diff options
Diffstat (limited to 'kubernetes')
79 files changed, 646 insertions, 266 deletions
diff --git a/kubernetes/Makefile b/kubernetes/Makefile index dfad45ff24..db361fb5be 100644 --- a/kubernetes/Makefile +++ b/kubernetes/Makefile @@ -19,10 +19,11 @@ ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) OUTPUT_DIR := $(ROOT_DIR)/dist PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets -HELM_VER := $(shell helm version --template "{{.Version}}") +HELM_BIN := helm +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") ifneq ($(SKIP_LINT),TRUE) - HELM_LINT_CMD := helm lint + HELM_LINT_CMD := $(HELM_BIN) lint else HELM_LINT_CMD := echo "Skipping linting of" endif @@ -59,7 +60,7 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi @@ -67,12 +68,12 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) ifeq "$(findstring v3,$(HELM_VER))" "v3" - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi else - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi endif - @helm repo index $(PACKAGE_DIR) + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock @@ -81,19 +82,19 @@ clean: # publish helm plugins via distrubtion directory plugins: - @cp -R helm $(PACKAGE_DIR)/ + @cp -R $(HELM_BIN) $(PACKAGE_DIR)/ # start up a local helm repo to serve up helm chart packages repo: @mkdir -p $(PACKAGE_DIR) - @helm serve --repo-path $(PACKAGE_DIR) & + @$(HELM_BIN) serve --repo-path $(PACKAGE_DIR) & @sleep 3 - @helm repo index $(PACKAGE_DIR) - @helm repo add local http://127.0.0.1:8879 + @$(HELM_BIN) repo index $(PACKAGE_DIR) + @$(HELM_BIN) repo add local http://127.0.0.1:8879 # stop local helm repo repo-stop: - @pkill helm - @helm repo remove local + @pkill $(HELM_BIN) + @$(HELM_BIN) repo remove local %: @: diff --git a/kubernetes/aaf/Makefile b/kubernetes/aaf/Makefile index 9396001ebc..764533e624 100644 --- a/kubernetes/aaf/Makefile +++ b/kubernetes/aaf/Makefile @@ -18,6 +18,7 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -32,15 +33,15 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi - @helm repo index $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/aaf/components/Makefile b/kubernetes/aaf/components/Makefile index 2fc0cbe4ab..bf267b7720 100644 --- a/kubernetes/aaf/components/Makefile +++ b/kubernetes/aaf/components/Makefile @@ -18,6 +18,7 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -32,15 +33,15 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi - @helm repo index $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/clamp/Makefile b/kubernetes/clamp/Makefile index 248fb056ab..89b2f465ec 100644 --- a/kubernetes/clamp/Makefile +++ b/kubernetes/clamp/Makefile @@ -18,8 +18,9 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts docker +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER := $(shell helm version --template "{{.Version}}") +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -33,19 +34,19 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) ifeq "$(findstring v3,$(HELM_VER))" "v3" - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi else - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi endif - @helm repo index $(PACKAGE_DIR) + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/clamp/components/Makefile b/kubernetes/clamp/components/Makefile index acaf7fb683..bf267b7720 100644 --- a/kubernetes/clamp/components/Makefile +++ b/kubernetes/clamp/components/Makefile @@ -18,6 +18,7 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -32,19 +33,19 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi - @helm repo index $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock @rm -f *tgz */charts/*tgz @rm -rf $(PACKAGE_DIR) %: - @:
\ No newline at end of file + @: diff --git a/kubernetes/common/Makefile b/kubernetes/common/Makefile index 0e923b7a75..58125f8506 100644 --- a/kubernetes/common/Makefile +++ b/kubernetes/common/Makefile @@ -20,9 +20,10 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets COMMON_CHARTS_DIR := common EXCLUDES := -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER := $(shell helm version --template "{{.Version}}") +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -36,19 +37,19 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) ifeq "$(findstring v3,$(HELM_VER))" "v3" - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi else - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi endif - @helm repo index $(PACKAGE_DIR) + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index afd6c547ea..8a46098a21 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -150,11 +150,11 @@ externalConfig: "" resources: small: limits: - cpu: 2 - memory: 4Gi + cpu: 500m + memory: 1.5Gi requests: - cpu: 1 - memory: 2Gi + cpu: 100m + memory: 750Mi large: limits: cpu: 2 diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl index 9ce9b88644..1048811328 100644 --- a/kubernetes/common/postgres/templates/_deployment.tpl +++ b/kubernetes/common/postgres/templates/_deployment.tpl @@ -146,8 +146,7 @@ spec: - mountPath: /backup name: {{ include "common.fullname" $dot }}-backup readOnly: true - resources: -{{ include "common.resources" $dot | indent 12 }} + resources: {{ include "common.resources" $dot | nindent 12 }} {{- if $dot.Values.nodeSelector }} nodeSelector: {{ toYaml $dot.Values.nodeSelector | indent 10 }} diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml index fbc43c0768..b653ba1a41 100644 --- a/kubernetes/common/postgres/values.yaml +++ b/kubernetes/common/postgres/values.yaml @@ -125,21 +125,32 @@ service: ingress: enabled: false -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi +flavor: small + +#resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# +# Example: +# Configure resource requests and limits +# ref: http://kubernetes.io/docs/user-guide/compute-resources/ +# Minimum memory for development is 2 CPU cores and 4GB memory +# Minimum memory for production is 4 CPU cores and 8GB memory +resources: + small: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 10m + memory: 90Mi + large: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 2Gi + unlimited: {} diff --git a/kubernetes/contrib/Makefile b/kubernetes/contrib/Makefile index eb9f025fc8..32386fc89a 100644 --- a/kubernetes/contrib/Makefile +++ b/kubernetes/contrib/Makefile @@ -11,20 +11,21 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +HELM_BIN := helm make-contrib: make-contrib-awx make-contrib-netbox make-contrib-ejbca make-contrib-core make-contrib-awx: - cd components && helm dep up awx && helm lint awx + cd components && $(HELM_BIN) dep up awx && $(HELM_BIN) lint awx make-contrib-ejbca: - cd components && helm dep up ejbca && helm lint ejbca + cd components && $(HELM_BIN) dep up ejbca && $(HELM_BIN) lint ejbca make-contrib-netbox: - cd components && helm dep up netbox && helm lint netbox + cd components && $(HELM_BIN) dep up netbox && $(HELM_BIN) lint netbox make-contrib-core: - helm dep up . && helm lint . + $(HELM_BIN) dep up . && $(HELM_BIN) lint . clean: @find . -type f -name '*.tgz' -delete diff --git a/kubernetes/contrib/components/awx/Makefile b/kubernetes/contrib/components/awx/Makefile index d8a50339d6..cb88b57fc9 100644 --- a/kubernetes/contrib/components/awx/Makefile +++ b/kubernetes/contrib/components/awx/Makefile @@ -11,6 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +HELM_BIN := helm make-awx: - cd charts && helm dep up awx-postgres + cd charts && $(HELM_BIN) dep up awx-postgres diff --git a/kubernetes/contrib/components/netbox/Makefile b/kubernetes/contrib/components/netbox/Makefile index 3194d40020..da18203981 100644 --- a/kubernetes/contrib/components/netbox/Makefile +++ b/kubernetes/contrib/components/netbox/Makefile @@ -11,6 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +HELM_BIN := helm make-netbox: - cd charts && helm dep up netbox-postgres && helm dep up netbox-nginx && helm dep up netbox-app + cd charts && $(HELM_BIN) dep up netbox-postgres && $(HELM_BIN) dep up netbox-nginx && $(HELM_BIN) dep up netbox-app diff --git a/kubernetes/dcaegen2/Makefile b/kubernetes/dcaegen2/Makefile index 0561f20f5e..bf20455a5f 100644 --- a/kubernetes/dcaegen2/Makefile +++ b/kubernetes/dcaegen2/Makefile @@ -11,34 +11,36 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +HELM_BIN := helm + make-dcaegen2: make-dcae-bootstrap make-dcae-cloudify-manager make-dcae-config-binding-service make-dcae-healthcheck make-dcae-servicechange-handler make-dcae-inventory-api make-dcae-deployment-handler make-dcae-policy-handler make-dcae-dashboard make-dcae-bootstrap: - cd components && helm dep up dcae-bootstrap && helm lint dcae-bootstrap + cd components && $(HELM_BIN) dep up dcae-bootstrap && $(HELM_BIN) lint dcae-bootstrap make-dcae-cloudify-manager: - cd components && helm dep up dcae-cloudify-manager && helm lint dcae-cloudify-manager + cd components && $(HELM_BIN) dep up dcae-cloudify-manager && $(HELM_BIN) lint dcae-cloudify-manager make-dcae-config-binding-service: - cd components && helm dep up dcae-config-binding-service && helm lint dcae-config-binding-service + cd components && $(HELM_BIN) dep up dcae-config-binding-service && $(HELM_BIN) lint dcae-config-binding-service make-dcae-healthcheck: - cd components && helm dep up dcae-healthcheck && helm lint dcae-healthcheck + cd components && $(HELM_BIN) dep up dcae-healthcheck && $(HELM_BIN) lint dcae-healthcheck make-dcae-servicechange-handler: - cd components && helm dep up dcae-servicechange-handler && helm lint dcae-servicechange-handler + cd components && $(HELM_BIN) dep up dcae-servicechange-handler && $(HELM_BIN) lint dcae-servicechange-handler make-dcae-inventory-api: - cd components && helm dep up dcae-inventory-api && helm lint dcae-inventory-api + cd components && $(HELM_BIN) dep up dcae-inventory-api && $(HELM_BIN) lint dcae-inventory-api make-dcae-deployment-handler: - cd components && helm dep up dcae-deployment-handler && helm lint dcae-deployment-handler + cd components && $(HELM_BIN) dep up dcae-deployment-handler && $(HELM_BIN) lint dcae-deployment-handler make-dcae-policy-handler: - cd components && helm dep up dcae-policy-handler && helm lint dcae-policy-handler + cd components && $(HELM_BIN) dep up dcae-policy-handler && $(HELM_BIN) lint dcae-policy-handler make-dcae-dashboard: - cd components && helm dep up dcae-dashboard && helm lint dcae-dashboard + cd components && $(HELM_BIN) dep up dcae-dashboard && $(HELM_BIN) lint dcae-dashboard clean: @find . -type f -name '*.tgz' -delete diff --git a/kubernetes/dcaemod/Makefile b/kubernetes/dcaemod/Makefile index b7cf1a6963..044e0cdd7d 100644 --- a/kubernetes/dcaemod/Makefile +++ b/kubernetes/dcaemod/Makefile @@ -11,28 +11,30 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +HELM_BIN := helm + make-dcaemod: make-dcaemod-distributor-api make-dcaemod-genprocessor make-dcaemod-designtool make-dcaemod-onboarding-api make-dcaemod-runtime-api make-dcaemod-nifi-registry make-dcaemod-healthcheck make-dcaemod-distributor-api: - cd components && helm dep up dcaemod-genprocessor && helm lint dcaemod-genprocessor + cd components && $(HELM_BIN) dep up dcaemod-genprocessor && $(HELM_BIN) lint dcaemod-genprocessor make-dcaemod-genprocessor: - cd components && helm dep up dcaemod-distributor-api && helm lint dcaemod-distributor-api + cd components && $(HELM_BIN) dep up dcaemod-distributor-api && $(HELM_BIN) lint dcaemod-distributor-api make-dcaemod-designtool: - cd components && helm dep up dcaemod-designtool && helm lint dcaemod-designtool + cd components && $(HELM_BIN) dep up dcaemod-designtool && $(HELM_BIN) lint dcaemod-designtool make-dcaemod-onboarding-api: - cd components && helm dep up dcaemod-onboarding-api && helm lint dcaemod-onboarding-api + cd components && $(HELM_BIN) dep up dcaemod-onboarding-api && $(HELM_BIN) lint dcaemod-onboarding-api make-dcaemod-runtime-api: - cd components && helm dep up dcaemod-runtime-api && helm lint dcaemod-runtime-api + cd components && $(HELM_BIN) dep up dcaemod-runtime-api && $(HELM_BIN) lint dcaemod-runtime-api make-dcaemod-nifi-registry: - cd components && helm dep up dcaemod-nifi-registry && helm lint dcaemod-nifi-registry + cd components && $(HELM_BIN) dep up dcaemod-nifi-registry && $(HELM_BIN) lint dcaemod-nifi-registry make-dcaemod-healthcheck: - cd components && helm dep up dcaemod-healthcheck && helm lint dcaemod-healthcheck + cd components && $(HELM_BIN) dep up dcaemod-healthcheck && $(HELM_BIN) lint dcaemod-healthcheck clean: @find . -type f -name '*.tgz' -delete diff --git a/kubernetes/dmaap/Makefile b/kubernetes/dmaap/Makefile index 3a1931121a..92291c67d4 100644 --- a/kubernetes/dmaap/Makefile +++ b/kubernetes/dmaap/Makefile @@ -11,20 +11,21 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +HELM_BIN := helm make-dmaap: make-dmaap-bc make-message-router make-dmaap-dr-node make-dmaap-dr-prov make-dmaap-bc: - cd components && helm dep up dmaap-bc && helm lint dmaap-bc + cd components && $(HELM_BIN) dep up dmaap-bc && $(HELM_BIN) lint dmaap-bc make-message-router: - cd components && helm dep up message-router && helm lint message-router + cd components && $(HELM_BIN) dep up message-router && $(HELM_BIN) lint message-router make-dmaap-dr-node: - cd components && helm dep up dmaap-dr-node && helm lint dmaap-dr-node + cd components && $(HELM_BIN) dep up dmaap-dr-node && $(HELM_BIN) lint dmaap-dr-node make-dmaap-dr-prov: - cd components && helm dep up dmaap-dr-prov && helm lint dmaap-dr-prov + cd components && $(HELM_BIN) dep up dmaap-dr-prov && $(HELM_BIN) lint dmaap-dr-prov clean: @find . -type f -name '*.tgz' -delete diff --git a/kubernetes/modeling/Makefile b/kubernetes/modeling/Makefile index 82f7cf43d0..94a9462ada 100644 --- a/kubernetes/modeling/Makefile +++ b/kubernetes/modeling/Makefile @@ -11,11 +11,12 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +HELM_BIN := helm make-modeling: make-modeling-etsicatalog make-modeling-etsicatalog: - cd charts && helm dep up modeling-etsicatalog && helm lint modeling-etsicatalog + cd charts && $(HELM_BIN) dep up modeling-etsicatalog && $(HELM_BIN) lint modeling-etsicatalog clean: @find . -type f -name '*.tgz' -delete @find . -type f -name '*.lock' -delete diff --git a/kubernetes/multicloud/Makefile b/kubernetes/multicloud/Makefile index fde29904c7..027e2af72d 100644 --- a/kubernetes/multicloud/Makefile +++ b/kubernetes/multicloud/Makefile @@ -11,8 +11,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +HELM_BIN := helm make-multicloud: make-multicloud-k8s make-multicloud-k8s: - cd charts && helm dep up multicloud-k8s && helm lint multicloud-k8s + cd charts && $(HELM_BIN) dep up multicloud-k8s && $(HELM_BIN) lint multicloud-k8s diff --git a/kubernetes/oof/Makefile b/kubernetes/oof/Makefile index 4628206e87..ad7fad7bbd 100644 --- a/kubernetes/oof/Makefile +++ b/kubernetes/oof/Makefile @@ -18,8 +18,9 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts docker +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER := $(shell helm version --template "{{.Version}}") +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -33,20 +34,20 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) ifeq "$(findstring v3,$(HELM_VER))" "v3" - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi else - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi endif - @helm repo index $(PACKAGE_DIR) + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/oof/components/Makefile b/kubernetes/oof/components/Makefile index 02371366f6..d62cb0b700 100755 --- a/kubernetes/oof/components/Makefile +++ b/kubernetes/oof/components/Makefile @@ -18,8 +18,9 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER := $(shell helm version --template "{{.Version}}") +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -33,19 +34,19 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) ifeq "$(findstring v3,$(HELM_VER))" "v3" - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi else - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi endif - @helm repo index $(PACKAGE_DIR) + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/oof/components/oof-cmso/Makefile b/kubernetes/oof/components/oof-cmso/Makefile index 48cebe96e7..33d61041cd 100644 --- a/kubernetes/oof/components/oof-cmso/Makefile +++ b/kubernetes/oof/components/oof-cmso/Makefile @@ -18,8 +18,9 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts docker +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER := $(shell helm version --template "{{.Version}}") +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -33,19 +34,19 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) ifeq "$(findstring v3,$(HELM_VER))" "v3" - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi else - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi endif - @helm repo index $(PACKAGE_DIR) + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/oof/components/oof-cmso/components/Makefile b/kubernetes/oof/components/oof-cmso/components/Makefile index f7a698d0ec..36ea7b6c2b 100755 --- a/kubernetes/oof/components/oof-cmso/components/Makefile +++ b/kubernetes/oof/components/oof-cmso/components/Makefile @@ -18,8 +18,9 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER := $(shell helm version --template "{{.Version}}") +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -33,19 +34,19 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) ifeq "$(findstring v3,$(HELM_VER))" "v3" - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi else - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi endif - @helm repo index $(PACKAGE_DIR) + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/oof/components/oof-has/Makefile b/kubernetes/oof/components/oof-has/Makefile index 48cebe96e7..33d61041cd 100644 --- a/kubernetes/oof/components/oof-has/Makefile +++ b/kubernetes/oof/components/oof-has/Makefile @@ -18,8 +18,9 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts docker +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER := $(shell helm version --template "{{.Version}}") +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -33,19 +34,19 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) ifeq "$(findstring v3,$(HELM_VER))" "v3" - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi else - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi endif - @helm repo index $(PACKAGE_DIR) + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/oof/components/oof-has/components/Makefile b/kubernetes/oof/components/oof-has/components/Makefile index f7a698d0ec..36ea7b6c2b 100755 --- a/kubernetes/oof/components/oof-has/components/Makefile +++ b/kubernetes/oof/components/oof-has/components/Makefile @@ -18,8 +18,9 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER := $(shell helm version --template "{{.Version}}") +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -33,19 +34,19 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) ifeq "$(findstring v3,$(HELM_VER))" "v3" - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi else - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi endif - @helm repo index $(PACKAGE_DIR) + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml index 1d9792fa5f..90fe5dd732 100644 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: certInitializer version: ~6.x-0 repository: '@local' + - name: oof-templates + version: ~6.x-0 + repository: 'file://../../../oof-templates' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml index 1538b47343..78c054bd28 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml @@ -122,13 +122,21 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: log.conf - mountPath: /usr/local/bin/AAF_RootCA.cer - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: AAF_RootCA.cer + name: {{ include "common.fullname" . }}-onap-certs + subPath: aaf_root_ca.cer resources: {{ include "common.resources" . | indent 12 }} - name: {{ include "common.name" . }}-nginx image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.nginx.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + args: + - "-c" + - | + grep -v '^$' /opt/bitnami/nginx/ssl/local/org.onap.oof.crt > /tmp/oof.crt + cat /tmp/oof.crt /tmp/intermediate_root_ca.pem /tmp/AAF_RootCA.cer >> /opt/bitnami/nginx/org.onap.oof.crt + /opt/bitnami/scripts/nginx/entrypoint.sh /opt/bitnami/scripts/nginx/run.sh ports: - containerPort: {{ .Values.service.internalPort }} {{- if .Values.liveness.enabled }} @@ -151,6 +159,12 @@ spec: - mountPath: /opt/bitnami/nginx/conf/nginx.conf name: {{ .Values.global.commonConfigPrefix }}-config subPath: nginx.conf + - mountPath: /tmp/AAF_RootCA.cer + name: {{ include "common.fullname" . }}-onap-certs + subPath: aaf_root_ca.cer + - mountPath: /tmp/intermediate_root_ca.pem + name: {{ include "common.fullname" . }}-onap-certs + subPath: intermediate_root_ca.pem resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -176,7 +190,6 @@ spec: path: conductor.conf - key: log.conf path: log.conf - - key: AAF_RootCA.cer - path: AAF_RootCA.cer +{{ include "oof.certificate.volume" . | indent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/secret.yaml new file mode 100644 index 0000000000..c5fe2be5da --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml index f19ecb61ee..b17eed6b2f 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml @@ -16,7 +16,16 @@ global: # global defaults nodePortPrefix: 302 image: - optf_has: onap/optf-has:2.1.1 + optf_has: onap/optf-has:2.1.2 + +################################################################# +# secrets metaconfig +################################################################# +secrets: + - uid: oof-onap-certs + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' service: type: NodePort diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml index 1967814f63..1bb059b173 100644 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: oof-templates + version: ~6.x-0 + repository: 'file://../../../oof-templates' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml index 506ff939e3..53e053aa42 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml @@ -127,8 +127,8 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: healthy.sh - mountPath: /usr/local/bin/AAF_RootCA.cer - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: AAF_RootCA.cer + name: {{ include "common.fullname" . }}-onap-certs + subPath: aaf_root_ca.cer resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -153,7 +153,6 @@ spec: path: log.conf - key: healthy.sh path: healthy.sh - - key: AAF_RootCA.cer - path: AAF_RootCA.cer +{{ include "oof.certificate.volume" . | indent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/secret.yaml new file mode 100644 index 0000000000..c5fe2be5da --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml index 5fa0f2408e..327a537f41 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml @@ -16,7 +16,16 @@ global: readinessImage: onap/oom/readiness:3.0.1 repository: nexus3.onap.org:10001 image: - optf_has: onap/optf-has:2.1.1 + optf_has: onap/optf-has:2.1.2 + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: oof-onap-certs + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' ingress: enabled: false diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml index 1967814f63..1bb059b173 100644 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: oof-templates + version: ~6.x-0 + repository: 'file://../../../oof-templates' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml index 2041dd2c9d..3ed74a048a 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml @@ -147,8 +147,8 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: aai_key.key - mountPath: /usr/local/bin/AAF_RootCA.cer - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: AAF_RootCA.cer + name: {{ include "common.fullname" . }}-onap-certs + subPath: aaf_root_ca.cer resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -177,7 +177,6 @@ spec: path: aai_cert.cer - key: aai_key.key path: aai_key.key - - key: AAF_RootCA.cer - path: AAF_RootCA.cer +{{ include "oof.certificate.volume" . | indent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/secret.yaml new file mode 100644 index 0000000000..c5fe2be5da --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml index 5fa0f2408e..570c0df5b2 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml @@ -16,7 +16,16 @@ global: readinessImage: onap/oom/readiness:3.0.1 repository: nexus3.onap.org:10001 image: - optf_has: onap/optf-has:2.1.1 + optf_has: onap/optf-has:2.1.2 + +################################################################# +# secrets metaconfig +################################################################# +secrets: + - uid: oof-onap-certs + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' ingress: enabled: false diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml index 1967814f63..1bb059b173 100644 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: oof-templates + version: ~6.x-0 + repository: 'file://../../../oof-templates' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml index 10bba9f61e..4f5067db12 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml @@ -141,8 +141,8 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: healthy.sh - mountPath: /usr/local/bin/AAF_RootCA.cer - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: AAF_RootCA.cer + name: {{ include "common.fullname" . }}-onap-certs + subPath: aaf_root_ca.cer resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -167,8 +167,6 @@ spec: path: log.conf - key: healthy.sh path: healthy.sh - - key: AAF_RootCA.cer - path: AAF_RootCA.cer - +{{ include "oof.certificate.volume" . | indent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/secret.yaml new file mode 100644 index 0000000000..c5fe2be5da --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml index 5fa0f2408e..570c0df5b2 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml @@ -16,7 +16,16 @@ global: readinessImage: onap/oom/readiness:3.0.1 repository: nexus3.onap.org:10001 image: - optf_has: onap/optf-has:2.1.1 + optf_has: onap/optf-has:2.1.2 + +################################################################# +# secrets metaconfig +################################################################# +secrets: + - uid: oof-onap-certs + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' ingress: enabled: false diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml index 1967814f63..1bb059b173 100644 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: oof-templates + version: ~6.x-0 + repository: 'file://../../../oof-templates' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml index 55c9d362e4..d1e4946ae1 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml @@ -141,8 +141,8 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: healthy.sh - mountPath: /usr/local/bin/AAF_RootCA.cer - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: AAF_RootCA.cer + name: {{ include "common.fullname" . }}-onap-certs + subPath: aaf_root_ca.cer resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -167,7 +167,6 @@ spec: path: log.conf - key: healthy.sh path: healthy.sh - - key: AAF_RootCA.cer - path: AAF_RootCA.cer +{{ include "oof.certificate.volume" . | indent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/secret.yaml new file mode 100644 index 0000000000..c5fe2be5da --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml index 5fa0f2408e..570c0df5b2 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml @@ -16,7 +16,16 @@ global: readinessImage: onap/oom/readiness:3.0.1 repository: nexus3.onap.org:10001 image: - optf_has: onap/optf-has:2.1.1 + optf_has: onap/optf-has:2.1.2 + +################################################################# +# secrets metaconfig +################################################################# +secrets: + - uid: oof-onap-certs + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' ingress: enabled: false diff --git a/kubernetes/oof/components/oof-has/resources/config/AAF_RootCA.cer b/kubernetes/oof/components/oof-has/resources/config/AAF_RootCA.cer deleted file mode 100755 index e9a50d7ea0..0000000000 --- a/kubernetes/oof/components/oof-has/resources/config/AAF_RootCA.cer +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV -BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx -NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK -DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC -ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 -XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn -H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM -pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 -NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg -2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY -wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd -ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM -P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 -aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY -PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G -A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ -UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN -BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz -L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 -7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx -c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf -jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 -RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h -PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF -CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ -Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A -cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR -ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX -dYY= ------END CERTIFICATE----- diff --git a/kubernetes/oof/components/oof-has/resources/config/nginx.conf b/kubernetes/oof/components/oof-has/resources/config/nginx.conf index a6790164d8..cbb1b60a58 100644 --- a/kubernetes/oof/components/oof-has/resources/config/nginx.conf +++ b/kubernetes/oof/components/oof-has/resources/config/nginx.conf @@ -13,9 +13,9 @@ http { listen 8091 ssl; server_name oof; - ssl_certificate /opt/bitnami/nginx/ssl/local/org.onap.oof.crt; + ssl_certificate /opt/bitnami/nginx/org.onap.oof.crt; ssl_certificate_key /opt/bitnami/nginx/ssl/local/org.onap.oof.key; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; location / { diff --git a/kubernetes/oof/components/oof-has/templates/secret.yaml b/kubernetes/oof/components/oof-has/templates/secret.yaml new file mode 100644 index 0000000000..c5fe2be5da --- /dev/null +++ b/kubernetes/oof/components/oof-has/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/components/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml index c7799cdc02..ffd11db2dd 100755 --- a/kubernetes/oof/components/oof-has/values.yaml +++ b/kubernetes/oof/components/oof-has/values.yaml @@ -23,11 +23,21 @@ global: repository: nexus3.onap.org:10001 commonConfigPrefix: onap-oof-has image: - optf_has: onap/optf-has:2.1.1 + optf_has: onap/optf-has:2.1.2 filebeat: docker.elastic.co/beats/filebeat:5.5.0 persistence: enabled: true +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: oof-onap-certs + name: &oof-certs '{{ include "common.release" . }}-oof-onap-certs' + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + pullPolicy: Always nodePortPrefix: 302 dataRootDir: /dockerdata-nfs @@ -70,12 +80,17 @@ resources: #component overrides oof-has-api: enabled: true + certSecret: *oof-certs oof-has-controller: enabled: true + certSecret: *oof-certs oof-has-data: enabled: true + certSecret: *oof-certs oof-has-reservation: enabled: true + certSecret: *oof-certs oof-has-solver: enabled: true + certSecret: *oof-certs diff --git a/kubernetes/oof/components/oof-templates/Chart.yaml b/kubernetes/oof/components/oof-templates/Chart.yaml new file mode 100755 index 0000000000..885491c1a9 --- /dev/null +++ b/kubernetes/oof/components/oof-templates/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T,VMware +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP OOF helm templates +name: oof-templates +version: 6.0.0 diff --git a/kubernetes/oof/components/oof-templates/requirements.yaml b/kubernetes/oof/components/oof-templates/requirements.yaml new file mode 100755 index 0000000000..b93260a4fa --- /dev/null +++ b/kubernetes/oof/components/oof-templates/requirements.yaml @@ -0,0 +1,20 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T,VMware +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + diff --git a/kubernetes/oof/components/oof-templates/templates/_certificate.tpl b/kubernetes/oof/components/oof-templates/templates/_certificate.tpl new file mode 100644 index 0000000000..4da128bcbb --- /dev/null +++ b/kubernetes/oof/components/oof-templates/templates/_certificate.tpl @@ -0,0 +1,11 @@ +{{- define "oof.certificate.volume" -}} +- name: {{ include "common.fullname" . }}-onap-certs + secret: + secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "oof-onap-certs") }} + items: + - key: aaf_root_ca.cer + path: aaf_root_ca.cer + - key: intermediate_root_ca.pem + path: intermediate_root_ca.pem +{{- end -}} + diff --git a/kubernetes/oof/components/oof-templates/values.yaml b/kubernetes/oof/components/oof-templates/values.yaml new file mode 100644 index 0000000000..a97238e9af --- /dev/null +++ b/kubernetes/oof/components/oof-templates/values.yaml @@ -0,0 +1,14 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + diff --git a/kubernetes/oof/requirements.yaml b/kubernetes/oof/requirements.yaml index ebd2d8ffee..2d1f9b3596 100755 --- a/kubernetes/oof/requirements.yaml +++ b/kubernetes/oof/requirements.yaml @@ -28,3 +28,6 @@ dependencies: version: ~6.x-0 repository: 'file://components/oof-has' condition: oof-has.enabled + - name: oof-templates + version: ~6.x-0 + repository: 'file://components/oof-templates' diff --git a/kubernetes/oof/resources/config/aaf_root_ca.cer b/kubernetes/oof/resources/config/certs/aaf_root_ca.cer index e9a50d7ea0..e9a50d7ea0 100755 --- a/kubernetes/oof/resources/config/aaf_root_ca.cer +++ b/kubernetes/oof/resources/config/certs/aaf_root_ca.cer diff --git a/kubernetes/oof/resources/config/certs/intermediate_root_ca.pem b/kubernetes/oof/resources/config/certs/intermediate_root_ca.pem new file mode 100644 index 0000000000..b67866d160 --- /dev/null +++ b/kubernetes/oof/resources/config/certs/intermediate_root_ca.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB +RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN +MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG +A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL +neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d +o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3 +nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV +v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO +15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw +gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV +M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/ +BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B +AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q +ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl +u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+ ++pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/ +QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht +8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX +kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3 +aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky +uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w +tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep +BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k= +-----END CERTIFICATE----- + diff --git a/kubernetes/oof/resources/config/common_config.yaml b/kubernetes/oof/resources/config/conf/common_config.yaml index 7e8fe5dc72..1109ab8167 100644 --- a/kubernetes/oof/resources/config/common_config.yaml +++ b/kubernetes/oof/resources/config/conf/common_config.yaml @@ -5,7 +5,7 @@ osdf_system: external: 8698 # clients use this port on DockerHost osdf_ip_default: 0.0.0.0 # # Important Note: At deployment time, we need to ensure the port mapping is done - ssl_context: ['/opt/osdf/osaaf/local/org.onap.oof.crt', '/opt/osdf/osaaf/local/org.onap.oof.key'] + ssl_context: ['/opt/osdf/org.onap.oof.crt', '/opt/osdf/osaaf/local/org.onap.oof.key'] osdf_temp: # special configuration required for "workarounds" or testing local_policies: @@ -67,6 +67,9 @@ references: resource_sharing_level: source: request value: serviceProfile.resourceSharingLevel + slice_scope: + source: request + value: slice_scope reuse_preference: source: request value: preferReuse @@ -86,10 +89,11 @@ policy_info: policy_scope: - scope: - - get_param: resource_sharing_level - - get_param: reuse_preference + - get_param: slice_scope services: - get_param: service_name + resources: + - get_param: service_name subnet_selection: policy_fetch: by_scope @@ -98,6 +102,8 @@ policy_info: - OSDF_GUILIN services: - get_param: service_name + resources: + - get_param: service_name placement: policy_fetch: by_scope diff --git a/kubernetes/oof/resources/config/log.yml b/kubernetes/oof/resources/config/conf/log.yml index 3966ea28c0..3966ea28c0 100644 --- a/kubernetes/oof/resources/config/log.yml +++ b/kubernetes/oof/resources/config/conf/log.yml diff --git a/kubernetes/oof/resources/config/osdf_config.yaml b/kubernetes/oof/resources/config/conf/osdf_config.yaml index 5c9aa2bb64..5c9aa2bb64 100755 --- a/kubernetes/oof/resources/config/osdf_config.yaml +++ b/kubernetes/oof/resources/config/conf/osdf_config.yaml diff --git a/kubernetes/oof/templates/configmap.yaml b/kubernetes/oof/templates/configmap.yaml index 75f7e42277..7176f138c9 100644 --- a/kubernetes/oof/templates/configmap.yaml +++ b/kubernetes/oof/templates/configmap.yaml @@ -24,4 +24,4 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/conf/*").AsConfig . | indent 2 }} diff --git a/kubernetes/oof/templates/deployment.yaml b/kubernetes/oof/templates/deployment.yaml index 76d1a62604..cbf4156d23 100644 --- a/kubernetes/oof/templates/deployment.yaml +++ b/kubernetes/oof/templates/deployment.yaml @@ -73,6 +73,14 @@ spec: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + args: + - "-c" + - | + grep -v '^$' /opt/osdf/osaaf/local/org.onap.oof.crt > /tmp/oof.crt + cat /tmp/oof.crt /opt/app/ssl_cert/intermediate_root_ca.pem /opt/app/ssl_cert/aaf_root_ca.cer >> /opt/osdf/org.onap.oof.crt + ./osdfapp.sh -x osdfapp.py ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -99,8 +107,11 @@ spec: name: {{ include "common.fullname" . }}-config subPath: osdf_config.yaml - mountPath: /opt/app/ssl_cert/aaf_root_ca.cer - name: {{ include "common.fullname" . }}-config + name: {{ include "common.fullname" . }}-onap-certs subPath: aaf_root_ca.cer + - mountPath: /opt/app/ssl_cert/intermediate_root_ca.pem + name: {{ include "common.fullname" . }}-onap-certs + subPath: intermediate_root_ca.pem - mountPath: /opt/osdf/config/common_config.yaml name: {{ include "common.fullname" . }}-config subPath: common_config.yaml @@ -129,11 +140,10 @@ spec: items: - key: osdf_config.yaml path: osdf_config.yaml - - key: aaf_root_ca.cer - path: aaf_root_ca.cer - key: common_config.yaml path: common_config.yaml - key: log.yml path: log.yml +{{ include "oof.certificate.volume" . | indent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/templates/secret.yaml b/kubernetes/oof/templates/secret.yaml new file mode 100644 index 0000000000..c5fe2be5da --- /dev/null +++ b/kubernetes/oof/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml index 0dc035494b..bce02d42b1 100644 --- a/kubernetes/oof/values.yaml +++ b/kubernetes/oof/values.yaml @@ -21,12 +21,25 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 persistence: {} + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: oof-onap-certs + name: &oof-certs '{{ include "common.release" . }}-oof-onap-certs' + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: + - resources/config/certs/intermediate_root_ca.pem + - resources/config/certs/aaf_root_ca.cer + ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/optf-osdf:3.0.0 +image: onap/optf-osdf:3.0.1 pullPolicy: Always # flag to enable debugging - application support required @@ -161,3 +174,4 @@ oof-cmso: enabled: true oof-has: enabled: true + certSecret: *oof-certs diff --git a/kubernetes/platform/Makefile b/kubernetes/platform/Makefile index d3fa8b70d1..c5dd3f2df5 100644 --- a/kubernetes/platform/Makefile +++ b/kubernetes/platform/Makefile @@ -18,8 +18,9 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER := $(shell helm version --template "{{.Version}}") +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -33,19 +34,19 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) ifeq "$(findstring v3,$(HELM_VER))" "v3" - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi else - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi endif - @helm repo index $(PACKAGE_DIR) + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/platform/components/Makefile b/kubernetes/platform/components/Makefile index cf69fa68be..2fd1980ed0 100644 --- a/kubernetes/platform/components/Makefile +++ b/kubernetes/platform/components/Makefile @@ -19,8 +19,9 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER := $(shell helm version --template "{{.Version}}") +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -34,19 +35,19 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) ifeq "$(findstring v3,$(HELM_VER))" "v3" - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi else - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi endif - @helm repo index $(PACKAGE_DIR) + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/policy/Makefile b/kubernetes/policy/Makefile index 8af301d7ae..4c79718d02 100755 --- a/kubernetes/policy/Makefile +++ b/kubernetes/policy/Makefile @@ -18,6 +18,7 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts docker +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -32,15 +33,15 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi - @helm repo index $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/policy/components/Makefile b/kubernetes/policy/components/Makefile index 2fc0cbe4ab..bf267b7720 100755 --- a/kubernetes/policy/components/Makefile +++ b/kubernetes/policy/components/Makefile @@ -18,6 +18,7 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -32,15 +33,15 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi - @helm repo index $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/policy/components/policy-distribution/resources/config/config.json b/kubernetes/policy/components/policy-distribution/resources/config/config.json index 9b9a7a5a93..8d31575a3f 100755 --- a/kubernetes/policy/components/policy-distribution/resources/config/config.json +++ b/kubernetes/policy/components/policy-distribution/resources/config/config.json @@ -54,7 +54,7 @@ "parameters":{ "asdcAddress": "sdc-be:8443", "messageBusAddress": [ - "message-router" + "message-router.{{ include "common.namespace" . }}" ], "user": "${SDCBE_USER}", "password": "${SDCBE_PASSWORD}", diff --git a/kubernetes/portal/Makefile b/kubernetes/portal/Makefile index 248fb056ab..89b2f465ec 100644 --- a/kubernetes/portal/Makefile +++ b/kubernetes/portal/Makefile @@ -18,8 +18,9 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts docker +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER := $(shell helm version --template "{{.Version}}") +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -33,19 +34,19 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) ifeq "$(findstring v3,$(HELM_VER))" "v3" - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi else - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi endif - @helm repo index $(PACKAGE_DIR) + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/portal/components/Makefile b/kubernetes/portal/components/Makefile index 02371366f6..d62cb0b700 100644 --- a/kubernetes/portal/components/Makefile +++ b/kubernetes/portal/components/Makefile @@ -18,8 +18,9 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER := $(shell helm version --template "{{.Version}}") +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -33,19 +34,19 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) ifeq "$(findstring v3,$(HELM_VER))" "v3" - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi else - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi endif - @helm repo index $(PACKAGE_DIR) + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/sdc/Makefile b/kubernetes/sdc/Makefile index 3dab31fad0..8737bd208e 100644 --- a/kubernetes/sdc/Makefile +++ b/kubernetes/sdc/Makefile @@ -18,9 +18,10 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts docker +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER := $(shell helm version --template "{{.Version}}") +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -34,20 +35,20 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) ifeq "$(findstring v3,$(HELM_VER))" "v3" - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi else - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi endif - @helm repo index $(PACKAGE_DIR) + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/sdc/components/Makefile b/kubernetes/sdc/components/Makefile index 0d5b9e0c1f..577fd95b4c 100644 --- a/kubernetes/sdc/components/Makefile +++ b/kubernetes/sdc/components/Makefile @@ -18,8 +18,9 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER := $(shell helm version --template "{{.Version}}") +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -33,19 +34,19 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) ifeq "$(findstring v3,$(HELM_VER))" "v3" - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi else - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi endif - @helm repo index $(PACKAGE_DIR) + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/sdnc/Makefile b/kubernetes/sdnc/Makefile index 1518f3c3c6..32b3b728d7 100644 --- a/kubernetes/sdnc/Makefile +++ b/kubernetes/sdnc/Makefile @@ -19,8 +19,9 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER := $(shell helm version --template "{{.Version}}") +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -34,19 +35,19 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) ifeq "$(findstring v3,$(HELM_VER))" "v3" - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi else - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi endif - @helm repo index $(PACKAGE_DIR) + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/sdnc/components/Makefile b/kubernetes/sdnc/components/Makefile index c38171c1e5..313cca8c27 100644 --- a/kubernetes/sdnc/components/Makefile +++ b/kubernetes/sdnc/components/Makefile @@ -19,8 +19,9 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER := $(shell helm version --template "{{.Version}}") +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -34,19 +35,19 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) ifeq "$(findstring v3,$(HELM_VER))" "v3" - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi else - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi endif - @helm repo index $(PACKAGE_DIR) + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/so/Makefile b/kubernetes/so/Makefile index 8af301d7ae..4c79718d02 100644 --- a/kubernetes/so/Makefile +++ b/kubernetes/so/Makefile @@ -18,6 +18,7 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts docker +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -32,15 +33,15 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi - @helm repo index $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/so/components/Makefile b/kubernetes/so/components/Makefile index 4bf77eecf1..f2e7a1fb82 100644 --- a/kubernetes/so/components/Makefile +++ b/kubernetes/so/components/Makefile @@ -18,6 +18,7 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := soHelpers +HELM_BIN := helm HELM_CHARTS := soHelpers $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -32,15 +33,15 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi - @helm repo index $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml index 64fd243a27..52f8276844 100644 --- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml @@ -17,6 +17,22 @@ aai: version: v19 endpoint: https://aai.{{ include "common.namespace" . }}:8443 spring: + datasource: + hikari: + camunda: + jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/camundabpmn + username: ${DB_USERNAME} + password: ${DB_PASSWORD} + driver-class-name: org.mariadb.jdbc.Driver + pool-name: bpmn-pool + registerMbeans: true + nfvo: + jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/nfvo + username: ${DB_ADMIN_USERNAME} + password: ${DB_ADMIN_PASSWORD} + driver-class-name: org.mariadb.jdbc.Driver + pool-name: nfvo-pool + registerMbeans: true security: usercredentials: - username: ${ETSI_NFVO_USERNAME} diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml index fbba76f13f..45668eda98 100644 --- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml @@ -51,6 +51,24 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "login") | indent 14 }} - name: ETSI_NFVO_PASSWORD_INPUT {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "password") | indent 14 }} + - name: DB_HOST + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.port + - name: DB_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 14 }} + - name: DB_ADMIN_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 14 }} + - name: DB_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 14 }} {{ include "so.certificates.env" . | indent 12 | trim }} envFrom: - configMapRef: diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml index 79a8276df4..6af61820db 100644 --- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml @@ -40,6 +40,18 @@ secrets: externalSecret: '{{ tpl (default "" .Values.etsi.nfvo.nslcm.credsExternalSecret) . }}' login: '{{ .Values.etsi.nfvo.nslcm.username }}' password: '{{ .Values.etsi.nfvo.nslcm.password }}' + - uid: db-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -50,6 +62,13 @@ pullPolicy: Always aai: auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret etsi: nfvo: nslcm: diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 0d3b3927ec..0a9dbf4f4e 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -26,7 +26,7 @@ global: mariadbGalera: nameOverride: mariadb-galera serviceName: mariadb-galera - servicePort: "3306" + servicePort: '3306' # mariadbRootPassword: secretpassword # rootPasswordExternalSecret: some secret #This flag allows SO to instantiate its own mariadb-galera cluster, @@ -87,7 +87,7 @@ secrets: passwordPolicy: required annotations: helm.sh/hook: pre-upgrade,pre-install - helm.sh/hook-weight: "0" + helm.sh/hook-weight: '0' helm.sh/hook-delete-policy: before-hook-creation - uid: db-user-creds name: &dbUserCredsSecretName '{{ include "common.release" . }}-so-db-user-creds' @@ -103,7 +103,7 @@ secrets: login: '{{ .Values.dbCreds.adminName }}' password: '{{ .Values.dbCreds.adminPassword }}' passwordPolicy: generate - - uid: "so-onap-certs" + - uid: 'so-onap-certs' name: &so-certs '{{ include "common.release" . }}-so-certs' externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' type: generic @@ -219,11 +219,11 @@ mariadb-galera: ingress: enabled: false service: - - baseaddr: "so.api" - name: "so" + - baseaddr: 'so.api' + name: 'so' port: 8080 config: - ssl: "none" + ssl: 'none' mso: adapters: @@ -261,6 +261,8 @@ so-catalog-db-adapter: so-etsi-nfvo-ns-lcm: enabled: true + db: + <<: *dbSecrets so-monitoring: enabled: true diff --git a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/values.yaml index ae83c05d29..cc8d682acd 100644 --- a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/values.yaml +++ b/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/values.yaml @@ -28,7 +28,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/nfvo/svnfm/huawei:1.3.6 +image: onap/vfc/nfvo/svnfm/huawei:1.3.8 pullPolicy: Always #Istio sidecar injection policy |