumeMounts: + - name: cmp-servers-template-volume + mountPath: /config-input + readOnly: true + - name: {{ .Values.cmpServers.volume.name }} + mountPath: {{ .Values.cmpServers.volume.mountPath }} + readOnly: false + env: + - name: CLIENT_IAK + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-client-iak" "key" "password") | indent 14 }} + - name: CLIENT_RV + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmp-config-client-rv" "key" "password") | indent 14 }} + - name: RA_IAK + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-ra-iak" "key" "password") | indent 14 }} + - name: RA_RV + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmp-config-ra-rv" "key" "password") | indent 14 }} +{{- end }} + containers: + - name: {{ include "common.name" . }} + image: {{ include "common.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{ include "common.containerPorts" . | nindent 10 }} + env: + - name: HTTPS_PORT + value: "{{ .Values.envs.httpsPort }}" + - name: KEYSTORE_PATH + value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.keystore.jksName }}" + - name: KEYSTORE_P12_PATH + value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.keystore.p12Name }}" + - name: TRUSTSTORE_PATH + value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.truststore.jksName }}" + - name: ROOT_CERT + value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.truststore.crtName }}" + - name: KEYSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 14 }} + - name: TRUSTSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 14 }} + livenessProbe: + exec: + command: + - /bin/bash + - -c + - {{ .Values.liveness.command }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + readinessProbe: + exec: + command: + - /bin/bash + - -c + - {{ .Values.readiness.command }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - name: {{ .Values.cmpServers.volume.name }} + mountPath: {{ .Values.cmpServers.volume.mountPath }} + readOnly: false + - name: {{ .Values.tls.server.volume.name }} + mountPath: {{ .Values.tls.server.volume.mountPath }} + readOnly: true + resources: {{ include "common.resources" . | nindent 12 }} +{{ end -}} diff --git a/kubernetes/aaf/components/aaf-cert-service/templates/secret.yaml b/kubernetes/aaf/components/aaf-cert-service/templates/secret.yaml new file mode 100644 index 0000000000..ac92f56487 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/templates/secret.yaml @@ -0,0 +1,56 @@ +# Copyright © 2020, Nokia +# Modifications Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.global.cmpv2Enabled }} +{{ include "common.secretFast" . }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.cmpServers.secret.name }} +type: Opaque +data: +{{ if .Values.global.addTestingComponents }} + {{ (.Files.Glob "resources/test/cmpServers.json").AsSecrets }} +{{ else }} + {{ (.Files.Glob "resources/default/cmpServers.json").AsSecrets }} +{{ end }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.global.aaf.certServiceClient.secret.name | default .Values.tls.client.secret.defaultName }} +type: Opaque +data: + certServiceClient-keystore.jks: + {{ (.Files.Glob "resources/certServiceClient-keystore.jks").AsSecrets }} + truststore.jks: + {{ (.Files.Glob "resources/truststore.jks").AsSecrets }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.tls.server.secret.name }} +type: Opaque +data: + certServiceServer-keystore.jks: + {{ (.Files.Glob "resources/certServiceServer-keystore.jks").AsSecrets }} + certServiceServer-keystore.p12: + {{ (.Files.Glob "resources/certServiceServer-keystore.p12").AsSecrets }} + truststore.jks: + {{ (.Files.Glob "resources/truststore.jks").AsSecrets }} + root.crt: + {{ (.Files.Glob "resources/root.crt").AsSecrets }} +{{ end -}}
\ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-cert-service/templates/service.yaml b/kubernetes/aaf/components/aaf-cert-service/templates/service.yaml new file mode 100644 index 0000000000..60e2afa41d --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/templates/service.yaml @@ -0,0 +1,17 @@ +# Copyright © 2020, Nokia +# Modifications Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.global.cmpv2Enabled }} + {{ include "common.service" . }} +{{ end -}}
\ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-cert-service/values.yaml b/kubernetes/aaf/components/aaf-cert-service/values.yaml new file mode 100644 index 0000000000..ad4b7c459b --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/values.yaml @@ -0,0 +1,160 @@ +# Copyright © 2020, Nokia +# Modifications Copyright © 2020, Nordix Foundation, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Global +global: + envsubstImage: dibi/envsubst + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + +# Service configuration +service: + type: ClusterIP + ports: + - name: http + port: 8443 + port_protocol: http + + +# Deployment configuration +repository: nexus3.onap.org:10001 +image: onap/org.onap.aaf.certservice.aaf-certservice-api:1.1.0 +pullPolicy: Always +replicaCount: 1 + +liveness: + initialDelaySeconds: 60 + periodSeconds: 10 + command: curl https://localhost:$HTTPS_PORT/actuator/health --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD +readiness: + initialDelaySeconds: 30 + periodSeconds: 10 + command: curl https://localhost:$HTTPS_PORT/ready --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD + +flavor: small +resources: + small: + limits: + cpu: 0.5 + memory: 1Gi + requests: + cpu: 0.2 + memory: 512Mi + large: + limits: + cpu: 1 + memory: 2Gi + requests: + cpu: 0.4 + memory: 1Gi + unlimited: {} + + +# Application configuration +cmpServers: + secret: + name: aaf-cert-service-secret + volume: + name: aaf-cert-service-volume + mountPath: /etc/onap/aaf/certservice + +tls: + server: + secret: + name: aaf-cert-service-server-tls-secret + volume: + name: aaf-cert-service-server-tls-volume + mountPath: /etc/onap/aaf/certservice/certs/ + client: + secret: + defaultName: aaf-cert-service-client-tls-secret + +envs: + keystore: + jksName: certServiceServer-keystore.jks + p12Name: certServiceServer-keystore.p12 + truststore: + jksName: truststore.jks + crtName: root.crt + httpsPort: 8443 + +# External secrets with credentials can be provided to override default credentials defined below, +# by uncommenting and filling appropriate *ExternalSecret value +credentials: + tls: + keystorePassword: secret + truststorePassword: secret + #keystorePasswordExternalSecret: + #truststorePasswordExternalSecret: + # Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled + cmp: + #clientIakExternalSecret: + #clientRvExternalSecret: + #raIakExternalSecret: + #raRvExternalSecret: + client: {} + # iak: mypassword + # rv: unused + ra: {} + # iak: mypassword + # rv: unused + +secrets: + - uid: keystore-password + name: '{{ include "common.release" . }}-keystore-password' + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.tls.keystorePasswordExternalSecret) . }}' + password: '{{ .Values.credentials.tls.keystorePassword }}' + passwordPolicy: required + - uid: truststore-password + name: '{{ include "common.release" . }}-truststore-password' + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.tls.truststorePasswordExternalSecret) . }}' + password: '{{ .Values.credentials.tls.truststorePassword }}' + passwordPolicy: required + # Below values are relevant only if global addTestingComponents flag is enabled + - uid: ejbca-server-client-iak + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientIakExternalSecret) . }}' + password: '{{ .Values.credentials.cmp.client.iak }}' + - uid: cmp-config-client-rv + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientRvExternalSecret) . }}' + password: '{{ .Values.credentials.cmp.client.rv }}' + - uid: ejbca-server-ra-iak + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raIakExternalSecret) . }}' + password: '{{ .Values.credentials.cmp.ra.iak }}' + - uid: cmp-config-ra-rv + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raRvExternalSecret) . }}' + password: '{{ .Values.credentials.cmp.ra.rv }}' diff --git a/kubernetes/aaf/charts/aaf-cm/.helmignore b/kubernetes/aaf/components/aaf-cm/.helmignore index daebc7da77..daebc7da77 100644 --- a/kubernetes/aaf/charts/aaf-cm/.helmignore +++ b/kubernetes/aaf/components/aaf-cm/.helmignore diff --git a/kubernetes/aaf/charts/aaf-cm/Chart.yaml b/kubernetes/aaf/components/aaf-cm/Chart.yaml index ed453f7ac7..ed453f7ac7 100644 --- a/kubernetes/aaf/charts/aaf-cm/Chart.yaml +++ b/kubernetes/aaf/components/aaf-cm/Chart.yaml diff --git a/kubernetes/aaf/components/aaf-cm/requirements.yaml b/kubernetes/aaf/components/aaf-cm/requirements.yaml new file mode 100644 index 0000000000..08ef7fe836 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cm/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: aaf-templates + version: ~6.x-0 + repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/charts/aaf-cm/templates/NOTES.txt b/kubernetes/aaf/components/aaf-cm/templates/NOTES.txt index bd74a42cd5..bd74a42cd5 100644 --- a/kubernetes/aaf/charts/aaf-cm/templates/NOTES.txt +++ b/kubernetes/aaf/components/aaf-cm/templates/NOTES.txt diff --git a/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml b/kubernetes/aaf/components/aaf-cm/templates/deployment.yaml index 5074c8bc08..5074c8bc08 100644 --- a/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-cm/templates/deployment.yaml diff --git a/kubernetes/aaf/charts/aaf-cm/templates/ingress.yaml b/kubernetes/aaf/components/aaf-cm/templates/ingress.yaml index 40b4bba0ce..40b4bba0ce 100644 --- a/kubernetes/aaf/charts/aaf-cm/templates/ingress.yaml +++ b/kubernetes/aaf/components/aaf-cm/templates/ingress.yaml diff --git a/kubernetes/aaf/charts/aaf-cm/templates/service.yaml b/kubernetes/aaf/components/aaf-cm/templates/service.yaml index e54c4f3057..e54c4f3057 100644 --- a/kubernetes/aaf/charts/aaf-cm/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-cm/templates/service.yaml diff --git a/kubernetes/aaf/charts/aaf-cm/values.yaml b/kubernetes/aaf/components/aaf-cm/values.yaml index c391369db6..0997c7db41 100644 --- a/kubernetes/aaf/charts/aaf-cm/values.yaml +++ b/kubernetes/aaf/components/aaf-cm/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2020 AT&T +# Modifications © 2020 AT&T, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +13,31 @@ # See the License for the specific language governing permissions and # limitations under the License. +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + aaf: + config: + image: onap/aaf/aaf_config:2.1.23 + + flavor: small ################################################################# diff --git a/kubernetes/aaf/charts/aaf-fs/.helmignore b/kubernetes/aaf/components/aaf-fs/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/aaf/charts/aaf-fs/.helmignore +++ b/kubernetes/aaf/components/aaf-fs/.helmignore diff --git a/kubernetes/aaf/charts/aaf-fs/Chart.yaml b/kubernetes/aaf/components/aaf-fs/Chart.yaml index 211c4c28de..211c4c28de 100644 --- a/kubernetes/aaf/charts/aaf-fs/Chart.yaml +++ b/kubernetes/aaf/components/aaf-fs/Chart.yaml diff --git a/kubernetes/aaf/components/aaf-fs/requirements.yaml b/kubernetes/aaf/components/aaf-fs/requirements.yaml new file mode 100644 index 0000000000..08ef7fe836 --- /dev/null +++ b/kubernetes/aaf/components/aaf-fs/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: aaf-templates + version: ~6.x-0 + repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/charts/aaf-fs/templates/NOTES.txt b/kubernetes/aaf/components/aaf-fs/templates/NOTES.txt index bd74a42cd5..bd74a42cd5 100644 --- a/kubernetes/aaf/charts/aaf-fs/templates/NOTES.txt +++ b/kubernetes/aaf/components/aaf-fs/templates/NOTES.txt diff --git a/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml b/kubernetes/aaf/components/aaf-fs/templates/deployment.yaml index c36750809c..c36750809c 100644 --- a/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-fs/templates/deployment.yaml diff --git a/kubernetes/aaf/charts/aaf-fs/templates/ingress.yaml b/kubernetes/aaf/components/aaf-fs/templates/ingress.yaml index 40b4bba0ce..40b4bba0ce 100644 --- a/kubernetes/aaf/charts/aaf-fs/templates/ingress.yaml +++ b/kubernetes/aaf/components/aaf-fs/templates/ingress.yaml diff --git a/kubernetes/aaf/charts/aaf-fs/templates/service.yaml b/kubernetes/aaf/components/aaf-fs/templates/service.yaml index e54c4f3057..e54c4f3057 100644 --- a/kubernetes/aaf/charts/aaf-fs/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-fs/templates/service.yaml diff --git a/kubernetes/aaf/charts/aaf-fs/values.yaml b/kubernetes/aaf/components/aaf-fs/values.yaml index 6ddc07278b..9bffb95724 100644 --- a/kubernetes/aaf/charts/aaf-fs/values.yaml +++ b/kubernetes/aaf/components/aaf-fs/values.yaml @@ -13,6 +13,30 @@ # See the License for the specific language governing permissions and # limitations under the License. +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + aaf: + config: + image: onap/aaf/aaf_config:2.1.23 + flavor: small ################################################################# diff --git a/kubernetes/aaf/charts/aaf-gui/.helmignore b/kubernetes/aaf/components/aaf-gui/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/aaf/charts/aaf-gui/.helmignore +++ b/kubernetes/aaf/components/aaf-gui/.helmignore diff --git a/kubernetes/aaf/charts/aaf-gui/Chart.yaml b/kubernetes/aaf/components/aaf-gui/Chart.yaml index 7e81a70759..7e81a70759 100644 --- a/kubernetes/aaf/charts/aaf-gui/Chart.yaml +++ b/kubernetes/aaf/components/aaf-gui/Chart.yaml diff --git a/kubernetes/aaf/components/aaf-gui/requirements.yaml b/kubernetes/aaf/components/aaf-gui/requirements.yaml new file mode 100644 index 0000000000..08ef7fe836 --- /dev/null +++ b/kubernetes/aaf/components/aaf-gui/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: aaf-templates + version: ~6.x-0 + repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/charts/aaf-gui/templates/NOTES.txt b/kubernetes/aaf/components/aaf-gui/templates/NOTES.txt index bd74a42cd5..bd74a42cd5 100644 --- a/kubernetes/aaf/charts/aaf-gui/templates/NOTES.txt +++ b/kubernetes/aaf/components/aaf-gui/templates/NOTES.txt diff --git a/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml b/kubernetes/aaf/components/aaf-gui/templates/deployment.yaml index c36750809c..c36750809c 100644 --- a/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-gui/templates/deployment.yaml diff --git a/kubernetes/aaf/charts/aaf-gui/templates/ingress.yaml b/kubernetes/aaf/components/aaf-gui/templates/ingress.yaml index 40b4bba0ce..40b4bba0ce 100644 --- a/kubernetes/aaf/charts/aaf-gui/templates/ingress.yaml +++ b/kubernetes/aaf/components/aaf-gui/templates/ingress.yaml diff --git a/kubernetes/aaf/charts/aaf-gui/templates/service.yaml b/kubernetes/aaf/components/aaf-gui/templates/service.yaml index e54c4f3057..e54c4f3057 100644 --- a/kubernetes/aaf/charts/aaf-gui/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-gui/templates/service.yaml diff --git a/kubernetes/aaf/charts/aaf-gui/values.yaml b/kubernetes/aaf/components/aaf-gui/values.yaml index f418fd5b41..8639d6c0f0 100644 --- a/kubernetes/aaf/charts/aaf-gui/values.yaml +++ b/kubernetes/aaf/components/aaf-gui/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2020 AT&T +# Modifications © 2020 AT&T, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +13,30 @@ # See the License for the specific language governing permissions and # limitations under the License. +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + aaf: + config: + image: onap/aaf/aaf_config:2.1.23 + flavor: small ################################################################# # Application configuration defaults. diff --git a/kubernetes/aaf/charts/aaf-hello/.helmignore b/kubernetes/aaf/components/aaf-hello/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/aaf/charts/aaf-hello/.helmignore +++ b/kubernetes/aaf/components/aaf-hello/.helmignore diff --git a/kubernetes/aaf/charts/aaf-hello/Chart.yaml b/kubernetes/aaf/components/aaf-hello/Chart.yaml index 71b3242558..71b3242558 100644 --- a/kubernetes/aaf/charts/aaf-hello/Chart.yaml +++ b/kubernetes/aaf/components/aaf-hello/Chart.yaml diff --git a/kubernetes/aaf/components/aaf-hello/requirements.yaml b/kubernetes/aaf/components/aaf-hello/requirements.yaml new file mode 100644 index 0000000000..08ef7fe836 --- /dev/null +++ b/kubernetes/aaf/components/aaf-hello/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: aaf-templates + version: ~6.x-0 + repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/charts/aaf-hello/templates/NOTES.txt b/kubernetes/aaf/components/aaf-hello/templates/NOTES.txt index ef4d8e7d23..ef4d8e7d23 100644 --- a/kubernetes/aaf/charts/aaf-hello/templates/NOTES.txt +++ b/kubernetes/aaf/components/aaf-hello/templates/NOTES.txt diff --git a/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml b/kubernetes/aaf/components/aaf-hello/templates/deployment.yaml index 891b829f43..891b829f43 100644 --- a/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-hello/templates/deployment.yaml diff --git a/kubernetes/aaf/charts/aaf-hello/templates/ingress.yaml b/kubernetes/aaf/components/aaf-hello/templates/ingress.yaml index 40b4bba0ce..40b4bba0ce 100644 --- a/kubernetes/aaf/charts/aaf-hello/templates/ingress.yaml +++ b/kubernetes/aaf/components/aaf-hello/templates/ingress.yaml diff --git a/kubernetes/aaf/charts/aaf-hello/templates/secret.yaml b/kubernetes/aaf/components/aaf-hello/templates/secret.yaml index f8c32e0670..f8c32e0670 100644 --- a/kubernetes/aaf/charts/aaf-hello/templates/secret.yaml +++ b/kubernetes/aaf/components/aaf-hello/templates/secret.yaml diff --git a/kubernetes/aaf/charts/aaf-hello/templates/service.yaml b/kubernetes/aaf/components/aaf-hello/templates/service.yaml index 8f80ee12a2..8f80ee12a2 100644 --- a/kubernetes/aaf/charts/aaf-hello/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-hello/templates/service.yaml diff --git a/kubernetes/aaf/charts/aaf-hello/values.yaml b/kubernetes/aaf/components/aaf-hello/values.yaml index aeb659082d..df3abec67c 100644 --- a/kubernetes/aaf/charts/aaf-hello/values.yaml +++ b/kubernetes/aaf/components/aaf-hello/values.yaml @@ -41,7 +41,7 @@ aaf_init: replicaCount: 0 -image: onap/aaf/aaf_hello:2.1.20 +image: onap/aaf/aaf_hello:2.1.23 service: name: aaf-hello diff --git a/kubernetes/aaf/charts/aaf-locate/.helmignore b/kubernetes/aaf/components/aaf-locate/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/aaf/charts/aaf-locate/.helmignore +++ b/kubernetes/aaf/components/aaf-locate/.helmignore diff --git a/kubernetes/aaf/charts/aaf-locate/Chart.yaml b/kubernetes/aaf/components/aaf-locate/Chart.yaml index 3133191280..3133191280 100644 --- a/kubernetes/aaf/charts/aaf-locate/Chart.yaml +++ b/kubernetes/aaf/components/aaf-locate/Chart.yaml diff --git a/kubernetes/aaf/components/aaf-locate/requirements.yaml b/kubernetes/aaf/components/aaf-locate/requirements.yaml new file mode 100644 index 0000000000..08ef7fe836 --- /dev/null +++ b/kubernetes/aaf/components/aaf-locate/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: aaf-templates + version: ~6.x-0 + repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/charts/aaf-locate/templates/NOTES.txt b/kubernetes/aaf/components/aaf-locate/templates/NOTES.txt index bd74a42cd5..bd74a42cd5 100644 --- a/kubernetes/aaf/charts/aaf-locate/templates/NOTES.txt +++ b/kubernetes/aaf/components/aaf-locate/templates/NOTES.txt diff --git a/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml b/kubernetes/aaf/components/aaf-locate/templates/deployment.yaml index 5074c8bc08..5074c8bc08 100644 --- a/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-locate/templates/deployment.yaml diff --git a/kubernetes/aaf/charts/aaf-locate/templates/ingress.yaml b/kubernetes/aaf/components/aaf-locate/templates/ingress.yaml index 1b33c1f8d1..1b33c1f8d1 100644 --- a/kubernetes/aaf/charts/aaf-locate/templates/ingress.yaml +++ b/kubernetes/aaf/components/aaf-locate/templates/ingress.yaml diff --git a/kubernetes/aaf/charts/aaf-locate/templates/service.yaml b/kubernetes/aaf/components/aaf-locate/templates/service.yaml index e54c4f3057..e54c4f3057 100644 --- a/kubernetes/aaf/charts/aaf-locate/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-locate/templates/service.yaml diff --git a/kubernetes/aaf/charts/aaf-locate/values.yaml b/kubernetes/aaf/components/aaf-locate/values.yaml index 01a5ab158a..7bcf10dabb 100644 --- a/kubernetes/aaf/charts/aaf-locate/values.yaml +++ b/kubernetes/aaf/components/aaf-locate/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2020 AT&T +# Modifications © 2020 AT&T, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +13,31 @@ # See the License for the specific language governing permissions and # limitations under the License. +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + aaf: + config: + image: onap/aaf/aaf_config:2.1.23 + + flavor: small ################################################################# # Application configuration defaults. diff --git a/kubernetes/aaf/charts/aaf-oauth/.helmignore b/kubernetes/aaf/components/aaf-oauth/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/aaf/charts/aaf-oauth/.helmignore +++ b/kubernetes/aaf/components/aaf-oauth/.helmignore diff --git a/kubernetes/aaf/charts/aaf-oauth/Chart.yaml b/kubernetes/aaf/components/aaf-oauth/Chart.yaml index a64a17c7b1..a64a17c7b1 100644 --- a/kubernetes/aaf/charts/aaf-oauth/Chart.yaml +++ b/kubernetes/aaf/components/aaf-oauth/Chart.yaml diff --git a/kubernetes/aaf/components/aaf-oauth/requirements.yaml b/kubernetes/aaf/components/aaf-oauth/requirements.yaml new file mode 100644 index 0000000000..08ef7fe836 --- /dev/null +++ b/kubernetes/aaf/components/aaf-oauth/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: aaf-templates + version: ~6.x-0 + repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/NOTES.txt b/kubernetes/aaf/components/aaf-oauth/templates/NOTES.txt index bd74a42cd5..bd74a42cd5 100644 --- a/kubernetes/aaf/charts/aaf-oauth/templates/NOTES.txt +++ b/kubernetes/aaf/components/aaf-oauth/templates/NOTES.txt diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml b/kubernetes/aaf/components/aaf-oauth/templates/deployment.yaml index 5074c8bc08..5074c8bc08 100644 --- a/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-oauth/templates/deployment.yaml diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/ingress.yaml b/kubernetes/aaf/components/aaf-oauth/templates/ingress.yaml index 1b33c1f8d1..1b33c1f8d1 100644 --- a/kubernetes/aaf/charts/aaf-oauth/templates/ingress.yaml +++ b/kubernetes/aaf/components/aaf-oauth/templates/ingress.yaml diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml b/kubernetes/aaf/components/aaf-oauth/templates/service.yaml index e54c4f3057..e54c4f3057 100644 --- a/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-oauth/templates/service.yaml diff --git a/kubernetes/aaf/charts/aaf-oauth/values.yaml b/kubernetes/aaf/components/aaf-oauth/values.yaml index 7604b86393..8771041778 100644 --- a/kubernetes/aaf/charts/aaf-oauth/values.yaml +++ b/kubernetes/aaf/components/aaf-oauth/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2020 AT&T +# Modifications © 2020 AT&T, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +13,31 @@ # See the License for the specific language governing permissions and # limitations under the License. +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + aaf: + config: + image: onap/aaf/aaf_config:2.1.23 + + flavor: small ################################################################# diff --git a/kubernetes/aaf/charts/aaf-service/.helmignore b/kubernetes/aaf/components/aaf-service/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/aaf/charts/aaf-service/.helmignore +++ b/kubernetes/aaf/components/aaf-service/.helmignore diff --git a/kubernetes/aaf/charts/aaf-service/Chart.yaml b/kubernetes/aaf/components/aaf-service/Chart.yaml index 187e33ac6f..187e33ac6f 100644 --- a/kubernetes/aaf/charts/aaf-service/Chart.yaml +++ b/kubernetes/aaf/components/aaf-service/Chart.yaml diff --git a/kubernetes/aaf/components/aaf-service/requirements.yaml b/kubernetes/aaf/components/aaf-service/requirements.yaml new file mode 100644 index 0000000000..08ef7fe836 --- /dev/null +++ b/kubernetes/aaf/components/aaf-service/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: aaf-templates + version: ~6.x-0 + repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml b/kubernetes/aaf/components/aaf-service/templates/deployment.yaml index 5074c8bc08..5074c8bc08 100644 --- a/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-service/templates/deployment.yaml diff --git a/kubernetes/aaf/charts/aaf-service/templates/ingress.yaml b/kubernetes/aaf/components/aaf-service/templates/ingress.yaml index 40b4bba0ce..40b4bba0ce 100644 --- a/kubernetes/aaf/charts/aaf-service/templates/ingress.yaml +++ b/kubernetes/aaf/components/aaf-service/templates/ingress.yaml diff --git a/kubernetes/aaf/charts/aaf-service/templates/service.yaml b/kubernetes/aaf/components/aaf-service/templates/service.yaml index e54c4f3057..e54c4f3057 100644 --- a/kubernetes/aaf/charts/aaf-service/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-service/templates/service.yaml diff --git a/kubernetes/aaf/charts/aaf-service/values.yaml b/kubernetes/aaf/components/aaf-service/values.yaml index c2d96032cc..d924bb4f54 100644 --- a/kubernetes/aaf/charts/aaf-service/values.yaml +++ b/kubernetes/aaf/components/aaf-service/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2020 AT&T +# Modifications © 2020 AT&T, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +13,31 @@ # See the License for the specific language governing permissions and # limitations under the License. +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + aaf: + config: + image: onap/aaf/aaf_config:2.1.23 + + flavor: small ################################################################# diff --git a/kubernetes/aaf/charts/aaf-sms/Chart.yaml b/kubernetes/aaf/components/aaf-sms/Chart.yaml index 557894f456..557894f456 100644 --- a/kubernetes/aaf/charts/aaf-sms/Chart.yaml +++ b/kubernetes/aaf/components/aaf-sms/Chart.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml index 2dc3d49b66..2dc3d49b66 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json index 3a43f00019..3a43f00019 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml index 02f1080f29..02f1080f29 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml index d855ae6fdf..d855ae6fdf 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml index 1c6cc933f5..1c6cc933f5 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/values.yaml index 1459624536..1459624536 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/values.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/Chart.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/Chart.yaml index 074958ff70..074958ff70 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/Chart.yaml +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/Chart.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml index 2c70c23e03..2c70c23e03 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml index d855ae6fdf..d855ae6fdf 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/service.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/service.yaml index a3a7591b02..a3a7591b02 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/service.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml index 4023106091..4023106091 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/values.yaml index 7787f0b85d..7787f0b85d 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/values.yaml diff --git a/kubernetes/aaf/components/aaf-sms/requirements.yaml b/kubernetes/aaf/components/aaf-sms/requirements.yaml new file mode 100644 index 0000000000..7152c37ff0 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/components/aaf-sms/resources/certs/intermediate_root_ca.pem b/kubernetes/aaf/components/aaf-sms/resources/certs/intermediate_root_ca.pem new file mode 100644 index 0000000000..7939846bf0 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/resources/certs/intermediate_root_ca.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB +RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN +MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG +A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL +neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d +o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3 +nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV +v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO +15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw +gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV +M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/ +BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B +AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q +ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl +u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+ ++pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/ +QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht +8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX +kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3 +aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky +uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w +tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep +BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k= +-----END CERTIFICATE----- diff --git a/kubernetes/aaf/charts/aaf-sms/resources/config/has.json b/kubernetes/aaf/components/aaf-sms/resources/config/has.json index 679b5189de..679b5189de 100644 --- a/kubernetes/aaf/charts/aaf-sms/resources/config/has.json +++ b/kubernetes/aaf/components/aaf-sms/resources/config/has.json diff --git a/kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json b/kubernetes/aaf/components/aaf-sms/resources/config/osdf.json index add0808701..add0808701 100644 --- a/kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json +++ b/kubernetes/aaf/components/aaf-sms/resources/config/osdf.json diff --git a/kubernetes/aaf/charts/aaf-sms/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sms/templates/configmap.yaml index a74fe277b7..a74fe277b7 100644 --- a/kubernetes/aaf/charts/aaf-sms/templates/configmap.yaml +++ b/kubernetes/aaf/components/aaf-sms/templates/configmap.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/templates/deployment.yaml b/kubernetes/aaf/components/aaf-sms/templates/deployment.yaml index 6113c0d5c8..bb409f33c5 100644 --- a/kubernetes/aaf/charts/aaf-sms/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-sms/templates/deployment.yaml @@ -31,8 +31,25 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: - - name: fix-permission + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 8 }} + # Currently intermediate certificate is not given by AAF CM so we need + # to give it "by hand" + {{- if .Values.global.aafEnabled }} + - name: {{ include "common.fullname" . }}-add-intermediate-cert + command: + - /bin/sh + args: + - -c + - | + cat /int-certs/intermediate_root_ca.pem >> {{ .Values.certInitializer.mountPath }}/local/org.onap.aaf-sms.crt + image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }} + - mountPath: /int-certs + name: {{ include "common.fullname" . }}-int-certs + readOnly: true + {{- end }} + - name: {{ include "common.fullname" . }}-fix-permission command: - /bin/sh args: @@ -85,7 +102,7 @@ spec: path: /v1/sms/quorum/status initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -104,13 +121,18 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: path: /etc/localtime - name : {{ include "common.name" . }} configMap: name: {{ include "common.fullname" . }} + {{- if .Values.global.aafEnabled }} + - name: {{ include "common.fullname" . }}-int-certs + secret: + secretName: {{ include "common.fullname" . }}-int-certs + {{- end }} - name: {{ include "common.fullname" . }}-auth {{- if .Values.persistence.enabled }} persistentVolumeClaim: diff --git a/kubernetes/aaf/charts/aaf-sms/templates/job.yaml b/kubernetes/aaf/components/aaf-sms/templates/job.yaml index bb145ef3f8..315d068676 100644 --- a/kubernetes/aaf/charts/aaf-sms/templates/job.yaml +++ b/kubernetes/aaf/components/aaf-sms/templates/job.yaml @@ -32,7 +32,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - command: - sh args: @@ -163,7 +163,7 @@ spec: command: - "/sms/bin/preload" - "-cacert" - - "/sms/certs/aaf_root_ca.cer" + - "{{ .Values.certInitializer.mountPath }}/local/{{ .Values.certInitializer.root_ca_name }}" - "-jsondir" - "/preload/config" - "-serviceport" @@ -171,7 +171,7 @@ spec: - "-serviceurl" - "https://aaf-sms.{{ include "common.namespace" . }}" workingDir: /sms - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -187,7 +187,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/aaf/charts/aaf-sms/templates/pv.yaml b/kubernetes/aaf/components/aaf-sms/templates/pv.yaml index d06131feb5..d06131feb5 100644 --- a/kubernetes/aaf/charts/aaf-sms/templates/pv.yaml +++ b/kubernetes/aaf/components/aaf-sms/templates/pv.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/templates/pvc.yaml b/kubernetes/aaf/components/aaf-sms/templates/pvc.yaml index c46d50607c..c46d50607c 100644 --- a/kubernetes/aaf/charts/aaf-sms/templates/pvc.yaml +++ b/kubernetes/aaf/components/aaf-sms/templates/pvc.yaml diff --git a/kubernetes/aaf/components/aaf-sms/templates/secret.yaml b/kubernetes/aaf/components/aaf-sms/templates/secret.yaml new file mode 100644 index 0000000000..7a0213f16c --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/templates/secret.yaml @@ -0,0 +1,32 @@ +{{/* +# Copyright © 2020 Samsung Electronics, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} +--- +{{- if .Values.global.aafEnabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-int-certs + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} +{{- end }} diff --git a/kubernetes/aaf/charts/aaf-sms/templates/service.yaml b/kubernetes/aaf/components/aaf-sms/templates/service.yaml index 9c94202fe3..9c94202fe3 100644 --- a/kubernetes/aaf/charts/aaf-sms/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-sms/templates/service.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/values.yaml b/kubernetes/aaf/components/aaf-sms/values.yaml index 7e0aa5c282..dccf57ca96 100644 --- a/kubernetes/aaf/charts/aaf-sms/values.yaml +++ b/kubernetes/aaf/components/aaf-sms/values.yaml @@ -1,5 +1,5 @@ # Copyright 2018 Intel Corporation, Inc -# Modifications © 2020 AT&T +# Modifications © 2020 AT&T, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,8 +22,38 @@ global: loggingImage: beats/filebeat:5.5.0 persistence: {} envsubstImage: dibi/envsubst + aafEnabled: true flavor: small + +################################################################# +# AAF part +################################################################# +certInitializer: + nameOverride: aaf-sms-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: aaf-sms + fqi: aaf-sms@aaf-sms.onap.org + public_fqdn: aaf-sms.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + mountPath: /opt/app/osaaf + keystore: truststoreONAPall.jks + keystore_pass: changeit + root_ca_alias: onaptestca + root_ca_name: aaf_root_ca.cer + permission_user: 1000 + permission_group: 1000 + aaf_add_config: > + cd {{ .Values.mountPath }}/local; + keytool -exportcert -rfc -file {{ .Values.root_ca_name }} -keystore {{ .Values.keystore }} + -alias {{ .Values.root_ca_alias }} -storepass {{ .Values.keystore_pass }}; + chown -R {{.Values.permission_user}}:{{.Values.permission_group}} + {{ .Values.mountPath }}; + ################################################################# # Application configuration defaults. ################################################################# @@ -39,9 +69,9 @@ debugEnabled: false # Example: config: smsdbaddress: "http://aaf-sms-db:8200" - cafile: "/sms/certs/aaf_root_ca.cer" - servercert: "/sms/certs/aaf-sms.pub" - serverkey: "/sms/certs/aaf-sms.pr" + cafile: "/opt/app/osaaf/local/aaf_root_ca.cer" + servercert: "/opt/app/osaaf/local/org.onap.aaf-sms.crt" + serverkey: "/opt/app/osaaf/local/org.onap.aaf-sms.key" password: "c2VjcmV0bWFuYWdlbWVudHNlcnZpY2VzZWNyZXRwYXNzd29yZA==" # subchart configuration diff --git a/kubernetes/aaf/charts/aaf-sshsm/Chart.yaml b/kubernetes/aaf/components/aaf-sshsm/Chart.yaml index d39b561905..d39b561905 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/Chart.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/Chart.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/README.md b/kubernetes/aaf/components/aaf-sshsm/README.md index a6f2e62cb9..a6f2e62cb9 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/README.md +++ b/kubernetes/aaf/components/aaf-sshsm/README.md diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml index 499b82caaf..499b82caaf 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml index 8d1faf7e32..8d1faf7e32 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml index 23fe79d716..23fe79d716 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml index c624ccfc4d..c624ccfc4d 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml index 2a733632bf..2a733632bf 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml index 22ba3da019..22ba3da019 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml index 99176fcdf6..99176fcdf6 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml index fb48c7df4a..fb48c7df4a 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml index bf0ef74be2..bf0ef74be2 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml index a13b7f353b..a13b7f353b 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml index 94791be713..94791be713 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml index b64e0c331a..b64e0c331a 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml index a64f483d74..a64f483d74 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml index dd04c93bd7..dd04c93bd7 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/requirements.yaml b/kubernetes/aaf/components/aaf-sshsm/requirements.yaml index 0704a2c9df..0704a2c9df 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/requirements.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/requirements.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/resources/config/prk_passwd b/kubernetes/aaf/components/aaf-sshsm/resources/config/prk_passwd index 640b325898..640b325898 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/resources/config/prk_passwd +++ b/kubernetes/aaf/components/aaf-sshsm/resources/config/prk_passwd diff --git a/kubernetes/aaf/charts/aaf-sshsm/resources/config/srk_handle b/kubernetes/aaf/components/aaf-sshsm/resources/config/srk_handle index b8b9d8ddb0..b8b9d8ddb0 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/resources/config/srk_handle +++ b/kubernetes/aaf/components/aaf-sshsm/resources/config/srk_handle diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pv-data.yaml b/kubernetes/aaf/components/aaf-sshsm/templates/pv-data.yaml index b566b11458..b566b11458 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/templates/pv-data.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/templates/pv-data.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pv-dbus.yaml b/kubernetes/aaf/components/aaf-sshsm/templates/pv-dbus.yaml index b3e7f9fabd..b3e7f9fabd 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/templates/pv-dbus.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/templates/pv-dbus.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-data.yaml b/kubernetes/aaf/components/aaf-sshsm/templates/pvc-data.yaml index b8971cc03c..b8971cc03c 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-data.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/templates/pvc-data.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-dbus.yaml b/kubernetes/aaf/components/aaf-sshsm/templates/pvc-dbus.yaml index 7297d6f81d..7297d6f81d 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-dbus.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/templates/pvc-dbus.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/secret.yaml b/kubernetes/aaf/components/aaf-sshsm/templates/secret.yaml index 50b6f36cd3..50b6f36cd3 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/templates/secret.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/templates/secret.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/values.yaml b/kubernetes/aaf/components/aaf-sshsm/values.yaml index 5600213e11..30fb0d2f2f 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/values.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/values.yaml @@ -1,4 +1,5 @@ # Copyright 2018 Intel Corporation, Inc +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,6 +17,23 @@ # Global configuration defaults. ################################################################# global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + tpm: enabled: false # if enabled, nodeselector will use the below diff --git a/kubernetes/aaf/components/aaf-templates/Chart.yaml b/kubernetes/aaf/components/aaf-templates/Chart.yaml new file mode 100644 index 0000000000..c8739e0105 --- /dev/null +++ b/kubernetes/aaf/components/aaf-templates/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2020 Orange +# Modifications Copyright © 2018 AT&T, Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Application Authorization Framework Templates +name: aaf-templates +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-templates/requirements.yaml b/kubernetes/aaf/components/aaf-templates/requirements.yaml new file mode 100644 index 0000000000..6afaa06e8a --- /dev/null +++ b/kubernetes/aaf/components/aaf-templates/requirements.yaml @@ -0,0 +1,18 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/templates/_deployment.tpl b/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl index bf6931a8e3..bf6931a8e3 100644 --- a/kubernetes/aaf/templates/_deployment.tpl +++ b/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl diff --git a/kubernetes/aaf/templates/_initContainers.tpl b/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl index 43c511fd6d..43c511fd6d 100644 --- a/kubernetes/aaf/templates/_initContainers.tpl +++ b/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl diff --git a/kubernetes/aaf/charts/aaf-sms/templates/secret.yaml b/kubernetes/aaf/components/aaf-templates/values.yaml index 34932b713d..73efdc6132 100644 --- a/kubernetes/aaf/charts/aaf-sms/templates/secret.yaml +++ b/kubernetes/aaf/components/aaf-templates/values.yaml @@ -1,5 +1,4 @@ -{{/* -# Copyright © 2020 Samsung Electronics +# Copyright © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,6 +11,3 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/aaf/requirements.yaml b/kubernetes/aaf/requirements.yaml index 6a61926e9e..ccbe14c7a3 100644 --- a/kubernetes/aaf/requirements.yaml +++ b/kubernetes/aaf/requirements.yaml @@ -1,4 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +15,36 @@ # limitations under the License. dependencies: - - name: common + - name: aaf-cass version: ~6.x-0 - repository: '@local'
\ No newline at end of file + repository: 'file://components/aaf-cass' + - name: aaf-cert-service + version: ~6.x-0 + repository: 'file://components/aaf-cert-service' + - name: aaf-cm + version: ~6.x-0 + repository: 'file://components/aaf-cm' + - name: aaf-fs + version: ~6.x-0 + repository: 'file://components/aaf-fs' + - name: aaf-gui + version: ~6.x-0 + repository: 'file://components/aaf-gui' + - name: aaf-hello + version: ~6.x-0 + repository: 'file://components/aaf-hello' + - name: aaf-locate + version: ~6.x-0 + repository: 'file://components/aaf-locate' + - name: aaf-oauth + version: ~6.x-0 + repository: 'file://components/aaf-oauth' + - name: aaf-service + version: ~6.x-0 + repository: 'file://components/aaf-service' + - name: aaf-sms + version: ~6.x-0 + repository: 'file://components/aaf-sms' + - name: aaf-sshsm + version: ~6.x-0 + repository: 'file://components/aaf-sshsm' diff --git a/kubernetes/aaf/values.yaml b/kubernetes/aaf/values.yaml index bedf243639..df4dcf3723 100644 --- a/kubernetes/aaf/values.yaml +++ b/kubernetes/aaf/values.yaml @@ -16,6 +16,7 @@ ################################################################# # Global configuration defaults. ################################################################# + global: nodePortPrefix: 302 # Readiness image @@ -40,12 +41,14 @@ global: #pullPolicy: IfNotPresent #repository: "nexus3.onap.org:10003" + cmpv2Enabled: true + addTestingComponents: false aaf: readiness: false - image: onap/aaf/aaf_core:2.1.20 + image: onap/aaf/aaf_core:2.1.23 aaf_env: "DEV" public_fqdn: "aaf.osaaf.org" - aaf_release: "El Alto" + aaf_release: "Frankfurt" # DUBLIN ONLY - for M4 compatibility with Casablanca # aaf_locator_name: "public.%NS.%N" # aaf_locator_name_oom: "%NS.%N" @@ -57,7 +60,7 @@ global: cadi_x509_issuers: "CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US" config: - image: onap/aaf/aaf_config:2.1.20 + image: onap/aaf/aaf_config:2.1.23 service: fqdn: "aaf-service" @@ -73,6 +76,9 @@ global: public_port: 31112 # Note: as hello is a sample app, find values in charts/aaf-hello/values.yaml + certServiceClient: + secret: + name: aaf-cert-service-client-tls-secret ################################################################# # Application configuration defaults. diff --git a/kubernetes/aai b/kubernetes/aai -Subproject 2aba1f4b1c872ddf429f4635b982b3e15ecc4aa +Subproject e77bd83639f77e68f4c7df9b35c95a4d70e7038 diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties index 05ac61cf57..453f906101 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties +++ b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties @@ -127,6 +127,8 @@ blueprintsprocessor.netconfExecutor.enabled=true blueprintsprocessor.restConfExecutor.enabled=true blueprintsprocessor.cliExecutor.enabled=true blueprintsprocessor.remoteScriptCommand.enabled=true +## Enable py-executor +blueprintsprocessor.streamingRemoteExecution.enabled=true # Used in Health Check blueprintsprocessor.messageproducer.self-service-api.type=kafka-basic-auth diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml b/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml index 161cf28d27..c2b6d520b5 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml @@ -90,7 +90,7 @@ spec: command: - chown - -R - - 100:101 + - 1000:1000 - /opt/app/onap/blueprints/deploy image: busybox:latest imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} diff --git a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml index c8921f9efa..500e3a536b 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml @@ -62,7 +62,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-blueprintsprocessor:0.7.3 +image: onap/ccsdk-blueprintsprocessor:0.7.5 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/cds/charts/cds-command-executor/values.yaml b/kubernetes/cds/charts/cds-command-executor/values.yaml index 8b4dbbfc16..f194c279c9 100755 --- a/kubernetes/cds/charts/cds-command-executor/values.yaml +++ b/kubernetes/cds/charts/cds-command-executor/values.yaml @@ -40,7 +40,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-commandexecutor:0.7.3 +image: onap/ccsdk-commandexecutor:0.7.5 pullPolicy: Always # application configuration diff --git a/kubernetes/cds/charts/cds-py-executor/values.yaml b/kubernetes/cds/charts/cds-py-executor/values.yaml index bbae1b9e5a..9dbc5b7ff3 100755 --- a/kubernetes/cds/charts/cds-py-executor/values.yaml +++ b/kubernetes/cds/charts/cds-py-executor/values.yaml @@ -38,7 +38,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-py-executor:0.7.3 +image: onap/ccsdk-py-executor:0.7.5 pullPolicy: Always # default number of instances diff --git a/kubernetes/cds/charts/cds-sdc-listener/values.yaml b/kubernetes/cds/charts/cds-sdc-listener/values.yaml index 57b9e49426..30f9451673 100644 --- a/kubernetes/cds/charts/cds-sdc-listener/values.yaml +++ b/kubernetes/cds/charts/cds-sdc-listener/values.yaml @@ -37,7 +37,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-sdclistener:0.7.3 +image: onap/ccsdk-sdclistener:0.7.5 name: sdc-listener pullPolicy: Always diff --git a/kubernetes/cds/charts/cds-ui/values.yaml b/kubernetes/cds/charts/cds-ui/values.yaml index aea1202d51..d8a87cc2ea 100644 --- a/kubernetes/cds/charts/cds-ui/values.yaml +++ b/kubernetes/cds/charts/cds-ui/values.yaml @@ -28,7 +28,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-cds-ui-server:0.7.3 +image: onap/ccsdk-cds-ui-server:0.7.5 pullPolicy: Always # application configuration diff --git a/kubernetes/clamp/charts/clamp-backend/values.yaml b/kubernetes/clamp/charts/clamp-backend/values.yaml index f354ad14a7..3e08bd606c 100644 --- a/kubernetes/clamp/charts/clamp-backend/values.yaml +++ b/kubernetes/clamp/charts/clamp-backend/values.yaml @@ -35,7 +35,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-backend:5.0.6 +image: onap/clamp-backend:5.0.7 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml index 9446ca8eb3..2a27c140eb 100644 --- a/kubernetes/clamp/values.yaml +++ b/kubernetes/clamp/values.yaml @@ -58,7 +58,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-frontend:5.0.6 +image: onap/clamp-frontend:5.0.7 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml index eddc7bc124..9c744f39ba 100644 --- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml +++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml @@ -61,7 +61,7 @@ apiVersion: v1 fieldPath: metadata.namespace - name: {{ include "common.name" $dot }}-aaf-config - image: {{ (default $subchartDot.Values.repository $subchartDot.Values.global.repository) }}/{{ $subchartDot.Values.global.aafAgentImage }} + image: {{ include "common.repository" $subchartDot }}/{{ $subchartDot.Values.global.aafAgentImage }} imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }} volumeMounts: - mountPath: {{ $initRoot.mountPath }} diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml index b55ba5e2f3..fdee4c9bd2 100644 --- a/kubernetes/common/certInitializer/values.yaml +++ b/kubernetes/common/certInitializer/values.yaml @@ -15,6 +15,7 @@ global: readinessRepository: oomk8s readinessImage: readiness-check:2.0.2 + repository: nexus3.onap.org:10001 aafAgentImage: onap/aaf/aaf_agent:2.1.20 aafEnabled: true diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl index c3c744358c..6b4f0ed36e 100644 --- a/kubernetes/common/common/templates/_ingress.tpl +++ b/kubernetes/common/common/templates/_ingress.tpl @@ -78,7 +78,7 @@ nginx.ingress.kubernetes.io/ssl-redirect: "false" {{- $ingressEnabled := include "common.ingress._overrideIfDefined" (dict "currVal" $ingressEnabled "parent" (default (dict) .Values.global.ingress) "var" "enabled") }} {{- $ingressEnabled := include "common.ingress._overrideIfDefined" (dict "currVal" $ingressEnabled "parent" .Values.ingress "var" "enabledOverride") }} {{- if $ingressEnabled }} -apiVersion: extensions/v1beta1 +apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: {{ include "common.fullname" . }}-ingress diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml index e1fac77a97..d0e298b7b6 100644 --- a/kubernetes/common/dgbuilder/templates/deployment.yaml +++ b/kubernetes/common/dgbuilder/templates/deployment.yaml @@ -14,7 +14,7 @@ # limitations under the License. */}} -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} @@ -26,6 +26,9 @@ metadata: heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} template: metadata: labels: diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml index 96cda89c1f..fcab51cb59 100644 --- a/kubernetes/common/etcd/templates/statefulset.yaml +++ b/kubernetes/common/etcd/templates/statefulset.yaml @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: apps/v1beta1 +apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ include "common.fullname" . }} @@ -23,6 +23,9 @@ metadata: spec: serviceName: {{ include "common.servicename" .}} replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} template: metadata: labels: diff --git a/kubernetes/common/mariadb-galera/resources/create-deployment.yml b/kubernetes/common/mariadb-galera/resources/create-deployment.yml new file mode 100644 index 0000000000..61bfc78945 --- /dev/null +++ b/kubernetes/common/mariadb-galera/resources/create-deployment.yml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" (dict "suffix" "upgrade-deployment" "dot" .) | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ include "common.fullname" . }} + template: + metadata: + labels: + app: {{ include "common.fullname" . }} + spec: + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + ports: + - containerPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + - containerPort: {{ .Values.service.sstPort }} + name: {{ .Values.service.sstPortName }} + - containerPort: {{ .Values.service.replicationPort }} + name: {{ .Values.service.replicationName }} + - containerPort: {{ .Values.service.istPort }} + name: {{ .Values.service.istPortName }} + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: MYSQL_USER + valueFrom: + secretKeyRef: + key: login + name: {{ include "common.fullname" . }}-temp-upgrade-usercred + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: {{ include "common.fullname" . }}-temp-upgrade-usercred + - name: MYSQL_DATABASE + value: {{ default "" .Values.config.mysqlDatabase | quote }} + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: {{ include "common.fullname" . }}-temp-upgrade-root + subdomain: {{ .Values.service.name }} + hostname: {{ .Values.nameOverride }}-upgrade-deployment
\ No newline at end of file diff --git a/kubernetes/common/mariadb-galera/resources/post-upgrade-script.sh b/kubernetes/common/mariadb-galera/resources/post-upgrade-script.sh new file mode 100644 index 0000000000..ec09df3a86 --- /dev/null +++ b/kubernetes/common/mariadb-galera/resources/post-upgrade-script.sh @@ -0,0 +1,142 @@ +#!/bin/bash + +TEMP_POD=$(kubectl get pod -n $NAMESPACE_ENV --selector \ + app='{{ include "common.fullname" . }}' -o \ + jsonpath='{.items[?(@.metadata.ownerReferences[].kind=="ReplicaSet")].metadata.name}') + +tmp_MYSQL_PASSWORD=$(echo -n $(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- printenv \ + MYSQL_PASSWORD) | base64) + +tmp_ROOT_PASSWORD=$(echo -n $(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- printenv \ + MYSQL_ROOT_PASSWORD) | base64) + +FLAG_EX_ROOT_SEC='{{ include "common.secret.getSecretNameFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .)) }}' + +FLAG_EX_SEC='{{ include "common.secret.getSecretNameFast" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .)) }}' + +kubectl patch secret $FLAG_EX_ROOT_SEC -p \ + '{"data":{"password":"'"$tmp_ROOT_PASSWORD"'"}}' + +kubectl patch secret $FLAG_EX_SEC -p \ + '{"data":{"password":"'"$tmp_MYSQL_PASSWORD"'"}}' + +MYSQL_USER=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- printenv MYSQL_USER) + +MYSQL_PASSWORD=$(echo -n $(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- printenv MYSQL_PASSWORD)) + +MYSQL_ROOT_PASSWORD=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- printenv MYSQL_ROOT_PASSWORD) + +CURRENT_STS_REPLICA=$(kubectl get statefulsets -n $NAMESPACE_ENV \ + {{ include "common.fullname" . }} -o jsonpath='{.status.replicas}') + +DEPLOYMENT_REPLICA=$(kubectl get deployment -n $NAMESPACE_ENV \ + {{ include "common.fullname" . }}-upgrade-deployment -o \ + jsonpath='{.status.replicas}') + +if [[ $CURRENT_STS_REPLICA == "0" ]] +then + echo "Seems there was no upgrade of cluster and we will scale up cluster replicas back to $REPLICA_COUNT now" + kubectl scale statefulsets {{ include "common.fullname" . }} --replicas=$REPLICA_COUNT +fi + +MY_REPLICA_NUMBER=$(kubectl get statefulsets -n $NAMESPACE_ENV \ + {{ include "common.fullname" . }} -o jsonpath='{.status.replicas}') + +while [[ ! $MY_REPLICA_NUMBER == $REPLICA_COUNT ]] +do + echo "The cluster is not scaled up to $REPLICA_COUNT yet. Please wait ..." + MY_REPLICA_NUMBER=$(kubectl get statefulsets -n $NAMESPACE_ENV \ + {{ include "common.fullname" . }} -o jsonpath='{.status.replicas}') + echo "The current status of the cluster is $MY_REPLICA_NUMBER" + sleep 2 + if [[ $MY_REPLICA_NUMBER == $REPLICA_COUNT ]] + then + break + fi +done + +CLUSTER_NO=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- \ + mysql --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ + -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_cluster_size';" | \ + awk '{print $2}') + +CLUSTER_STATE=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- \ + mysql --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ + -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';" \ + | awk '{print $2}') + +while [[ ! $CLUSTER_NO == $((REPLICA_COUNT+DEPLOYMENT_REPLICA)) ]] \ + || [[ ! $CLUSTER_STATE == "Synced" ]] +do + echo "$CLUSTER_NO and $CLUSTER_STATE" + CLUSTER_NO=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysql \ + --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ + -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_cluster_size';" \ + | awk '{print $2}') + CLUSTER_STATE=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysql \ + --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ + -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';" \ + | awk '{print $2}') + sleep 2 + if [[ $CLUSTER_NO == $((REPLICA_COUNT+DEPLOYMENT_REPLICA)) ]] \ + && [[ $CLUSTER_STATE == "Synced" ]] + then + echo "The cluster has $CLUSTER_NO members and $CLUSTER_STATE state." + break + fi +done + +MYSQL_STATUS=$(kubectl exec -n $NAMESPACE_ENV {{ include "common.fullname" . }}-0 -- mysqladmin \ + -uroot -p$MYSQL_ROOT_PASSWORD ping) + +while [[ ! $MYSQL_STATUS == "mysqld is alive" ]] +do + echo "Mariadb deployment is not ready yet." + sleep 2 + MYSQL_STATUS=$(kubectl exec -n $NAMESPACE_ENV {{ include "common.fullname" . }}-0 -- mysqladmin \ + -uroot -p$MYSQL_ROOT_PASSWORD ping) + if [[ $MYSQL_STATUS == "mysqld is alive" ]] + then + echo "Mariadb deployment is ready and cluster size is $CLUSTER_NO" + break + fi +done + +echo "Deleting upgrade deployment now" + +kubectl delete deployment -n $NAMESPACE_ENV {{ include "common.fullname" . }}-upgrade-deployment +kubectl delete secret -n $NAMESPACE_ENV {{ include "common.fullname" . }}-temp-upgrade-root +kubectl delete secret -n $NAMESPACE_ENV {{ include "common.fullname" . }}-temp-upgrade-usercred + +CLUSTER_NO=$(kubectl exec -n $NAMESPACE_ENV {{ include "common.fullname" . }}-0 -- \ + mysql --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ + -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_cluster_size';" | \ + awk '{print $2}') + +CLUSTER_STATE=$(kubectl exec -n $NAMESPACE_ENV {{ include "common.fullname" . }}-0 -- \ + mysql --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ + -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';" \ + | awk '{print $2}') + +while [[ ! $CLUSTER_NO == $REPLICA_COUNT ]] \ + || [[ ! $CLUSTER_STATE == "Synced" ]] +do + echo "$CLUSTER_NO and $CLUSTER_STATE" + CLUSTER_NO=$(kubectl exec -n $NAMESPACE_ENV {{ include "common.fullname" . }}-0 -- mysql \ + --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ + -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_cluster_size';" \ + | awk '{print $2}') + CLUSTER_STATE=$(kubectl exec -n $NAMESPACE_ENV {{ include "common.fullname" . }}-0 -- mysql \ + --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ + -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';" \ + | awk '{print $2}') + sleep 2 + if [[ $CLUSTER_NO == $REPLICA_COUNT ]] \ + && [[ $CLUSTER_STATE == "Synced" ]] + then + echo "The cluster has $CLUSTER_NO members and $CLUSTER_STATE state." + break + fi +done + +echo "The cluster upgrade is finished now" diff --git a/kubernetes/common/mariadb-galera/resources/upgrade-scripts.sh b/kubernetes/common/mariadb-galera/resources/upgrade-scripts.sh new file mode 100644 index 0000000000..ff44606e23 --- /dev/null +++ b/kubernetes/common/mariadb-galera/resources/upgrade-scripts.sh @@ -0,0 +1,101 @@ +#!/bin/bash +MYSQL_USER=$(kubectl exec -n $NAMESPACE_ENV \ + {{ include "common.fullname" . }}-0 -- printenv MYSQL_USER) + +MYSQL_PASSWORD=$(kubectl exec -n $NAMESPACE_ENV \ + {{ include "common.fullname" . }}-0 -- printenv MYSQL_PASSWORD) + +MYSQL_ROOT_PASSWORD=$(kubectl exec -n $NAMESPACE_ENV \ + {{ include "common.fullname" . }}-0 -- printenv MYSQL_ROOT_PASSWORD) + +kubectl create secret generic \ + '{{ include "common.fullname" . }}'-temp-upgrade-root \ + --from-literal=password=$MYSQL_ROOT_PASSWORD + +kubectl create secret generic \ + '{{ include "common.fullname" . }}'-temp-upgrade-usercred \ + --from-literal=login=$MYSQL_USER --from-literal=password=$MYSQL_PASSWORD + +kubectl create -f /upgrade/create-deployment.yml + +TEMP_POD=$(kubectl get pod -n $NAMESPACE_ENV --selector \ + app='{{ include "common.fullname" . }}' -o \ + jsonpath='{.items[?(@.metadata.ownerReferences[].kind=="ReplicaSet")].metadata.name}') + +CLUSTER_NO=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- \ + mysql --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ + -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_cluster_size';" | \ + awk '{print $2}') + +CLUSTER_STATE=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- \ + mysql --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ + -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';" \ + | awk '{print $2}') + +STS_REPLICA=$(kubectl get statefulsets -n $NAMESPACE_ENV \ + {{ include "common.fullname" . }} -o jsonpath='{.status.replicas}') + +DEPLOYMENT_REPLICA=$(kubectl get deployment -n $NAMESPACE_ENV \ + {{ include "common.fullname" . }}-upgrade-deployment -o \ + jsonpath='{.status.replicas}') + +while [[ ! $CLUSTER_NO == $((STS_REPLICA+DEPLOYMENT_REPLICA)) ]] \ + || [[ ! $CLUSTER_STATE == "Synced" ]] +do + echo "$CLUSTER_NO and $CLUSTER_STATE" + CLUSTER_NO=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysql \ + --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ + -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_cluster_size';" \ + | awk '{print $2}') + CLUSTER_STATE=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysql \ + --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ + -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';" \ + | awk '{print $2}') + sleep 2 + if [[ $CLUSTER_NO == $((STS_REPLICA+DEPLOYMENT_REPLICA)) ]] \ + && [[ $CLUSTER_STATE == "Synced" ]] + then + echo "The cluster has $CLUSTER_NO members and $CLUSTER_STATE state." + break + fi +done + +MYSQL_STATUS=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysqladmin \ + -uroot -p$MYSQL_ROOT_PASSWORD ping) + +while [[ ! $MYSQL_STATUS == "mysqld is alive" ]] +do + echo "Mariadb deployment is not ready yet." + sleep 2 + MYSQL_STATUS=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysqladmin \ + -uroot -p$MYSQL_ROOT_PASSWORD ping) + if [[ $MYSQL_STATUS == "mysqld is alive" ]] + then + echo "Mariadb deployment is ready." + break + fi +done + +kubectl scale statefulsets {{ include "common.fullname" . }} --replicas=0 +MY_REPLICA_NUMBER=$(kubectl get statefulsets -n $NAMESPACE_ENV \ + {{ include "common.fullname" . }} -o jsonpath='{.status.replicas}') +echo "The the cluster has $MY_REPLICA_NUMBER replicas." + +while [[ ! $MY_REPLICA_NUMBER == "0" ]] +do + echo "The cluster is not scaled to 0 yet. Please wait ..." + MY_REPLICA_NUMBER=$(kubectl get statefulsets -n $NAMESPACE_ENV \ + {{ include "common.fullname" . }} -o jsonpath='{.status.replicas}') + echo "The current status of the cluster is $MY_REPLICA_NUMBER" + sleep 2 + if [[ $MY_REPLICA_NUMBER == "0" ]] + then + break + fi +done + +for (( index=0; index<$STS_REPLICA; index+=1 )) +do + kubectl delete pvc \ + "{{ include "common.fullname" . }}-data-{{ include "common.fullname" . }}-$index" +done diff --git a/kubernetes/common/mariadb-galera/templates/configmap.yaml b/kubernetes/common/mariadb-galera/templates/configmap.yaml index a7064d7ce4..685901fa95 100644 --- a/kubernetes/common/mariadb-galera/templates/configmap.yaml +++ b/kubernetes/common/mariadb-galera/templates/configmap.yaml @@ -1,6 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada -# Copyright © 2020 Samsung Electronics +# Copyright © 2020 Samsung Electronics, and TATA Communications # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,7 +14,6 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} - {{- if .Values.externalConfig }} apiVersion: v1 kind: ConfigMap @@ -43,3 +42,37 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-upgrade-deployment + annotations: + "helm.sh/hook": "pre-upgrade" + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": hook-succeeded + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-post-upgrade-deployment + annotations: + "helm.sh/hook": "post-upgrade" + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": hook-succeeded + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/post-upgrade-script.sh").AsConfig . | indent 2 }} diff --git a/kubernetes/common/mariadb-galera/templates/job.yaml b/kubernetes/common/mariadb-galera/templates/job.yaml new file mode 100644 index 0000000000..db56f3e046 --- /dev/null +++ b/kubernetes/common/mariadb-galera/templates/job.yaml @@ -0,0 +1,109 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-pre-upgrade + annotations: + "helm.sh/hook": "pre-upgrade" + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + template: + spec: + securityContext: + fsGroup: 1001 + runAsUser: 1001 + containers: + - name: mariadb-job-pre-upgrade + image: {{ .Values.global.kubectlImage}} + imagePullPolicy: IfNotPresent + env: + - name: NAMESPACE_ENV + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + command: ["/bin/bash", "-c", "--"] + args: ["/upgrade/upgrade-scripts.sh"] + volumeMounts: + - name: config-mariadb-upgrade + mountPath: /upgrade + volumes: + - name: config-mariadb-upgrade + configMap: + name: {{ include "common.fullname" . }}-upgrade-deployment + defaultMode: 0777 + restartPolicy: OnFailure +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-post-upgrade + annotations: + "helm.sh/hook": "post-upgrade" + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + template: + spec: + securityContext: + fsGroup: 1001 + runAsUser: 0 + initContainers: + - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + name: mariadb-galera-upgrade-readiness + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + command: + - /root/ready.py + args: + - --container-name + - mariadb-galera + containers: + - name: mariadb-job-post-upgrade + image: {{ .Values.global.kubectlImage}} + imagePullPolicy: IfNotPresent + env: + - name: NAMESPACE_ENV + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: REPLICA_COUNT + value: "{{ .Values.replicaCount }}" + command: ["/bin/bash", "-c", "--"] + args: ["/upgrade/post-upgrade-script.sh"] + volumeMounts: + - name: config-mariadb-upgrade + mountPath: /upgrade + volumes: + - name: config-mariadb-upgrade + configMap: + name: {{ include "common.fullname" . }}-post-upgrade-deployment + defaultMode: 0777 + restartPolicy: OnFailure +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-post-delete + annotations: + "helm.sh/hook": "post-delete" + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + template: + spec: + containers: + - name: mariadb-job-post-delete + image: {{ .Values.global.kubectlImage}} + imagePullPolicy: IfNotPresent + command: ["/bin/bash", "-c", "--"] + args: + - for ((index=0;index<{{ $.Values.replicaCount }};index+=1)); + do kubectl delete pvc "{{ include "common.fullname" . }}-data-{{ include "common.fullname" . }}-$index"; + done; kubectl delete deployment {{ include "common.fullname" . }}-upgrade-deployment; + restartPolicy: OnFailure diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index af08ea3d58..4ccb0e5c6e 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -42,7 +42,10 @@ global: readinessRepository: oomk8s readinessImage: readiness-check:2.0.2 - + busyboxImage: busybox:1.30 + busyboxRepository: docker.io + # kubeclt image + kubectlImage: "bitnami/kubectl:1.15" ################################################################# # Application configuration defaults. diff --git a/kubernetes/common/mariadb-init/resources/config/db_init.sh b/kubernetes/common/mariadb-init/resources/config/db_init.sh index b2fdb14b12..40254d469b 100755 --- a/kubernetes/common/mariadb-init/resources/config/db_init.sh +++ b/kubernetes/common/mariadb-init/resources/config/db_init.sh @@ -14,11 +14,14 @@ # See the License for the specific language governing permissions and # limitations under the License. +# make sure the script fails if any of commands failed +set -e + while read DB ; do USER_VAR="MYSQL_USER_${DB^^}" PASS_VAR="MYSQL_PASSWORD_${DB^^}" USER=${!USER_VAR} - PASS=${!PASS_VAR} + PASS=`echo -n ${!PASS_VAR} | sed -e "s/'/''/g"` MYSQL_OPTS=( -h ${DB_HOST} -P ${DB_PORT} -uroot -p${MYSQL_ROOT_PASSWORD} ) echo "Creating database ${DB} and user ${USER}..." diff --git a/kubernetes/common/mongo/templates/statefulset.yaml b/kubernetes/common/mongo/templates/statefulset.yaml index ae373343d3..111bc80586 100644 --- a/kubernetes/common/mongo/templates/statefulset.yaml +++ b/kubernetes/common/mongo/templates/statefulset.yaml @@ -14,7 +14,7 @@ # limitations under the License. */}} -apiVersion: apps/v1beta1 +apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ include "common.fullname" . }} @@ -27,6 +27,9 @@ metadata: spec: serviceName: {{ .Values.service.name }} replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} template: metadata: labels: diff --git a/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml b/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml index 58866495db..fbdac61a9e 100644 --- a/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml +++ b/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml @@ -15,7 +15,7 @@ */}} -apiVersion: apps/v1beta1 +apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ include "common.fullname" . }} @@ -39,6 +39,9 @@ spec: topologyKey: kubernetes.io/hostname serviceName: {{ include "common.servicename" . }} replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} podManagementPolicy: {{ .Values.podManagementPolicy }} updateStrategy: type: {{ .Values.updateStrategy.type }} diff --git a/kubernetes/common/network-name-gen/templates/deployment.yaml b/kubernetes/common/network-name-gen/templates/deployment.yaml index b9550c7666..87dd622c35 100644 --- a/kubernetes/common/network-name-gen/templates/deployment.yaml +++ b/kubernetes/common/network-name-gen/templates/deployment.yaml @@ -14,7 +14,7 @@ # limitations under the License. */}} -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" . }} @@ -26,6 +26,9 @@ metadata: heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} template: metadata: labels: diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl index b1aae5f50d..456aa32bc0 100644 --- a/kubernetes/common/postgres/templates/_deployment.tpl +++ b/kubernetes/common/postgres/templates/_deployment.tpl @@ -18,7 +18,7 @@ {{- define "common.postgres.deployment" -}} {{- $dot := .dot }} {{- $pgMode := .pgMode }} -apiVersion: apps/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" $dot }}-{{ $pgMode }} @@ -32,6 +32,9 @@ metadata: spec: serviceName: {{ $dot.Values.service.name }} replicas: 1 + selector: + matchLabels: + app: {{ include "common.name" $dot }}-{{ $pgMode }} template: metadata: labels: diff --git a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl index 5c70e78735..1bdea6bb27 100644 --- a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl +++ b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl @@ -40,8 +40,8 @@ {{- $dot := default . .dot -}} {{- $initRoot := default $dot.Values.readinessCheck .initRoot -}} {{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}} -{{- $subchartDot := include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot) }} -{{- $wait_for := default $dot.Values.wait_for .wait_for -}} +{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} +{{- $wait_for := default $initRoot.wait_for .wait_for -}} - name: {{ include "common.name" $dot }}-{{ $wait_for.name }}-readiness image: "{{ $subchartDot.Values.global.readinessRepository }}/{{ $subchartDot.Values.global.readinessImage }}" imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }} diff --git a/kubernetes/common/serviceAccount/Chart.yaml b/kubernetes/common/serviceAccount/Chart.yaml new file mode 100644 index 0000000000..9e838af3a7 --- /dev/null +++ b/kubernetes/common/serviceAccount/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Template used to create the right Service Accounts / Role / RoleBinding +name: serviceAccount +version: 6.0.0 diff --git a/kubernetes/common/serviceAccount/requirements.yaml b/kubernetes/common/serviceAccount/requirements.yaml new file mode 100644 index 0000000000..237f1d1354 --- /dev/null +++ b/kubernetes/common/serviceAccount/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: 'file://../common' diff --git a/kubernetes/common/serviceAccount/templates/role-binding.yaml b/kubernetes/common/serviceAccount/templates/role-binding.yaml new file mode 100644 index 0000000000..2082f8466b --- /dev/null +++ b/kubernetes/common/serviceAccount/templates/role-binding.yaml @@ -0,0 +1,33 @@ +{{/* +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- $dot := . -}} +{{- range $role_type := $dot.Values.roles }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace. +kind: RoleBinding +metadata: + name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot )}} + namespace: {{ include "common.namespace" $dot }} +subjects: +- kind: ServiceAccount + name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot )}} +roleRef: + kind: Role + name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot )}} + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/kubernetes/common/serviceAccount/templates/role.yaml b/kubernetes/common/serviceAccount/templates/role.yaml new file mode 100644 index 0000000000..73f45b5fce --- /dev/null +++ b/kubernetes/common/serviceAccount/templates/role.yaml @@ -0,0 +1,105 @@ +{{/* +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- $dot := . -}} +{{- range $role_type := $dot.Values.roles }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot )}} + namespace: {{ include "common.namespace" $dot }} +rules: +{{- if eq $role_type "read" }} +- apiGroups: + - "" # "" indicates the core API group + - apps + - batch + resources: + - pods + - deployments + - jobs + - jobs/status + - statefulsets + - replicasets + - daemonsets + verbs: + - get + - watch + - list +{{- else }} +{{- if eq $role_type "create" }} +- apiGroups: + - "" # "" indicates the core API group + - apps + - batch + resources: + - pods + - deployments + - jobs + - jobs/status + - statefulsets + - replicasets + - daemonsets + - secrets + verbs: + - get + - watch + - list +- apiGroups: + - "" # "" indicates the core API group + - apps + resources: + - statefulsets + verbs: + - patch +- apiGroups: + - "" # "" indicates the core API group + - apps + resources: + - deployments + - secrets + verbs: + - create +- apiGroups: + - "" # "" indicates the core API group + - apps + resources: + - pods + - persistentvolumeclaims + - secrets + - deployment + verbs: + - delete +- apiGroups: + - "" # "" indicates the core API group + - apps + resources: + - pods/exec + verbs: + - create +{{- else }} +{{- if hasKey $dot.Values.new_roles_definitions $role_type }} +{{ include "common.tplValue" ( dict "value" (index $dot.Values.new_roles_definitions $role_type ) "context" $dot) }} +{{- else}} +# if you don't match read or create, then you're not allowed to use API +- apiGroups: [] + resources: [] + verbs: [] +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/kubernetes/common/serviceAccount/templates/service-account.yaml b/kubernetes/common/serviceAccount/templates/service-account.yaml new file mode 100644 index 0000000000..449bea684c --- /dev/null +++ b/kubernetes/common/serviceAccount/templates/service-account.yaml @@ -0,0 +1,24 @@ +{{/* +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- $dot := . -}} +{{- range $role_type := $dot.Values.roles }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot )}} +{{- end }} diff --git a/kubernetes/common/serviceAccount/values.yaml b/kubernetes/common/serviceAccount/values.yaml new file mode 100644 index 0000000000..afa819421c --- /dev/null +++ b/kubernetes/common/serviceAccount/values.yaml @@ -0,0 +1,29 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +roles: + - nothing +# - read +# - create + +new_roles_definitions: {} +# few-read: +# - apiGroups: +# - "" +# resources: +# - "pods" +# verbs: +# - "get" +# - "watch" +# - "list" diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml index 9009f6b114..13657bd012 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml @@ -74,7 +74,6 @@ spec: - dcae-inventory-api - "-t" - "15" - env: - name: NAMESPACE valueFrom: @@ -96,6 +95,15 @@ spec: volumeMounts: - mountPath: /opt/app/osaaf name: tls-info + - name: init-consul + image: {{ .Values.global.consulLoaderRepository }}/{{ .Values.global.consulLoaderImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + args: + - --service + - "config-binding-service|config-binding-service.{{ include "common.namespace" . }}|10000" + - --service + - "config_binding_service|config-binding-service.{{ include "common.namespace" . }}|10000" + resources: {} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index a9cac8beac..bc409a549c 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -107,7 +107,7 @@ mongo: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.6 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.0.0 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml index 8a03e90333..a21eabc24b 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml @@ -41,6 +41,22 @@ spec: hostnames: - "dcae-cloudify-manager" initContainers: + - name: {{ include "common.name" . }}-readiness + image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - aaf-cm + - "-t" + - "15" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace - name: {{ include "common.name" . }}-multisite-init image: {{ include "common.repository" . }}/{{ .Values.multisiteInitImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml index d2bda88577..b7ea4c9e6f 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml @@ -46,7 +46,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.cm-container:2.1.0 +image: onap/org.onap.dcaegen2.deployments.cm-container:3.0.0 pullPolicy: Always # name of shared ConfigMap with kubeconfig for multiple clusters diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml index fe681ca566..596a3988c2 100644 --- a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml @@ -42,6 +42,8 @@ spec: args: - --container-name - consul-server + - --container-name + - aaf-cm - "-t" - "15" env: diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml index 555d7ee28a..4d3e3c326c 100644 --- a/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -56,6 +56,10 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - mountPath: /opt/app/expected-components.json + subPath: expected-components.json + name: {{ include "common.fullname" .}}-expected-components env: - name: DCAE_NAMESPACE value: {{ .Values.dcae_ns }} @@ -63,5 +67,11 @@ spec: value: {{ include "common.namespace" . }} - name: HELM_RELEASE value: {{ include "common.release" . }} + - name: DEPLOY_LABEL + value: cfydeployment + volumes: + - name: {{ include "common.fullname" . }}-expected-components + configMap: + name: {{ include "common.release" . }}-dcae-expected-components imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml index cbde9a157b..ca9486f715 100644 --- a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml @@ -45,7 +45,7 @@ readiness: periodSeconds: 10 # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.healthcheck-container:1.3.1 +image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.0.0 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml index bf49157762..47b3312726 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml @@ -61,6 +61,8 @@ spec: args: - --container-name - {{ .Values.postgres.nameOverride }} + - --container-name + - aaf-cm - "-t" - "15" env: diff --git a/kubernetes/dcaegen2/resources/expected-components.json b/kubernetes/dcaegen2/resources/expected-components.json new file mode 100644 index 0000000000..fd3d04fcb8 --- /dev/null +++ b/kubernetes/dcaegen2/resources/expected-components.json @@ -0,0 +1,10 @@ +[ +{{- $ctx := . }} +{{- $components := tuple "dcae-cloudify-manager" "dcae-config-binding-service" "dcae-dashboard" "dcae-deployment-handler" "dcae-inventory-api" "dcae-policy-handler" "dcae-redis" "dcae-servicechange-handler" }} +{{- range $i, $v := $components }} +{{- if index $ctx.Values . "enabled" }} +{{- if $i }},{{ end }} +{{ $v | quote | indent 2 }} +{{- end -}} +{{- end }} +]
\ No newline at end of file diff --git a/kubernetes/dcaegen2/templates/configmap.yaml b/kubernetes/dcaegen2/templates/configmap.yaml new file mode 100644 index 0000000000..b315443c70 --- /dev/null +++ b/kubernetes/dcaegen2/templates/configmap.yaml @@ -0,0 +1,24 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.release" . }}-dcae-expected-components + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml index aff40d4a6a..c66a786537 100644 --- a/kubernetes/dcaegen2/values.yaml +++ b/kubernetes/dcaegen2/values.yaml @@ -26,3 +26,25 @@ global: busyboxImage: library/busybox:1.30 redis: replicaCount: 6 + +# Enable all DCAE components except redis by default +dcae-bootstrap: + enabled: true +dcae-cloudify-manager: + enabled: true +dcae-config-binding-service: + enabled: true +dcae-dashboard: + enabled: true +dcae-deployment-handler: + enabled: true +dcae-healthcheck: + enabled: true +dcae-inventory-api: + enabled: true +dcae-policy-handler: + enabled: true +dcae-redis: + enabled: false +dcae-servicechange-handler: + enabled: true
\ No newline at end of file diff --git a/kubernetes/dcaemod/Makefile b/kubernetes/dcaemod/Makefile index b1e5a7355e..b7cf1a6963 100644 --- a/kubernetes/dcaemod/Makefile +++ b/kubernetes/dcaemod/Makefile @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -make-dcaemod: make-dcaemod-distributor-api make-dcaemod-genprocessor make-dcaemod-designtool make-dcaemod-onboarding-api make-dcaemod-runtime-api make-dcaemod-nifi-registry +make-dcaemod: make-dcaemod-distributor-api make-dcaemod-genprocessor make-dcaemod-designtool make-dcaemod-onboarding-api make-dcaemod-runtime-api make-dcaemod-nifi-registry make-dcaemod-healthcheck make-dcaemod-distributor-api: cd components && helm dep up dcaemod-genprocessor && helm lint dcaemod-genprocessor @@ -31,6 +31,9 @@ make-dcaemod-runtime-api: make-dcaemod-nifi-registry: cd components && helm dep up dcaemod-nifi-registry && helm lint dcaemod-nifi-registry +make-dcaemod-healthcheck: + cd components && helm dep up dcaemod-healthcheck && helm lint dcaemod-healthcheck + clean: @find . -type f -name '*.tgz' -delete @find . -type f -name '*.lock' -delete diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/Chart.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/Chart.yaml new file mode 100644 index 0000000000..00b0117115 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/Chart.yaml @@ -0,0 +1,22 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2018 Amdocs, Bell Canada +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +description: ONAP DCAE MOD Health Check +name: dcaemod-healthcheck +version: 6.0.0 diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml new file mode 100644 index 0000000000..6f858bda03 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml @@ -0,0 +1,22 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2018 Amdocs, Bell Canada +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml new file mode 100644 index 0000000000..64268abb33 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml @@ -0,0 +1,64 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: 1 + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: +{{ include "common.resources" . | indent 12 }} + ports: {{ include "common.containerPorts" . | nindent 10 }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ ( index .Values.service.ports 0).port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ ( index .Values.service.ports 0).port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - mountPath: /opt/app/expected-components.json + subPath: expected-components.json + name: {{ include "common.fullname" .}}-expected-components + env: + - name: DCAE_NAMESPACE + value: {{ .Values.dcae_ns }} + - name: ONAP_NAMESPACE + value: {{ include "common.namespace" . }} + - name: HELM_RELEASE + value: {{ include "common.release" . }} + volumes: + - name: {{ include "common.fullname" . }}-expected-components + configMap: + name: {{ include "common.release" . }}-dcaemod-expected-components + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/service.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/service.yaml new file mode 100644 index 0000000000..30eda2cfe8 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/service.yaml @@ -0,0 +1,18 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml new file mode 100644 index 0000000000..fae177ca38 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml @@ -0,0 +1,69 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2018 Amdocs, Bell Canada +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + +service: + name: dcaemod-healthcheck + type: ClusterIP + ports: + - name: http + port: 8080 + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 +# application image +repository: nexus3.onap.org:10001 +image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.0.0 + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 4Gi + requests: + cpu: 2 + memory: 2Gi + unlimited: {} + + diff --git a/kubernetes/dcaemod/requirements.yaml b/kubernetes/dcaemod/requirements.yaml index 830eac3b5a..98a563f535 100644 --- a/kubernetes/dcaemod/requirements.yaml +++ b/kubernetes/dcaemod/requirements.yaml @@ -23,15 +23,24 @@ dependencies: - name: dcaemod-distributor-api version: ~6.x-0 repository: 'file://components/dcaemod-distributor-api' + condition: dcaemod-distributor-api.enabled - name: dcaemod-designtool version: ~6.x-0 repository: 'file://components/dcaemod-designtool' + condition: dcaemod-designtool.enabled - name: dcaemod-onboarding-api version: ~6.x-0 repository: 'file://components/dcaemod-onboarding-api' + condition: dcaemod-onboarding-api.enabled - name: dcaemod-runtime-api version: ~6.x-0 repository: 'file://components/dcaemod-runtime-api' + condition: dcaemod-runtime-api.enabled - name: dcaemod-nifi-registry version: ~6.x-0 - repository: 'file://components/dcaemod-nifi-registry'
\ No newline at end of file + repository: 'file://components/dcaemod-nifi-registry' + condition: dcaemod-nifi-registry.enabled + - name: dcaemod-healthcheck + version: ~6.x-0 + repository: 'file://components/dcaemod-healthcheck' + condition: dcaemod-healthcheck.enabled
\ No newline at end of file diff --git a/kubernetes/dcaemod/resources/expected-components.json b/kubernetes/dcaemod/resources/expected-components.json new file mode 100644 index 0000000000..7fd644c3f8 --- /dev/null +++ b/kubernetes/dcaemod/resources/expected-components.json @@ -0,0 +1,10 @@ +[ +{{- $ctx := . }} +{{- $components := tuple "dcaemod-designtool" "dcaemod-distributor-api" "dcaemod-genprocessor" "dcaemod-nifi-registry" "dcaemod-onboarding-api" "dcaemod-runtime-api" }} +{{- range $i, $v := $components }} +{{- if index $ctx.Values . "enabled" }} +{{- if $i }},{{ end }} +{{ $v | quote | indent 2 }} +{{- end -}} +{{- end }} +]
\ No newline at end of file diff --git a/kubernetes/dcaemod/templates/configmap.yaml b/kubernetes/dcaemod/templates/configmap.yaml new file mode 100644 index 0000000000..9748319c9a --- /dev/null +++ b/kubernetes/dcaemod/templates/configmap.yaml @@ -0,0 +1,24 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.release" . }}-dcaemod-expected-components + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/dcaemod/values.yaml b/kubernetes/dcaemod/values.yaml new file mode 100644 index 0000000000..6c1dff5b3d --- /dev/null +++ b/kubernetes/dcaemod/values.yaml @@ -0,0 +1,39 @@ +# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + tlsRepository: nexus3.onap.org:10001 + tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 + busyboxRepository: docker.io + busyboxImage: library/busybox:1.30 + +# Enable all DCAE MOD components by default +dcaemod-designtool: + enabled: true +dcaemod-distributor-api: + enabled: true +dcaemod-genprocessor: + enabled: true +dcaemod-healthcheck: + enabled: true +dcaemod-nifi-registry: + enabled: true +dcaemod-onboarding-api: + enabled: true +dcaemod-runtime-api: + enabled: true
\ No newline at end of file diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml index 5b22f06aa8..cde35af14c 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml @@ -52,11 +52,11 @@ spec: - name: {{ include "common.fullname" . }}-dbc-dcaelocations mountPath: /opt/app/config/dcaeLocations/ - name: {{ include "common.fullname" . }}-dr-nodes - mountPath: /opt/app/config/dr-nodes/ + mountPath: /opt/app/config/dr_nodes/ - name: {{ include "common.fullname" . }}-feeds mountPath: /opt/app/config/feeds/ - name: {{ include "common.fullname" . }}-mr-clusters - mountPath: /opt/app/config/mr-clusters/ + mountPath: /opt/app/config/mr_clusters/ - name: {{ include "common.fullname" . }}-topics mountPath: /opt/app/config/topics/ resources: {{ include "common.resources" . | nindent 10 }} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml index 94b026fab7..a873762295 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml @@ -25,4 +25,7 @@ dependencies: - name: mariadb-galera alias: mariadb version: ~6.x-0 - repository: '@local'
\ No newline at end of file + repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml index adbdb688c2..8db6edba1e 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml @@ -46,61 +46,15 @@ spec: apiVersion: v1 fieldPath: metadata.namespace {{- if .Values.global.aafEnabled }} - - name: {{ include "common.name" . }}-aaf-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /root/ready.py - args: - - --container-name - - aaf-locate - - --container-name - - aaf-cm - - --container-name - - aaf-service - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: {{ include "common.name" . }}-dr-prov-aaf-config - image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"] - volumeMounts: - - mountPath: {{ .Values.persistence.aafCredsPath }} - name: {{ include "common.fullname" . }}-aaf-config-vol - env: - - name: APP_FQI - value: "{{ .Values.aafConfig.fqi }}" - - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace }}:8095" - - name: aaf_locator_container - value: "{{ .Values.global.aafLocatorContainer }}" - - name: aaf_locator_container_ns - value: "{{ .Release.Namespace }}" - - name: aaf_locator_fqdn - value: "{{ .Values.aafConfig.fqdn }}" - - name: aaf_locator_public_fqdn - value: "{{.Values.aafConfig.publicFqdn}}" - - name: aaf_locator_app_ns - value: "{{ .Values.global.aafAppNs }}" - - name: DEPLOY_FQI - value: "{{ .Values.aafConfig.aafDeployFqi }}" - - name: DEPLOY_PASSWORD - value: "{{ .Values.aafConfig.aafDeployPass }}" - - name: cadi_longitude - value: "{{ .Values.aafConfig.cadiLongitude }}" - - name: cadi_latitude - value: "{{ .Values.aafConfig.cadiLatitude }}" + + {{ include "common.certInitializer.initContainer" . | nindent 8 }} + - name: {{ include "common.name" . }}-permission-fixer image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: {{ .Values.persistence.aafCredsPath }} - name: {{ include "common.fullname" . }}-aaf-config-vol + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} command: ["chown","-Rf","1000:1001", "/opt/app/"] + {{ end }} containers: - name: {{ include "common.name" . }} @@ -125,11 +79,7 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }} - name: DB_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }} - volumeMounts: - {{- if .Values.global.aafEnabled }} - - mountPath: {{ .Values.persistence.aafCredsPath }} - name: {{ include "common.fullname" . }}-aaf-config-vol - {{- end }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /etc/localtime name: localtime readOnly: false @@ -163,7 +113,7 @@ spec: mountPath: /usr/share/filebeat/data - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap/datarouter-prov - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: path: /etc/localtime @@ -183,14 +133,5 @@ spec: emptyDir: {} - name: {{ include "common.fullname" . }}-logs emptyDir: {} - {{- if .Values.global.aafEnabled }} - - name: {{ include "common.fullname" . }}-aaf-config-vol - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }}-aaf-props - {{- else }} - emptyDir: {} - {{- end }} - {{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/pv.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/pv.yaml deleted file mode 100644 index 1a09a81a0e..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/pv.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{/* - # ============LICENSE_START======================================================= - # Copyright (C) 2019 Nordix Foundation. - # ================================================================================ - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - # - # SPDX-License-Identifier: Apache-2.0 - # ============LICENSE_END========================================================= -*/}} -{{- if .Values.global.aafEnabled }} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} -{{- if eq "True" (include "common.needPV" .) -}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-aaf-props - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-aaf-props - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }}-aaf-props -spec: - capacity: - storage: {{ .Values.persistence.aafCredsSize}} - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: "{{ include "common.fullname" . }}-data" - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - hostPath: - path: {{ .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.aafCredsMountSubPath }} -{{ end -}} -{{- end -}} -{{- end -}} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/pvc.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/pvc.yaml deleted file mode 100644 index c6ac7497b5..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/pvc.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{/* - # ============LICENSE_START======================================================= - # Copyright (C) 2019 Nordix Foundation. - # ================================================================================ - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - # - # SPDX-License-Identifier: Apache-2.0 - # ============LICENSE_END========================================================= -*/}} -{{- if .Values.global.aafEnabled }} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-aaf-props - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.aafCredsSize }} -{{ end -}} -{{ end -}} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml index 3fb90f0533..1cf2e583d1 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml @@ -25,7 +25,7 @@ global: ################################################################# secrets: - uid: dmaap-dr-db-user-secret - name: '{{ include "common.release" . }}-dmaap-dr-db-user-secret' + name: &dbSecretName '{{ include "common.release" . }}-dmaap-dr-db-user-secret' type: basicAuth externalSecret: '{{ tpl (default "" .Values.config.dmaapDrDb.userCredentialsExternalSecret) . }}' login: '{{ .Values.config.dmaapDrDb.userName }}' @@ -69,10 +69,6 @@ persistence: accessMode: ReadWriteOnce mountPath: /dockerdata-nfs - aafCredsMountSubPath: data-router/dr-prov/aaf-props - aafCredsSize: 10M - aafCredsPath: /opt/app/osaaf/local - ingress: enabled: false service: @@ -111,7 +107,7 @@ mariadb: nameOverride: dmaap-dr-db replicaCount: 2 config: - userCredentialsExternalSecret: '{{ include "common.release" . }}-dmaap-dr-db-user-secret' + userCredentialsExternalSecret: *dbSecretName mysqlDatabase: datarouter service: name: dmaap-dr-db-svc @@ -121,15 +117,22 @@ mariadb: size: 1Gi mountSubPath: data-router/dr-db-data -#AAF local config -aafConfig: +################################################################# +# AAF part +################################################################# +certInitializer: + nameOverride: dmaap-dr-prov-cert-initializer aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! +# aafDeployCredsExternalSecret: some secret fqdn: dmaap-dr-prov fqi: dmaap-dr-prov@dmaap-dr.onap.org publicFqdn: dmaap-dr.onap.org cadiLatitude: 0.0 cadiLongitude: 0.0 + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/onap/Chart.yaml b/kubernetes/onap/Chart.yaml index 65588b5f39..874d498284 100644 --- a/kubernetes/onap/Chart.yaml +++ b/kubernetes/onap/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 name: onap version: 6.0.0 -appVersion: El Alto +appVersion: Frankfurt description: Open Network Automation Platform (ONAP) home: https://www.onap.org/ sources: diff --git a/kubernetes/onap/resources/overrides/aaf-cert-service-environment.yaml b/kubernetes/onap/resources/overrides/aaf-cert-service-environment.yaml new file mode 100644 index 0000000000..da00f61e2f --- /dev/null +++ b/kubernetes/onap/resources/overrides/aaf-cert-service-environment.yaml @@ -0,0 +1,47 @@ +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# +# These overrides will affect all helm charts (ie. applications) +# that are listed below and are 'enabled'. +# +# +# This is specifically for the environments which take time to +# deploy ONAP. This increase in timeouts prevents false restarting of +# the pods during startup configuration. +# +# These timers have been tuned by the ONAP integration team. They +# have been tested and validated in the ONAP integration lab (Intel/Windriver lab). +# They are however indicative and may be adapted to your environment as they +# depend on the performance of the infrastructure you are installing ONAP on. +# +# Please note that these timers must remain reasonable, in other words, if +# your infrastructure is not performant enough, extending the timers to very +# large value may not fix all installation issues on over subscribed hardware. +# +################################################################# +global: + cmpv2Enabled: true + aaf: + certServiceClient: + envVariables: + # Certificate related + cmpv2Organization: "Linux-Foundation" + cmpv2OrganizationalUnit: "ONAP" + cmpv2Location: "San-Francisco" + cmpv2State: "California" + cmpv2Country: "US" + # Client configuration related + caName: "RA" diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 973613b464..8a94369d39 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -50,7 +50,7 @@ global: # readiness check - temporary repo until images migrated to nexus3 readinessRepository: oomk8s - readinessImage: readiness-check:2.2.1 + readinessImage: readiness-check:2.2.2 # curl image curlImage: curlimages/curl:7.69.1 @@ -58,6 +58,16 @@ global: # logging agent - temporary repo until images migrated to nexus3 loggingRepository: docker.elastic.co + # dockerHub main repository + dockerHubRepository: docker.io + + # busybox repo and image + busyboxRepository: docker.io + busyboxImage: busybox:1.30 + + # kubeclt image + kubectlImage: "bitnami/kubectl:1.15" + # image pull policy pullPolicy: Always @@ -101,6 +111,28 @@ global: # Enabling CMPv2 cmpv2Enabled: true + aaf: + certServiceClient: + image: onap/org.onap.aaf.certservice.aaf-certservice-client:1.1.0 + secret: + name: aaf-cert-service-client-tls-secret + mountPath: /etc/onap/aaf/certservice/certs/ + envVariables: + # Certificate related + cmpv2Organization: "Linux-Foundation" + cmpv2OrganizationalUnit: "ONAP" + cmpv2Location: "San-Francisco" + cmpv2State: "California" + cmpv2Country: "US" + # Client configuration related + caName: "RA" + requestURL: "https://aaf-cert-service:8443/v1/certificate/" + outputType: "P12" + requestTimeout: "20000" + keystorePath: "/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks" + keystorePassword: "secret" + truststorePath: "/etc/onap/aaf/certservice/certs/truststore.jks" + truststorePassword: "secret" # TLS # Set to false if you want to disable TLS for NodePorts. Be aware that this diff --git a/kubernetes/portal/components/portal-sdk/requirements.yaml b/kubernetes/portal/components/portal-sdk/requirements.yaml index c5d7864b9d..00b92235f3 100644 --- a/kubernetes/portal/components/portal-sdk/requirements.yaml +++ b/kubernetes/portal/components/portal-sdk/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/portal/components/portal-sdk/resources/server/server.xml b/kubernetes/portal/components/portal-sdk/resources/server/server.xml index dffcfbe419..1cea5ab8f8 100644 --- a/kubernetes/portal/components/portal-sdk/resources/server/server.xml +++ b/kubernetes/portal/components/portal-sdk/resources/server/server.xml @@ -94,7 +94,7 @@ {{ if .Values.global.aafEnabled }} <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" - keystoreFile="{{.Values.aafConfig.credsPath}}/{{.Values.aafConfig.keystoreFile}}" + keystoreFile="{{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.keystoreFile}}" keystorePass="${javax.net.ssl.keyStorePassword}" clientAuth="false" sslProtocol="TLS" /> {{ end }} @@ -152,4 +152,4 @@ </Host> </Engine> </Service> -</Server>
\ No newline at end of file +</Server> diff --git a/kubernetes/portal/components/portal-sdk/templates/configmap.yaml b/kubernetes/portal/components/portal-sdk/templates/configmap.yaml index 1dbdeedd5a..5ad9910c56 100644 --- a/kubernetes/portal/components/portal-sdk/templates/configmap.yaml +++ b/kubernetes/portal/components/portal-sdk/templates/configmap.yaml @@ -26,17 +26,3 @@ metadata: data: {{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTALSDK/*").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }} - -{{ if .Values.global.aafEnabled }} -{{- if .Values.aafConfig.addconfig -}} ---- -apiVersion: v1 -kind: ConfigMap -{{- $suffix := "aaf-add-config" }} -metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} -data: - aaf-add-config.sh: |- - /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \ - {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop -{{- end -}} -{{- end -}}
\ No newline at end of file diff --git a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml index b78ef34fa1..e7913ba1a5 100644 --- a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml @@ -46,24 +46,22 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - {{- if .Values.global.aafEnabled }} -{{ include "common.aaf-config" . | indent 6 }} - {{- end }} +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["bash","-c"] {{- if .Values.global.aafEnabled }} - args: ["export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0);\ + args: ["export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0);\ export _JAVA_OPTIONS=\"-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \ -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\ /start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"] env: - name: CATALINA_OPTS value: > - -Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}" - -Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}" + -Djavax.net.ssl.keyStore="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }}" + -Djavax.net.ssl.trustStore="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }}" {{- else }} args: ["/start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"] {{- end }} @@ -82,9 +80,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - {{- if .Values.global.aafEnabled }} -{{ include "common.aaf-config-volume-mountpath" . | indent 8 }} - {{- end }} +{{ include "common.certInitializer.volumeMount" . | indent 8 }} - name: properties-onapportalsdk mountPath: "{{ .Values.global.env.tomcatDir }}/conf/server.xml" subPath: server.xml @@ -148,8 +144,6 @@ spec: emptyDir: {} - name: portal-tomcat-logs emptyDir: {} - {{- if .Values.global.aafEnabled }} -{{ include "common.aaf-config-volumes" . | indent 8 }} - {{- end }} +{{ include "common.certInitializer.volumes" . | indent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/portal/components/portal-sdk/values.yaml b/kubernetes/portal/components/portal-sdk/values.yaml index 2363ec5691..47c0189c40 100644 --- a/kubernetes/portal/components/portal-sdk/values.yaml +++ b/kubernetes/portal/components/portal-sdk/values.yaml @@ -27,7 +27,6 @@ global: persistence: {} #AAF service aafEnabled: true - aafAgentImage: onap/aaf/aaf_agent:2.1.20 ################################################################# # Application configuration defaults. @@ -40,30 +39,25 @@ pullPolicy: Always #AAF local config aafURL: https://aaf-service:8100/authz/ -aafConfig: +certInitializer: + nameOverride: portal-sdk-cert-initializer aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! fqdn: portal fqi: portal@portal.onap.org - publicFqdn: portal.onap.org + public_fqdn: portal.onap.org cadi_latitude: "38.0" cadi_longitude: "-72.0" credsPath: /opt/app/osaaf/local app_ns: org.osaaf.aaf permission_user: 1000 permission_group: 999 - addconfig: true - secret_uid: &aaf_secret_uid portal-sdk-aaf-deploy-creds keystoreFile: "org.onap.portal.p12" truststoreFile: "org.onap.portal.trust.jks" - -secrets: - - uid: *aaf_secret_uid - type: basicAuth - externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}' - login: '{{ .Values.aafConfig.aafDeployFqi }}' - password: '{{ .Values.aafConfig.aafDeployPass }}' - passwordPolicy: required + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh; + /opt/app/aaf_config/bin/agent.sh local showpass \ + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop # flag to enable debugging - application support required debugEnabled: false diff --git a/kubernetes/robot b/kubernetes/robot -Subproject 51322d3b374588a051b4a5522fbd25ac92ffb32 +Subproject 7ee95b4c8f667dd0506499db17688473309cd91 diff --git a/kubernetes/sdc/charts/sdc-be/values.yaml b/kubernetes/sdc/charts/sdc-be/values.yaml index ac0403b889..efe9cb0cf0 100644 --- a/kubernetes/sdc/charts/sdc-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-backend:1.6.6 -backendInitImage: onap/sdc-backend-init:1.6.6 +image: onap/sdc-backend:1.6.7 +backendInitImage: onap/sdc-backend-init:1.6.7 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdc/charts/sdc-cs/values.yaml b/kubernetes/sdc/charts/sdc-cs/values.yaml index cabf2c19eb..927dd98887 100644 --- a/kubernetes/sdc/charts/sdc-cs/values.yaml +++ b/kubernetes/sdc/charts/sdc-cs/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-cassandra:1.6.6 -cassandraInitImage: onap/sdc-cassandra-init:1.6.6 +image: onap/sdc-cassandra:1.6.7 +cassandraInitImage: onap/sdc-cassandra-init:1.6.7 pullPolicy: Always diff --git a/kubernetes/sdc/charts/sdc-fe/values.yaml b/kubernetes/sdc/charts/sdc-fe/values.yaml index 98452c23e1..ff1890ca66 100644 --- a/kubernetes/sdc/charts/sdc-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-fe/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-frontend:1.6.6 +image: onap/sdc-frontend:1.6.7 pullPolicy: Always config: diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml index f83000f74a..bdd99953bd 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-onboard-backend:1.6.6 -onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.6 +image: onap/sdc-onboard-backend:1.6.7 +onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.7 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml index 05793d4f5b..8bab2c84ea 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-workflow-backend:1.7.0 -configInitImage: onap/sdc-workflow-init:1.7.0 +image: onap/workflow-backend:1.6.4 +configInitImage: onap/workflow-init:1.6.4 pullPolicy: Always initJob: diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml index aaa7795709..359c33ab61 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-workflow-frontend:1.7.0 +image: onap/workflow-frontend:1.6.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/charts/dmaap-listener/values.yaml b/kubernetes/sdnc/charts/dmaap-listener/values.yaml index 5713b0918e..9fe8232532 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/charts/dmaap-listener/values.yaml @@ -56,7 +56,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-dmaap-listener-image:1.8.3 +image: onap/sdnc-dmaap-listener-image:1.8.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml index 749fe62459..fc93a6ea32 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml @@ -56,7 +56,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ansible-server-image:1.8.3 +image: onap/sdnc-ansible-server-image:1.8.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/charts/sdnc-portal/values.yaml b/kubernetes/sdnc/charts/sdnc-portal/values.yaml index 029159d03f..f2ce269505 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-portal/values.yaml @@ -73,7 +73,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/admportal-sdnc-image:1.8.3 +image: onap/admportal-sdnc-image:1.8.4 config: dbFabricDB: mysql dbFabricUser: admin diff --git a/kubernetes/sdnc/charts/ueb-listener/values.yaml b/kubernetes/sdnc/charts/ueb-listener/values.yaml index 2754ab274a..d9baeab11c 100644 --- a/kubernetes/sdnc/charts/ueb-listener/values.yaml +++ b/kubernetes/sdnc/charts/ueb-listener/values.yaml @@ -62,7 +62,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ueb-listener-image:1.8.3 +image: onap/sdnc-ueb-listener-image:1.8.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/resources/config/log/org.ops4j.pax.logging.cfg b/kubernetes/sdnc/resources/config/log/org.ops4j.pax.logging.cfg index 117a663dd4..a2daef1833 100644 --- a/kubernetes/sdnc/resources/config/log/org.ops4j.pax.logging.cfg +++ b/kubernetes/sdnc/resources/config/log/org.ops4j.pax.logging.cfg @@ -16,10 +16,10 @@ # limitations under the License. # ################################################################################ - -# Common pattern layout for appenders -log4j2.pattern = %d{ISO8601} | %-5p | %-16t | %-32c{1} | %X{bundle.id} - %X{bundle.name} - %X{bundle.version} | %X{currentGraph} - %X{nodeId} | %m%n - +# Properties used as default values in MDC +log4j2.property.ServiceName = INTERNAL +log4j2.property.ErrorCode = 900 +log4j2.property.ErrorDesc = UnknownError # Common properties maxFileSize=100MB @@ -28,111 +28,173 @@ logDir=/var/log/onap componentName=sdnc logDirectory=${logDir}/${componentName} karafLogName=karaf -errorLogName=error -metricsLogName=metrics auditLogName=audit debugLogName=debug +errorLogName=error +metricsLogName=metric +requestResponseLogName=request-response +securityLogName=security - -# Root logger log4j2.rootLogger.level = INFO -# uncomment to use asynchronous loggers, which require mvn:com.lmax/disruptor/3.3.2 library -#log4j2.rootLogger.type = asyncRoot -#log4j2.rootLogger.includeLocation = false -log4j2.rootLogger.appenderRef.RollingFile.ref = RollingFile +log4j2.rootLogger.appenderRef.KarafFile.ref = KarafFile log4j2.rootLogger.appenderRef.PaxOsgi.ref = PaxOsgi log4j2.rootLogger.appenderRef.Console.ref = Console +log4j2.rootLogger.appenderRef.DebugFile.ref = DebugFile +log4j2.rootLogger.appenderRef.ErrorFile.ref = ErrorFile log4j2.rootLogger.appenderRef.Console.filter.threshold.type = ThresholdFilter log4j2.rootLogger.appenderRef.Console.filter.threshold.level = ${karaf.log.console:-OFF} -# Loggers configuration - -# Spifly logger -log4j2.logger.spifly.name = org.apache.aries.spifly -log4j2.logger.spifly.level = WARN - -# Security audit logger -log4j2.logger.audit.name = org.apache.karaf.jaas.modules.audit -log4j2.logger.audit.level = INFO -log4j2.logger.audit.additivity = false -log4j2.logger.audit.appenderRef.AuditRollingFile.ref = AuditRollingFile +log4j2.bundle.info = %X{bundle.id} - %.50X{bundle.name} - %X{bundle.version} +# Veracode: Address Improper Output Neutralization for Logs CWE ID 117 flaw +# \\R matches any new line character, any new line character will replaced with space (stripped) +log4j2.pattern = %d{ISO8601} | %-5p | %-16t | %-32c{1} | ${log4j2.bundle.info} | %X{currentGraph} - %X{nodeId} | %replace{%m}{\\R}{ }%n # Appenders configuration - # Console appender not used by default (see log4j2.rootLogger.appenderRefs) log4j2.appender.console.type = Console log4j2.appender.console.name = Console log4j2.appender.console.layout.type = PatternLayout log4j2.appender.console.layout.pattern = ${log4j2.pattern} -# Rolling file appender -log4j2.appender.rolling.type = RollingRandomAccessFile -log4j2.appender.rolling.name = RollingFile -log4j.appender.rolling.level = INFO -log4j2.appender.rolling.fileName = ${logDirectory}/${karafLogName}.log -log4j2.appender.rolling.filePattern = ${logDirectory}/${karafLogName}.log.%i -# uncomment to not force a disk flush -#log4j2.appender.rolling.immediateFlush = false -log4j2.appender.rolling.append = true -log4j2.appender.rolling.layout.type = PatternLayout -log4j2.appender.rolling.layout.pattern = ${log4j2.pattern} -log4j2.appender.rolling.policies.type = Policies -log4j2.appender.rolling.policies.size.type = SizeBasedTriggeringPolicy -log4j2.appender.rolling.policies.size.size = ${maxFileSize} - -# Audit file appender - not currently used, so commented out -log4j2.appender.audit.type = RollingRandomAccessFile -log4j2.appender.audit.name = AuditRollingFile -log4j2.appender.audit.fileName = ${logDirectory}/${auditLogName}.log -log4j2.appender.audit.filePattern = ${logDirectory}/${auditLogName}.log.%i -log4j2.appender.audit.append = true -log4j2.appender.audit.layout.type = PatternLayout -log4j2.appender.audit.layout.pattern = ${log4j2.pattern} -log4j2.appender.audit.policies.type = Policies -log4j2.appender.audit.policies.size.type = SizeBasedTriggeringPolicy -log4j2.appender.audit.policies.size.size = ${maxFileSize} - # OSGi appender log4j2.appender.osgi.type = PaxOsgi log4j2.appender.osgi.name = PaxOsgi log4j2.appender.osgi.filter = * - -#ECOMP Debug appender +# KarafFile appender +log4j2.appender.karaf.type = RollingRandomAccessFile +log4j2.appender.karaf.name = KarafFile +log4j2.appender.karaf.fileName = ${logDirectory}/${karafLogName}.log +log4j2.appender.karaf.filePattern = ${logDirectory}/${karafLogName}.log.%i +# uncomment to not force a disk flush +#log4j2.appender.karaf.immediateFlush = false +log4j2.appender.karaf.append = true +log4j2.appender.karaf.layout.type = PatternLayout +log4j2.appender.karaf.layout.pattern = ${log4j2.pattern} +log4j2.appender.karaf.policies.type = Policies +log4j2.appender.karaf.policies.size.type = SizeBasedTriggeringPolicy +log4j2.appender.karaf.policies.size.size = ${maxFileSize} +log4j2.appender.karaf.strategy.type = DefaultRolloverStrategy +log4j2.appender.karaf.strategy.max = ${maxBackupIndex} +log4j2.appender.karaf.strategy.fileIndex = min + +#ecomp logging standards log4j2.appender.debug.type = RollingRandomAccessFile -log4j2.appender.debug.name = DebugRollingFile +log4j2.appender.debug.name = DebugFile log4j2.appender.debug.fileName = ${logDirectory}/${debugLogName}.log log4j2.appender.debug.filePattern = ${logDirectory}/${debugLogName}.log.%i +# uncomment to not force a disk flush +#log4j2.appender.debug.immediateFlush = false log4j2.appender.debug.append = true log4j2.appender.debug.layout.type = PatternLayout -log4j2.appender.debug.layout.pattern = ${log4j2.pattern} +log4j2.appender.debug.layout.pattern = %d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestID}|%-16.16t|%-5.5p|%-32.32c{1}|${log4j2.bundle.info}|%replace{%m}{\\R}{ }%n log4j2.appender.debug.policies.type = Policies log4j2.appender.debug.policies.size.type = SizeBasedTriggeringPolicy log4j2.appender.debug.policies.size.size = ${maxFileSize} +log4j2.appender.debug.strategy.type = DefaultRolloverStrategy +log4j2.appender.debug.strategy.max = ${maxBackupIndex} +log4j2.appender.debug.strategy.fileIndex = min - -#Error appender log4j2.appender.error.type = RollingRandomAccessFile -log4j2.appender.error.name = ErrorRollingFile +log4j2.appender.error.name = ErrorFile log4j2.appender.error.fileName = ${logDirectory}/${errorLogName}.log log4j2.appender.error.filePattern = ${logDirectory}/${errorLogName}.log.%i +# uncomment to not force a disk flush +#log4j2.appender.error.immediateFlush = false log4j2.appender.error.append = true log4j2.appender.error.layout.type = PatternLayout -log4j2.appender.error.layout.pattern = ${log4j2.pattern} +log4j2.appender.error.layout.pattern = %d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestID}|%-16.16t|$\$\\\{ctx:ServiceName\}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%p|$\$\\\{ctx:ErrorCode\}|$\$\\\{ctx:ErrorDesc\}|%replace{%m}{\\R}{ }%ex{full}{separator(\\n)}%n + log4j2.appender.error.policies.type = Policies log4j2.appender.error.policies.size.type = SizeBasedTriggeringPolicy log4j2.appender.error.policies.size.size = ${maxFileSize} +log4j2.appender.error.strategy.type = DefaultRolloverStrategy +log4j2.appender.error.strategy.max = ${maxBackupIndex} +log4j2.appender.error.strategy.fileIndex = min +log4j2.appender.error.filter.threshold.type = ThresholdFilter +log4j2.appender.error.filter.threshold.level = WARN +log4j2.appender.error.filter.threshold.match = ACCEPT + +log4j2.appender.metric.type = RollingRandomAccessFile +log4j2.appender.metric.name = MetricFile +log4j2.appender.metric.fileName = ${logDirectory}/${metricsLogName}.log +log4j2.appender.metric.filePattern = ${logDirectory}/${metricsLogName}.log.%i +# uncomment to not force a disk flush +#log4j2.appender.metric.immediateFlush = false +log4j2.appender.metric.append = true +log4j2.appender.metric.layout.type = PatternLayout +log4j2.appender.metric.layout.pattern=%X{InvokeTimestamp}|%X{LogTimestamp}|%X{RequestID}|%X{ServiceInstanceID}|%-16.16t|%X{ServerFQDN}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceID}|%p|%X{Severity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{ClientIPAddress}|%C{1}|||%X{TargetElement}|%X{slf4j.marker}|%X|%X{currentGraph} - %X{nodeId}|${log4j2.bundle.info}|%m%n +log4j2.appender.metric.policies.type = Policies +log4j2.appender.metric.policies.size.type = SizeBasedTriggeringPolicy +log4j2.appender.metric.policies.size.size = ${maxFileSize} +log4j2.appender.metric.strategy.type = DefaultRolloverStrategy +log4j2.appender.metric.strategy.max = 100 +log4j2.appender.metric.strategy.fileIndex = min -#Metrics appender - not used so commented out -#log4j2.appender.metrics.type = RollingRandomAccessFile -#log4j2.appender.metrics.name = MetricsRollingFile -#log4j2.appender.metrics.fileName = ${logDirectory}/${metricsLogName}.log -#log4j2.appender.metrics.filePattern = ${logDirectory}/${metricsLogName}.log.%i -#log4j2.appender.metrics.append = true -#log4j2.appender.metrics.layout.type = PatternLayout -#log4j2.appender.metrics.layout.pattern = ${log4j2.pattern} -#log4j2.appender.metrics.policies.type = Policies -#log4j2.appender.metrics.policies.size.type = SizeBasedTriggeringPolicy -#log4j2.appender.metrics.policies.size.size = ${maxFileSize} +log4j2.appender.audit.type = RollingRandomAccessFile +log4j2.appender.audit.name = AuditFile +log4j2.appender.audit.fileName = ${logDirectory}/${auditLogName}.log +log4j2.appender.audit.filePattern = ${logDirectory}/${auditLogName}.log.%i +# uncomment to not force a disk flush +#log4j2.appender.audit.immediateFlush = false +log4j2.appender.audit.append = true +log4j2.appender.audit.layout.type = PatternLayout +log4j2.appender.audit.layout.pattern=%X{EntryTimestamp}|%X{LogTimestamp}|%X{RequestID}|%X{ServiceInstanceID}|%-16.16t|%X{ServerFQDN}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceID}|INFO|%X{Severity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{ClientIPAddress}|%C{1}|%X{AUDIT-Unused}|%X{AUDIT-ProcessKey}|%X{slf4j.marker}|%X|%X{currentGraph} - %X{nodeId}|${log4j2.bundle.info}|%m%n +log4j2.appender.audit.policies.type = Policies +log4j2.appender.audit.policies.size.type = SizeBasedTriggeringPolicy +log4j2.appender.audit.policies.size.size = ${maxFileSize} +log4j2.appender.audit.strategy.type = DefaultRolloverStrategy +log4j2.appender.audit.strategy.max = ${maxBackupIndex} +log4j2.appender.audit.strategy.fileIndex = min + +log4j2.appender.rr.name = RequestResponseFile +log4j2.appender.rr.type = RollingRandomAccessFile +log4j2.appender.rr.fileName = ${logDirectory}/${requestResponseLogName}.log +log4j2.appender.rr.filePattern = ${logDirectory}/${requestResponseLogName}.log.%i +log4j2.appender.rr.immediateFlush = false +log4j2.appender.rr.append = true +log4j2.appender.rr.layout.type = PatternLayout +log4j2.appender.rr.layout.pattern = %d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestID}|%X{PartnerName}|%m%n +log4j2.appender.rr.policies.type = Policies +log4j2.appender.rr.policies.size.type = SizeBasedTriggeringPolicy +log4j2.appender.rr.policies.size.size = 50MB +log4j2.appender.rr.strategy.type = DefaultRolloverStrategy +log4j2.appender.rr.strategy.max = 100 +log4j2.appender.rr.strategy.fileIndex = min + +log4j2.appender.security.type = RollingRandomAccessFile +log4j2.appender.security.name = securityRollingFile +log4j2.appender.security.fileName = ${logDirectory}/${securityLogName}.log +log4j2.appender.security.filePattern = ${logDirectory}/${securityLogName}.log.%i +log4j2.appender.security.append = true +log4j2.appender.security.layout.type = PatternLayout +log4j2.appender.security.layout.pattern = ${log4j2.pattern} +log4j2.appender.security.policies.type = Policies +log4j2.appender.security.policies.size.type = SizeBasedTriggeringPolicy +log4j2.appender.security.policies.size.size = ${maxFileSize} +# Security audit logger +log4j2.logger.security.name = org.apache.karaf.jaas.modules.audit +log4j2.logger.security.level = INFO +log4j2.logger.security.additivity = false +log4j2.logger.security.appenderRef.AuditRollingFile.ref = AuditRollingFile +log4j2.logger.audit.name = org.onap.logging.filter.base.AbstractAuditLogFilter +log4j2.logger.audit.level = INFO +log4j2.logger.audit.additivity = false +log4j2.logger.audit.appenderRef.AuditFile.ref = AuditFile + +log4j2.logger.metric.name = org.onap.ccsdk.sli.core.filters.metric +log4j2.logger.metric.level = INFO +log4j2.logger.metric.additivity = false +log4j2.logger.metric.appenderRef.MetricFile.ref = MetricFile + +log4j2.logger.metric2.name = org.onap.logging.filter.base.AbstractBaseMetricLogFilter +log4j2.logger.metric2.level = INFO +log4j2.logger.metric2.additivity = false +log4j2.logger.metric2.appenderRef.MetricFile.ref = MetricFile + +log4j2.logger.rr.name = org.onap.logging.filter.base.PayloadLoggingServletFilter +log4j2.logger.rr.level = INFO +log4j2.logger.rr.additivity = false +log4j2.logger.rr.appenderRef.RequestResponseFile.ref = RequestResponseFile diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 6001fab2c1..f16f3b1925 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -112,7 +112,7 @@ secrets: # application images repository: nexus3.onap.org:10001 pullPolicy: Always -image: onap/sdnc-image:1.8.3 +image: onap/sdnc-image:1.8.4 # flag to enable debugging - application support required diff --git a/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks b/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks Binary files differindex 9ebe9a8041..31ea6ba650 100644 --- a/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks +++ b/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks diff --git a/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml index 1166eab0c4..4128bc36ee 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml @@ -55,11 +55,11 @@ etsi-catalog-manager: vnfpkgm: {{- if .Values.global.msbEnabled }} endpoint: https://msb-iag:443/api/vnfpkgm/v1 - http: - client: - ssl: - trust-store: ${TRUSTSTORE} - trust-store-password: ${TRUSTSTORE_PASSWORD} + http: + client: + ssl: + trust-store: ${TRUSTSTORE} + trust-store-password: ${TRUSTSTORE_PASSWORD} {{- else }} endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api/vnfpkgm/v1 {{- end }} |