diff options
Diffstat (limited to 'kubernetes')
54 files changed, 585 insertions, 476 deletions
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat index a5e354053a..84bd723aad 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat @@ -45,8 +45,7 @@ ngi@ngi.onap.org|ngi|local|/opt/app/osaaf/local||mailto:|org.onap.ngi|root|30|{' oof@oof.onap.org|oof.api.simpledemo.onap.org|local|/opt/app/osaaf/local||mailto:jflood@att.com|org.onap.oof|root|30|{'cmso-onap', 'cmso.api.simpledemo.onap.org', 'cmso.onap', 'oof-has-api', 'oof-has-api.onap', 'oof-onap', 'oof-opteng', 'oof-opteng.onap', 'oof-osdf', 'oof-osdf.onap', 'oof.api.simpledemo.onap.org', 'oof.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} oof@oof.onap.org|oof|local|/opt/app/osaaf/local||mailto:jflood@att.com|org.onap.oof|root|30|{'cmso-onap', 'cmso.api.simpledemo.onap.org', 'cmso.onap', 'oof-has-api', 'oof-has-api.onap', 'oof-onap', 'oof-osdf', 'oof-osdf.onap', 'oof.api.simpledemo.onap.org', 'oof.onap'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} oof@oof.onap.org|oof.onap|local|/opt/app/osaaf/local||mailto:jflood@att.com|org.onap.oof|root|30|{'cmso-onap', 'cmso.api.simpledemo.onap.org', 'cmso.onap', 'oof-cmso', 'oof-cmso-optimizer', 'oof-cmso-ticketmgt', 'oof-cmso-topology', 'oof-has-api', 'oof-has-api.onap', 'oof-onap', 'oof-opteng', 'oof-opteng.onap', 'oof-osdf', 'oof-osdf.onap', 'oof.api.simpledemo.onap.org', 'oof.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} -policy@policy.onap.org|policy|local|/opt/app/osaaf/local||mailto:|org.onap.policy|root|60|{'*.pdp', '*.pdp.onap.svc.cluster.local', 'brmsgw', 'brmsgw.onap', 'drools', 'drools.onap', 'pap', 'pap.onap', 'pdp', 'pdp.onap', 'policy', 'policy-apex-pdp', 'policy-apex-pdp.onap', 'policy-api', 'policy-api.onap', 'policy-distribution', 'policy-distribution.onap', 'policy-pap', 'policy-pap.onap', 'policy-xacml-pdp', 'policy-xacml-pdp.onap', 'policy.api.simpledemo.onap.org'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} -policy@policy.onap.org|policy_onap|local|/opt/app/osaaf/local||mailto:|org.onap.policy|root|30|{'*.pdp', '*.pdp.onap.svc.cluster.local', 'brmsgw', 'brmsgw.onap', 'drools', 'drools.onap', 'pap', 'pap.onap', 'pdp', 'pdp.onap', 'policy', 'policy-apex-pdp', 'policy-apex-pdp.onap', 'policy-distribution', 'policy-distribution.onap', 'policy.api.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12'} +policy@policy.onap.org|policy|local|/opt/app/osaaf/local||mailto:|org.onap.policy|root|60|{'policy-drools-pdp', 'policy-drools-pdp.onap', 'policy', 'policy-apex-pdp', 'policy-apex-pdp.onap', 'policy-api', 'policy-api.onap', 'policy-distribution', 'policy-distribution.onap', 'policy-pap', 'policy-pap.onap', 'policy-xacml-pdp', 'policy-xacml-pdp.onap', 'policy.api.simpledemo.onap.org'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} pomba@pomba.onap.org|onap.pomba|local|/opt/app/osaaf/local||mailto:|org.onap.pomba|root|30|{'onap.pomba', 'onap_pomba', 'pomba', 'pomba.api.simpledemo.onap.org', 'pomba.onap', 'pomba_onap'}|aaf_admin@osaaf.org|{'jks', 'pkcs12', 'script'} portal@portal.onap.org|portal|local|/opt/app/osaaf/local||mailto:|org.onap.portal|root|30|{'onap.portal', 'onap_portal', 'portal', 'portal-app', 'portal.api.simpledemo.onap.org', 'portal.onap', 'portal_onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'} refrepo@refrepo.onap.org|refrepo|local|/opt/app/osaaf/local||mailto:|org.onap.refrepo|root|30|{'refrepo', 'refrepo.api.simpledemo.onap.org', 'refrepo.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12'} diff --git a/kubernetes/common/cassandra/resources/restore.sh b/kubernetes/common/cassandra/resources/restore.sh index a8105345f7..7f271d262f 100644 --- a/kubernetes/common/cassandra/resources/restore.sh +++ b/kubernetes/common/cassandra/resources/restore.sh @@ -41,7 +41,7 @@ then print_usage fi -while [[ $# -gt 0 ]] +while [ $# -gt 0 ] do key="$1" shift diff --git a/kubernetes/common/etcd-init/.helmignore b/kubernetes/common/etcd-init/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/common/etcd-init/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/common/etcd-init/Chart.yaml b/kubernetes/common/etcd-init/Chart.yaml new file mode 100644 index 0000000000..20f5ac40cc --- /dev/null +++ b/kubernetes/common/etcd-init/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright (C) 2021 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Chart for etcd init job +name: etcd-init +version: 8.0.0 diff --git a/kubernetes/common/etcd-init/requirements.yaml b/kubernetes/common/etcd-init/requirements.yaml new file mode 100644 index 0000000000..008789b822 --- /dev/null +++ b/kubernetes/common/etcd-init/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright (C) 2021 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~8.x-0 + repository: 'file://../common' + - name: repositoryGenerator + version: ~8.x-0 + repository: 'file://../repositoryGenerator' diff --git a/kubernetes/common/etcd-init/templates/job.yaml b/kubernetes/common/etcd-init/templates/job.yaml new file mode 100644 index 0000000000..69bcfaaf99 --- /dev/null +++ b/kubernetes/common/etcd-init/templates/job.yaml @@ -0,0 +1,104 @@ +{{/* +# Copyright (C) 2021 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-job + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + backoffLimit: {{ .Values.backoffLimit }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + name: {{ include "common.name" . }} + spec: + initContainers: + - name: {{ include "common.name" . }}-readiness + command: + - /app/ready.py + args: + - --container-name + - {{ .Values.etcd.containerName }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + - -ec + - | + # Create users + export ETCDCTL_ENDPOINTS=http://${ETCD_HOST}:${ETCD_PORT} + export ETCDCTL_API=3 + echo "${ROOT_PASSWORD}" | etcdctl user add root --interactive=false + echo "${APP_PASSWORD}" | etcdctl user add ${APP_USER} --interactive=false + + # Create roles + etcdctl role add ${APP_ROLE} + etcdctl role grant-permission ${APP_ROLE} --prefix=true readwrite ${KEY_PREFIX} + + etcdctl user grant-role ${APP_USER} ${APP_ROLE} + etcdctl auth enable + env: + - name: ALLOW_NONE_AUTHENTICATION + value: "yes" + - name: ETCD_HOST + value: "{{ .Values.etcd.serviceName }}.{{ include "common.namespace" . }}" + - name: ETCD_PORT + value: "{{ .Values.etcd.port }}" + - name: ROOT_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-password" "key" "password" ) | indent 10 }} + - name: APP_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-creds" "key" "login") | indent 10 }} + - name: APP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-creds" "key" "password") | indent 10 }} + - name: APP_ROLE + value: "{{ .Values.config.appRole }}" + - name: KEY_PREFIX + value: "{{ .Values.config.keyPrefix }}" + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + restartPolicy: Never + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/common/etcd-init/templates/secret.yaml b/kubernetes/common/etcd-init/templates/secret.yaml new file mode 100644 index 0000000000..e874185693 --- /dev/null +++ b/kubernetes/common/etcd-init/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright (C) 2021 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/common/etcd-init/values.yaml b/kubernetes/common/etcd-init/values.yaml new file mode 100644 index 0000000000..c99c9f1e5b --- /dev/null +++ b/kubernetes/common/etcd-init/values.yaml @@ -0,0 +1,74 @@ +# Copyright (C) 2021 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: {} + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: root-password + type: password + externalSecret: '{{ tpl (default "" .Values.config.userRootSecret) . }}' + password: '{{ .Values.config.userRootPassword }}' + - uid: app-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.appUser }}' + password: '{{ .Values.config.appPassword }}' + +################################################################# +# Application configuration defaults. +################################################################# + +image: bitnami/etcd:3.3.15 +pullPolicy: Always +backoffLimit: 20 + +nodeSelector: {} + +affinity: {} + +etcd: + serviceName: k8s-etcd + port : 2379 + containerName: k8s-etcd + +config: + userRootSecret: root +# userCredentialsExternalSecret: + appUser: user + appRole: role + keyPrefix: key + +flavor: small +resources: + small: + limits: + cpu: 100m + memory: 500Mi + requests: + cpu: 10m + memory: 10Mi + large: + limits: + cpu: 200m + memory: 500Mi + requests: + cpu: 20m + memory: 20Mi + unlimited: {} diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml index a343d4fce5..48c8b6d0cc 100644 --- a/kubernetes/common/etcd/templates/statefulset.yaml +++ b/kubernetes/common/etcd/templates/statefulset.yaml @@ -49,7 +49,7 @@ spec: {{ toYaml .Values.tolerations | indent 8 }} {{- end }} containers: - - name: {{ include "common.fullname" . }} + - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.googleK8sRepository" . }}/{{ .Values.image }} imagePullPolicy: "{{ .Values.pullPolicy }}" ports: diff --git a/kubernetes/config/prepull_docker.sh b/kubernetes/config/prepull_docker.sh index 040adec23d..590d651f87 100755 --- a/kubernetes/config/prepull_docker.sh +++ b/kubernetes/config/prepull_docker.sh @@ -102,7 +102,7 @@ do for line in `parse_yaml $filename` do #skiping commented line - if [[ ${line:0:1} != '#' ]]; then + if [ "${line:0:1}" != '#' ]; then #find all image subtag inside converted values.yaml file's lines if echo $line | grep -q $IMAGE_TEXT ; then #find imageName inside line diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh index 1a75bd7a85..67bbfd6c6f 100755 --- a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh @@ -86,9 +86,11 @@ deploy() { target_machine_notice_info } -if [[ $# -eq 1 ]] && [[ $1 = "-h" || $1 = "--help" ]]; then +if [ $# -eq 1 ] && [ "$1" = "-h" ]; then usage -elif [[ $# -eq 1 ]] && [[ $1 = "--info" ]]; then +elif [ $# -eq 1 ] && [ "$1" = "--help" ]; then + usage +elif [ $# -eq 1 ] && [ "$1" = "--info" ]; then target_machine_notice_info else deploy $@ diff --git a/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh b/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh index 44fe79a0c6..bf2bc121a7 100755 --- a/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh +++ b/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh @@ -76,9 +76,11 @@ manual_configuration() { generate_config_map $@ } -if [[ $# -eq 1 ]] && [[ $1 = "-h" || $1 = "--help" ]]; then +if [ $# -eq 1 ] && [ "$1" = "-h" ]; then usage -elif [[ $# -eq 0 ]]; then +if [ $# -eq 1 ] && [ "$1" = "--help" ]; then + usage +elif [ $# -eq 0 ]; then automatic_configuration else manual_configuration $@ diff --git a/kubernetes/contrib/tools/rke/rke_setup.sh b/kubernetes/contrib/tools/rke/rke_setup.sh index 7950e0cc88..2ee123b36a 100755 --- a/kubernetes/contrib/tools/rke/rke_setup.sh +++ b/kubernetes/contrib/tools/rke/rke_setup.sh @@ -344,7 +344,7 @@ while getopts ":b:s:e:u:l:k:v" PARAM; do esac done -if [[ -z $BRANCH ]]; then +if [ -z $BRANCH ]; then usage exit 1 fi diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl index 5de526288e..310d9ae662 100644 --- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl @@ -274,6 +274,10 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }} env: + {{- range $cred := .Values.credentials }} + - name: {{ $cred.name }} + {{- include "common.secret.envFromSecretFast" (dict "global" $ "uid" $cred.uid "key" $cred.key) | indent 10 }} + {{- end }} {{- if $certDir }} - name: DCAE_CA_CERTPATH value: {{ $certDir }}/cacert.pem @@ -317,6 +321,8 @@ spec: volumeMounts: - mountPath: /app-config name: app-config + - mountPath: /app-config-input + name: app-config-input {{- if $logDir }} - mountPath: {{ $logDir}} name: component-log @@ -324,7 +330,7 @@ spec: {{- if $certDir }} - mountPath: {{ $certDir }} name: tls-info - {{- if and .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration -}} + {{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}} {{- include "common.certManager.volumeMountsReadOnly" . | nindent 8 -}} {{- end -}} {{- end }} @@ -422,7 +428,7 @@ spec: {{- if $certDir }} - emptyDir: {} name: tls-info - {{ if and .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration -}} + {{ if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}} {{ include "common.certManager.volumesReadOnly" . | nindent 6 }} {{- end }} {{- end }} @@ -443,7 +449,7 @@ spec: */}} {{- define "dcaegen2-services-common._certPostProcessor" -}} {{- $certDir := default "" .Values.certDirectory . -}} - {{- if and $certDir .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration -}} + {{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}} {{- $cmpv2Certificate := (index .Values.certificates 0) -}} {{- $cmpv2CertificateDir := $cmpv2Certificate.mountPath -}} {{- $certType := "pem" -}} @@ -480,3 +486,16 @@ spec: value: {{ $keystoreDestinationPaths | quote }} {{- end }} {{- end -}} + +{{/* + Template returns string "true" if CMPv2 certificates should be used and nothing (so it can be used in with statements) + when they shouldn't. Example use: + {{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}} + +*/}} +{{- define "dcaegen2-services-common.shouldUseCmpv2Certificates" -}} + {{- $certDir := default "" .Values.certDirectory . -}} + {{- if (and $certDir .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration .Values.useCmpv2Certificates) -}} + true + {{- end -}} +{{- end -}} diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/certificates.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/certificates.yaml index 0db2138a4f..12a05885ca 100644 --- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/certificates.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/certificates.yaml @@ -14,6 +14,6 @@ # limitations under the License. */}} -{{ if and .Values.certDirectory .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }} +{{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}} {{ include "certManagerCertificate.certificate" . }} {{ end }} diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml index bb65f37f73..223789a75f 100644 --- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml @@ -65,8 +65,13 @@ secrets: passwordPolicy: required # CMPv2 certificate -# It is used only when global parameter cmpv2Enabled is true +# It is used only when: +# - certDirectory is set +# - global cmpv2Enabled flag is set to true +# - global CertManagerIntegration flag is set to true +# - flag useCmpv2Certificates is set to true # Disabled by default +useCmpv2Certificates: false certificates: - mountPath: /etc/ves-hv/ssl/external commonName: dcae-hv-ves-collector diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/certificates.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/certificates.yaml index 0db2138a4f..12a05885ca 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/certificates.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/certificates.yaml @@ -14,6 +14,6 @@ # limitations under the License. */}} -{{ if and .Values.certDirectory .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }} +{{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}} {{ include "certManagerCertificate.certificate" . }} {{ end }} diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml index a675db6797..9e08ea1a69 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml @@ -58,8 +58,13 @@ certDirectory: /opt/app/dcae-certificate tlsServer: true # CMPv2 certificate -# It is used only when global parameter cmpv2Enabled is true +# It is used only when: +# - certDirectory is set +# - global cmpv2Enabled flag is set to true +# - global CertManagerIntegration flag is set to true +# - flag useCmpv2Certificates is set to true # Disabled by default +useCmpv2Certificates: false certificates: - mountPath: /opt/app/dcae-certificate/external commonName: dcae-ves-collector diff --git a/kubernetes/helm/plugins/deploy/deploy.sh b/kubernetes/helm/plugins/deploy/deploy.sh index 0d434ad877..ce8e80225f 100755 --- a/kubernetes/helm/plugins/deploy/deploy.sh +++ b/kubernetes/helm/plugins/deploy/deploy.sh @@ -49,14 +49,14 @@ generate_overrides() { for index in "${!SUBCHART_NAMES[@]}"; do START=${SUBCHART_NAMES[index]} END=${SUBCHART_NAMES[index+1]} - if [[ $START = "global:" ]]; then + if [ "$START" = "global:" ]; then echo "global:" > $GLOBAL_OVERRIDES cat $COMPUTED_OVERRIDES | sed '/common:/,/consul:/d' \ | sed -n '/^'"$START"'/,/'log:'/p' | sed '1d;$d' >> $GLOBAL_OVERRIDES else SUBCHART_DIR="$CACHE_SUBCHART_DIR/$(echo "$START" |cut -d':' -f1)" - if [[ -d "$SUBCHART_DIR" ]]; then - if [[ -z "$END" ]]; then + if [ -d "$SUBCHART_DIR" ]; then + if [ -z "$END" ]; then cat $COMPUTED_OVERRIDES | sed -n '/^'"$START"'/,/'"$END"'/p' \ | sed '1d;$d' | cut -c3- > $SUBCHART_DIR/subchart-overrides.yaml else @@ -72,11 +72,11 @@ resolve_deploy_flags() { n=${#flags[*]} i=0 ; while [ "$i" -lt "$n" ]; do PARAM=${flags[i]} - if [[ $PARAM = "-f" || \ - $PARAM = "--values" || \ - $PARAM = "--set" || \ - $PARAM = "--set-string" || \ - $PARAM = "--version" ]]; then + if [ "$PARAM" = "-f" ] || \ + [ "$PARAM" = "--values" ] || \ + [ "$PARAM" = "--set" ] || \ + [ "$PARAM" = "--set-string" ] || \ + [ "$PARAM" = "--version" ]; then # skip param and its value i=$((i + 1)) else @@ -89,7 +89,7 @@ resolve_deploy_flags() { deploy() { # validate params - if [[ -z "$1" || -z "$2" ]]; then + if [ -z "$1" ] || [ -z "$2" ]; then usage exit 0 fi @@ -99,7 +99,7 @@ deploy() { FLAGS=${@:3} CHART_REPO="$(echo "$CHART_URL" |cut -d'/' -f1)" CHART_NAME="$(echo "$CHART_URL" |cut -d'/' -f2)" - if [[ $HELM_VER = "v3."* ]]; then + if expr "$HELM_VER" : "v3\..*" ; then CACHE_DIR=~/.local/share/helm/plugins/deploy/cache else CACHE_DIR=~/.helm/plugins/deploy/cache @@ -111,23 +111,23 @@ deploy() { # determine if verbose output is enabled VERBOSE="false" - if [[ $FLAGS = *"--verbose"* ]]; then + if expr "$FLAGS" : ".*--verbose.*" ; then FLAGS="$(echo $FLAGS| sed -n 's/--verbose//p')" VERBOSE="true" fi # determine if delay for deployment is enabled DELAY="false" - if [[ $FLAGS = *"--delay"* ]]; then + if expr "$FLAGS" : ".*--delay.*" ; then FLAGS="$(echo $FLAGS| sed -n 's/--delay//p')" DELAY="true" fi # determine if set-last-applied flag is enabled SET_LAST_APPLIED="false" - if [[ $FLAGS = *"--set-last-applied"* ]]; then + if expr"$FLAGS" : ".*--set-last-applied.*" ; then FLAGS="$(echo $FLAGS| sed -n 's/--set-last-applied//p')" SET_LAST_APPLIED="true" fi - if [[ $FLAGS = *"--dry-run"* ]]; then + if expr "$FLAGS" : ".*--dry-run.*" ; then VERBOSE="true" FLAGS="$FLAGS --debug" fi @@ -150,7 +150,7 @@ deploy() { SUBCHART_RELEASE="$(echo "$RELEASE" |cut -d'-' -f2)" # update specified subchart without parent RELEASE="$(echo "$RELEASE" |cut -d'-' -f1)" - if [[ $SUBCHART_RELEASE = $RELEASE ]]; then + if [ "$SUBCHART_RELEASE" = "$RELEASE" ]; then SUBCHART_RELEASE= fi @@ -158,7 +158,7 @@ deploy() { rm -rf $CACHE_DIR # fetch umbrella chart (parent chart containing subcharts) - if [[ -d "$CHART_URL" ]]; then + if [ -d "$CHART_URL" ]; then mkdir -p $CHART_DIR cp -R $CHART_URL/* $CHART_DIR/ @@ -195,20 +195,20 @@ deploy() { generate_overrides $COMPUTED_OVERRIDES $GLOBAL_OVERRIDES # upgrade/install parent chart first - if [[ -z "$SUBCHART_RELEASE" ]]; then + if [ -z "$SUBCHART_RELEASE" ]; then LOG_FILE=$LOG_DIR/${RELEASE}.log :> $LOG_FILE helm upgrade -i $RELEASE $CHART_DIR $DEPLOY_FLAGS -f $COMPUTED_OVERRIDES \ > $LOG_FILE.log 2>&1 - if [[ $VERBOSE = "true" ]]; then + if [ "$VERBOSE" = "true" ]; then cat $LOG_FILE else echo "release \"$RELEASE\" deployed" fi # Add annotation last-applied-configuration if set-last-applied flag is set - if [[ $SET_LAST_APPLIED = "true" ]]; then + if [ "$SET_LAST_APPLIED" = "true" ]; then helm get manifest ${RELEASE} \ | kubectl apply set-last-applied --create-annotation -n onap -f - \ > $LOG_FILE.log 2>&1 @@ -224,12 +224,12 @@ deploy() { SUBCHART_OVERRIDES=$CACHE_SUBCHART_DIR/$subchart/subchart-overrides.yaml SUBCHART_ENABLED=0 - if [[ -f $SUBCHART_OVERRIDES ]]; then + if [ -f $SUBCHART_OVERRIDES ]; then SUBCHART_ENABLED=$(cat $SUBCHART_OVERRIDES | grep -c "^enabled: true") fi - if [[ $SUBCHART_ENABLED -eq 1 ]]; then - if [[ -z "$SUBCHART_RELEASE" || $SUBCHART_RELEASE = "$subchart" ]]; then + if [ $SUBCHART_ENABLED -eq 1 ]; then + if [ -z "$SUBCHART_RELEASE" ] || [ "$SUBCHART_RELEASE" = "$subchart" ]; then LOG_FILE=$LOG_DIR/"${RELEASE}-${subchart}".log :> $LOG_FILE @@ -237,19 +237,19 @@ deploy() { $DEPLOY_FLAGS -f $GLOBAL_OVERRIDES -f $SUBCHART_OVERRIDES \ > $LOG_FILE 2>&1 - if [[ $VERBOSE = "true" ]]; then + if [ "$VERBOSE" = "true" ]; then cat $LOG_FILE else echo "release \"${RELEASE}-${subchart}\" deployed" fi # Add annotation last-applied-configuration if set-last-applied flag is set - if [[ $SET_LAST_APPLIED = "true" ]]; then + if [ "$SET_LAST_APPLIED" = "true" ]; then helm get manifest "${RELEASE}-${subchart}" \ | kubectl apply set-last-applied --create-annotation -n onap -f - \ > $LOG_FILE.log 2>&1 fi fi - if [[ $DELAY = "true" ]]; then + if [ "$DELAY" = "true" ]; then echo sleep 3m sleep 3m fi @@ -257,7 +257,7 @@ deploy() { array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}")) n=${#array[*]} for i in $(seq $(($n-1)) -1 0); do - if [[ $HELM_VER = "v3."* ]]; then + if expr "$HELM_VER" : "v3\..*" ; then helm del "${array[i]}" else helm del "${array[i]}" --purge @@ -267,7 +267,7 @@ deploy() { done # report on success/failures of installs/upgrades - if [[ $HELM_VER = "v3."* ]]; then + if expr "$HELM_VER" : "v3\..*" ; then helm ls --all-namespaces | grep -i FAILED | grep $RELEASE else helm ls | grep FAILED | grep $RELEASE diff --git a/kubernetes/helm/plugins/undeploy/undeploy.sh b/kubernetes/helm/plugins/undeploy/undeploy.sh index 1689bf1b48..790f84fda9 100755 --- a/kubernetes/helm/plugins/undeploy/undeploy.sh +++ b/kubernetes/helm/plugins/undeploy/undeploy.sh @@ -29,7 +29,7 @@ undeploy() { done } -if [[ $# < 1 ]]; then +if [ $# < 1 ]; then echo "Error: command 'undeploy' requires a release name" exit 0 fi diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml index 491250c72a..ba4a657c1a 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml @@ -55,21 +55,6 @@ spec: image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - name: {{ include "common.name" . }}-onboard-readiness - command: - - /app/ready.py - args: - - -j - - "{{ include "common.release" . }}-oof-has-onboard" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - name: {{ include "common.name" . }}-has-sms-readiness command: - sh @@ -94,7 +79,7 @@ spec: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["/bin/bash","-c"] + command: ["/bin/sh","-c"] args: ["/usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port={{ .Values.uwsgi.internalPort }} --die-on-term --exit-on-reload --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --protocol=uwsgi --socket 0.0.0.0:{{ .Values.uwsgi.internalPort }}"] ports: - containerPort: {{ .Values.uwsgi.internalPort }} @@ -112,7 +97,7 @@ spec: port: {{ .Values.uwsgi.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - env: + env: {{ include "oof.etcd.env" . | nindent 10 }} volumeMounts: - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml index d6743cdfda..63461d9c83 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml @@ -16,7 +16,7 @@ global: # global defaults nodePortPrefix: 302 image: - optf_has: onap/optf-has:2.1.5 + optf_has: onap/optf-has:2.2.0 ################################################################# # secrets metaconfig @@ -26,6 +26,18 @@ secrets: externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' type: generic filePaths: '{{ .Values.secretsFilePaths }}' + - uid: oof-has-etcd-secret + name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.etcd.appUser }}' + password: '{{ .Values.config.etcd.appPassword }}' + passwordPolicy: required + +config: + etcd: + appUser: user + appPassword: pass service: type: NodePort diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml index 8e0ff1aeb5..895a305b53 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml @@ -41,8 +41,8 @@ spec: command: - /app/ready.py args: - - --container-name - - music-springboot + - --job-name + - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job - --container-name - aaf-sms env: @@ -54,21 +54,6 @@ spec: image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - name: {{ include "common.name" . }}-onboard-readiness - command: - - /app/ready.py - args: - - -j - - "{{ include "common.release" . }}-oof-has-onboard" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - name: {{ include "common.name" . }}-cont-sms-readiness command: - sh @@ -114,7 +99,7 @@ spec: - /usr/local/bin/healthy.sh initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - env: + env: {{ include "oof.etcd.env" . | nindent 10 }} volumeMounts: - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml index 3cbf96adc1..9e799e1045 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.1.5 + optf_has: onap/optf-has:2.2.0 ################################################################# # Secrets metaconfig @@ -24,6 +24,18 @@ secrets: externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' type: generic filePaths: '{{ .Values.secretsFilePaths }}' + - uid: oof-has-etcd-secret + name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.etcd.appUser }}' + password: '{{ .Values.config.etcd.appPassword }}' + passwordPolicy: required + +config: + etcd: + appUser: user + appPassword: pass ingress: enabled: false diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml index f4ccd57773..cc4eaf08b9 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml @@ -41,38 +41,8 @@ spec: command: - /app/ready.py args: - - --container-name - - music-springboot - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - - name: {{ include "common.name" . }}-onboard-readiness - command: - - /app/ready.py - args: - - -j - - "{{ include "common.release" . }}-oof-has-onboard" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - - name: {{ include "common.name" . }}-health-readiness - command: - - /app/ready.py - args: - - -j - - "{{ include "common.release" . }}-oof-has-healthcheck" + - --job-name + - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job env: - name: NAMESPACE valueFrom: @@ -128,7 +98,7 @@ spec: - /usr/local/bin/healthy.sh initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - env: + env: {{ include "oof.etcd.env" . | nindent 10 }} volumeMounts: - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml index 0940a9db39..915ffc019f 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.1.5 + optf_has: onap/optf-has:2.2.0 ################################################################# # secrets metaconfig @@ -24,6 +24,18 @@ secrets: externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' type: generic filePaths: '{{ .Values.secretsFilePaths }}' + - uid: oof-has-etcd-secret + name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.etcd.appUser }}' + password: '{{ .Values.config.etcd.appPassword }}' + passwordPolicy: required + +config: + etcd: + appUser: user + appPassword: pass ingress: enabled: false diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml index 4d04b6fe76..095162bea2 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml @@ -41,38 +41,8 @@ spec: command: - /app/ready.py args: - - --container-name - - music-springboot - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - - name: {{ include "common.name" . }}-onboard-readiness - command: - - /app/ready.py - args: - - -j - - "{{ include "common.release" . }}-oof-has-onboard" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - - name: {{ include "common.name" . }}-health-readiness - command: - - /app/ready.py - args: - - -j - - "{{ include "common.release" . }}-oof-has-healthcheck" + - --job-name + - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job env: - name: NAMESPACE valueFrom: @@ -128,7 +98,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} {{ end -}} - env: + env: {{ include "oof.etcd.env" . | nindent 10 }} volumeMounts: - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml index 0940a9db39..915ffc019f 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.1.5 + optf_has: onap/optf-has:2.2.0 ################################################################# # secrets metaconfig @@ -24,6 +24,18 @@ secrets: externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' type: generic filePaths: '{{ .Values.secretsFilePaths }}' + - uid: oof-has-etcd-secret + name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.etcd.appUser }}' + password: '{{ .Values.config.etcd.appPassword }}' + passwordPolicy: required + +config: + etcd: + appUser: user + appPassword: pass ingress: enabled: false diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml index 6079dcfd6e..d664ca0875 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml @@ -41,38 +41,8 @@ spec: command: - /app/ready.py args: - - --container-name - - music-springboot - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - - name: {{ include "common.name" . }}-onboard-readiness - command: - - /app/ready.py - args: - - -j - - "{{ include "common.release" . }}-oof-has-onboard" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - - name: {{ include "common.name" . }}-health-readiness - command: - - /app/ready.py - args: - - -j - - "{{ include "common.release" . }}-oof-has-healthcheck" + - --job-name + - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job env: - name: NAMESPACE valueFrom: @@ -128,7 +98,7 @@ spec: - /usr/local/bin/healthy.sh initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - env: + env: {{ include "oof.etcd.env" . | nindent 10 }} volumeMounts: - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml index 0940a9db39..915ffc019f 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.1.5 + optf_has: onap/optf-has:2.2.0 ################################################################# # secrets metaconfig @@ -24,6 +24,18 @@ secrets: externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' type: generic filePaths: '{{ .Values.secretsFilePaths }}' + - uid: oof-has-etcd-secret + name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.etcd.appUser }}' + password: '{{ .Values.config.etcd.appPassword }}' + passwordPolicy: required + +config: + etcd: + appUser: user + appPassword: pass ingress: enabled: false diff --git a/kubernetes/oof/components/oof-has/requirements.yaml b/kubernetes/oof/components/oof-has/requirements.yaml index 851211a1fb..7310aac8d0 100755 --- a/kubernetes/oof/components/oof-has/requirements.yaml +++ b/kubernetes/oof/components/oof-has/requirements.yaml @@ -20,6 +20,15 @@ dependencies: - name: music version: ~8.x-0 repository: '@local' + condition: music.enabled + - name: etcd + version: ~8.x-0 + repository: '@local' + condition: etcd.enabled + - name: etcd-init + version: ~8.x-0 + repository: '@local' + condition: etcd-init.enabled - name: oof-has-api version: ~8.x-0 repository: 'file://components/oof-has-api' diff --git a/kubernetes/oof/components/oof-has/resources/config/conductor.conf b/kubernetes/oof/components/oof-has/resources/config/conductor.conf index ded979c4fc..18b60bba4a 100755 --- a/kubernetes/oof/components/oof-has/resources/config/conductor.conf +++ b/kubernetes/oof/components/oof-has/resources/config/conductor.conf @@ -424,6 +424,30 @@ server_url = http://{{.Values.config.msb.serviceName}}.{{ include "common.namesp #server_url_version = v0 +[db_options] + +# db_backend to use +db_backend = {{.Values.config.dbBackend}} + +# Use music mock api +music_mock = False + + +[etcd_api] + +# host/ip address of etcd server +host = {{.Values.config.etcd.serviceName}}.{{ include "common.namespace" . }} + +# port of etcd server +port = {{.Values.config.etcd.port}} + +# username for etcd authentication +username = + +# password for etcd authentication +password = + + [music_api] # diff --git a/kubernetes/oof/components/oof-has/resources/config/healthcheck.json b/kubernetes/oof/components/oof-has/resources/config/healthcheck.json deleted file mode 100755 index 833fa0f5d9..0000000000 --- a/kubernetes/oof/components/oof-has/resources/config/healthcheck.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "consistencyInfo": { - "type": "eventual" - }, - "values": { - "id": "healthcheck", - "created": 1479482603641, - "message": "", - "name": "foo", - "recommend_max": 1, - "solution": "{\"healthcheck\": \" healthcheck\"}", - "status": "solved", - "template": "{\"healthcheck\": \"healthcheck\"}", - "timeout": 3600, - "translation": "{\"healthcheck\": \" healthcheck\"}", - "updated": 1484324150629 - } -} diff --git a/kubernetes/oof/components/oof-has/resources/config/onboard.json b/kubernetes/oof/components/oof-has/resources/config/onboard.json deleted file mode 100755 index 2c3d69be8d..0000000000 --- a/kubernetes/oof/components/oof-has/resources/config/onboard.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "appname": "conductor", - "userId": "conductor", - "isAAF": "false", - "password": "c0nduct0r" -} diff --git a/kubernetes/oof/components/oof-has/templates/job-healthcheck.yaml b/kubernetes/oof/components/oof-has/templates/job-healthcheck.yaml deleted file mode 100755 index 49406ba423..0000000000 --- a/kubernetes/oof/components/oof-has/templates/job-healthcheck.yaml +++ /dev/null @@ -1,100 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "common.fullname" . }}-healthcheck - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - command: - - /app/ready.py - args: - - --container-name - - oof-has-api - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - containers: - - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-healthcheck - command: - - "/bin/sh" - - "-c" - - | - echo "INSERT HEALTHCHECK PLAN"; - sleep 15; - resp="FAILURE"; - until [ $resp = "200" ]; do - resp=$(curl -k -s -o /dev/null --write-out %{http_code} -X POST https://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2/keyspaces/conductor/tables/plans/rows?id=healthcheck \ - -H "Content-Type: application/json" \ - -H "ns: conductor" \ - -H "Authorization: Basic Y29uZHVjdG9yOmMwbmR1Y3Qwcg==" \ - --data @healthcheck.json); - echo $resp; - sleep 2; - done; - workingDir: /has - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /has/healthcheck.json - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: healthcheck.json - resources: -{{ include "common.resources" . | indent 10 }} - nodeSelector: - {{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: {{ .Values.global.commonConfigPrefix }}-config - configMap: - name: {{ .Values.global.commonConfigPrefix }}-configmap - items: - - key: healthcheck.json - path: healthcheck.json - restartPolicy: OnFailure - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/components/oof-has/templates/job-onboard.yaml b/kubernetes/oof/components/oof-has/templates/job-onboard.yaml deleted file mode 100755 index e63aeb369a..0000000000 --- a/kubernetes/oof/components/oof-has/templates/job-onboard.yaml +++ /dev/null @@ -1,105 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "common.fullname" . }}-onboard - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - command: - - /app/ready.py - args: - - --container-name - - "music-springboot" - - --container-name - - "music-cassandra" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - command: - - /app/ready.py - args: - - -j - - "{{ include "common.release" . }}-music-cassandra-config" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-music-db-readiness - containers: - - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-onboard - command: - - "/bin/sh" - - "-c" - - | - echo "job-onboard" - workingDir: /has - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /has/onboard.json - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: onboard.json - resources: -{{ include "common.resources" . | indent 10 }} - nodeSelector: - {{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: {{ .Values.global.commonConfigPrefix }}-config - configMap: - name: {{ .Values.global.commonConfigPrefix }}-configmap - items: - - key: onboard.json - path: onboard.json - restartPolicy: OnFailure - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/components/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml index 3615a3bd33..9a8b60574e 100755 --- a/kubernetes/oof/components/oof-has/values.yaml +++ b/kubernetes/oof/components/oof-has/values.yaml @@ -19,7 +19,7 @@ global: commonConfigPrefix: onap-oof-has image: - optf_has: onap/optf-has:2.1.5 + optf_has: onap/optf-has:2.2.0 persistence: enabled: true @@ -32,11 +32,24 @@ secrets: externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' type: generic filePaths: '{{ .Values.secretsFilePaths }}' + - uid: oof-has-etcd-root-password + name: &root-password '{{ include "common.release" . }}-has-etcd-root-password' + type: password + password: '{{ .Values.config.etcd.rootPassword }}' + policy: generate + - uid: oof-has-etcd-secret + name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.etcd.appUser }}' + password: '{{ .Values.config.etcd.appPassword }}' + passwordPolicy: generate pullPolicy: Always nodePortPrefix: 302 dataRootDir: /dockerdata-nfs config: + dbBackend: etcd aaf: serviceName: aaf-service port: 8100 @@ -58,6 +71,13 @@ config: cps: service: cps-tbdmt port: 8080 + etcd: + serviceName: &etcd-service oof-has-etcd + port: 2379 + appUser: conductor +# rootPassword: +# appPassword: +# userCredentialsExternalSecret: # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) @@ -79,19 +99,59 @@ resources: unlimited: {} #component overrides -oof-has-api: +oof-has-api: &has-config enabled: true certSecret: *oof-certs -oof-has-controller: - enabled: true - certSecret: *oof-certs -oof-has-data: - enabled: true - certSecret: *oof-certs -oof-has-reservation: - enabled: true - certSecret: *oof-certs -oof-has-solver: + config: + etcd: + userCredentialsExternalSecret: *user-creds + configJobNameOverride: &job-name oof-has-etcd-config +oof-has-controller: *has-config +oof-has-data: *has-config +oof-has-reservation: *has-config +oof-has-solver: *has-config +music: + enabled: false + +#etcd subchart configurations +etcd: enabled: true - certSecret: *oof-certs + replicaCount: 3 + nameOverride: &etcd-container oof-has-etcd + service: + name: *etcd-service + persistence: + mountSubPath: oof/etcd/data + enabled: true + flavor: &etcd-flavor large + resources: &etcd-resources + small: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 10m + memory: 75Mi + large: + limits: + cpu: 200m + memory: 1Gi + requests: + cpu: 50m + memory: 300Mi + unlimited: {} +etcd-init: + enabled: true + nameOverride: *job-name + etcd: + serviceName: *etcd-service + port : 2379 + containerName: *etcd-container + config: + userRootSecret: *root-password + userCredentialsExternalSecret: *user-creds + appRole: conductor + keyPrefix: conductor + flavor: *etcd-flavor + resources: *etcd-resources diff --git a/kubernetes/oof/components/oof-templates/templates/_secret.tpl b/kubernetes/oof/components/oof-templates/templates/_secret.tpl new file mode 100644 index 0000000000..0b04f7120b --- /dev/null +++ b/kubernetes/oof/components/oof-templates/templates/_secret.tpl @@ -0,0 +1,6 @@ +{{- define "oof.etcd.env" -}} +- name: OS_ETCD_API__USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-has-etcd-secret" "key" "login") | indent 2 }} +- name: OS_ETCD_API__PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-has-etcd-secret" "key" "password") | indent 2 }} +{{- end -}}
\ No newline at end of file diff --git a/kubernetes/portal/docker/init/mariadb-client/db_migrate.sh b/kubernetes/portal/docker/init/mariadb-client/db_migrate.sh index 6f62a0ebac..2b90a994c3 100644 --- a/kubernetes/portal/docker/init/mariadb-client/db_migrate.sh +++ b/kubernetes/portal/docker/init/mariadb-client/db_migrate.sh @@ -17,10 +17,10 @@ SQL_DEST_DIR=${SQL_DEST_DIR:-/tmp/sql} DB_PORT=${DB_PORT:-3306} -[[ -z "$SQL_SRC_DIR" ]] && { echo "Error: SQL_SRC_DIR must be provided as an environment variable"; exit 1; } -[[ -z "$DB_USER" ]] && { echo "Error: DB_USER must be provided as an environment variable"; exit 1; } -[[ -z "$DB_PASS" ]] && { echo "Error: DB_PASS must be provided as an environment variable"; exit 1; } -[[ -z "$DB_HOST" ]] && { echo "Error: DB_HOST must be provided as an environment variable"; exit 1; } +[ -z "$SQL_SRC_DIR" ] && { echo "Error: SQL_SRC_DIR must be provided as an environment variable"; exit 1; } +[ -z "$DB_USER" ] && { echo "Error: DB_USER must be provided as an environment variable"; exit 1; } +[ -z "$DB_PASS" ] && { echo "Error: DB_PASS must be provided as an environment variable"; exit 1; } +[ -z "$DB_HOST" ] && { echo "Error: DB_HOST must be provided as an environment variable"; exit 1; } mkdir -p $SQL_DEST_DIR diff --git a/kubernetes/robot/demo-k8s.sh b/kubernetes/robot/demo-k8s.sh index d48070cf24..099f80ccff 100755 --- a/kubernetes/robot/demo-k8s.sh +++ b/kubernetes/robot/demo-k8s.sh @@ -63,7 +63,7 @@ usage () # Check if execscript flag is used and drop it from input arguments -if [[ "${!#}" = "execscript" ]]; then +if [ "${!#}" = "execscript" ]; then set -- "${@:1:$#-1}" execscript=true fi diff --git a/kubernetes/robot/ete-k8s.sh b/kubernetes/robot/ete-k8s.sh index 97f4e4d032..15d07fb3ee 100755 --- a/kubernetes/robot/ete-k8s.sh +++ b/kubernetes/robot/ete-k8s.sh @@ -76,7 +76,7 @@ SCRIPTDIR=scripts/etescript ETEHOME=/var/opt/ONAP -if [[ "${!#}" = "execscript" ]]; then +if [ "${!#}" = "execscript" ]; then for script in $(ls -1 "$DIR/$SCRIPTDIR"); do [ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && source "$DIR/$SCRIPTDIR/$script" done diff --git a/kubernetes/robot/eteHelm-k8s.sh b/kubernetes/robot/eteHelm-k8s.sh index 2512e5f7ce..d5e2fa41c3 100755 --- a/kubernetes/robot/eteHelm-k8s.sh +++ b/kubernetes/robot/eteHelm-k8s.sh @@ -44,7 +44,7 @@ SCRIPTDIR=scripts/helmscript ETEHOME=/var/opt/ONAP -if [[ "${!#}" = "execscript" ]]; then +if [ "${!#}" = "execscript" ]; then for script in $(ls -1 "$DIR/$SCRIPTDIR"); do [ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && source "$DIR/$SCRIPTDIR/$script" done diff --git a/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh b/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh index 19864d438c..a93f109085 100755 --- a/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh +++ b/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh @@ -35,7 +35,7 @@ copy_package_certs_to_robot () { mkdir "$DIR/$SCRIPTDIR/tmp" cd "$DIR/$SCRIPTDIR/tmp" -if [[ -f rootCA-robot-$SDCVALID.cert && -f package-robot-$SDCVALID.cert && -f package-robot-$SDCINVALID.cert && -f package-private-robot-$SDCVALID.key && -f package-private-robot-$SDCINVALID.key ]]; then +if [ -f rootCA-robot-$SDCVALID.cert ] && [ -f package-robot-$SDCVALID.cert ] && [ -f package-robot-$SDCINVALID.cert ] && [ -f package-private-robot-$SDCVALID.key ] && [ -f package-private-robot-$SDCINVALID.key ]; then echo "All files are present"; else generate_ca_key_cert_and_package_cert_issued_by_CA $SDCVALID diff --git a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml index 28e9c1369c..346534ce57 100644 --- a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml @@ -119,8 +119,7 @@ spec: livenessProbe: httpGet: path: /sdc2/rest/healthCheck - port: {{ .Values.liveness.port }} - scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} @@ -128,9 +127,9 @@ spec: failureThreshold: {{ .Values.liveness.failureThreshold }} {{ end }} readinessProbe: - exec: - command: - - "/var/lib/jetty/ready-probe.sh" + httpGet: + path: /sdc2/rest/healthCheck + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} @@ -138,9 +137,9 @@ spec: failureThreshold: {{ .Values.readiness.failureThreshold }} resources: {{ include "common.resources" . | nindent 12 }} startupProbe: - exec: - command: - - "/var/lib/jetty/ready-probe.sh" + httpGet: + path: /sdc2/rest/healthCheck + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }} periodSeconds: {{ .Values.startup.periodSeconds }} timeoutSeconds: {{ .Values.startup.timeoutSeconds }} @@ -160,12 +159,12 @@ spec: fieldPath: status.podIP volumeMounts: - name: sdc-environments-output - mountPath: /var/lib/jetty/chef-solo/environments/ + mountPath: /app/jetty/chef-solo/environments/ - name: sdc-environments-output - mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12 + mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - name: sdc-environments-output - mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks + mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime @@ -178,7 +177,7 @@ spec: lifecycle: postStart: exec: - command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/catalog-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] + command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/app/jetty/config/catalog-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] # side car containers - name: {{ include "common.name" . }}-filebeat-onap image: {{ include "repositoryGenerator.image.logging" . }} diff --git a/kubernetes/sdc/components/sdc-be/templates/job.yaml b/kubernetes/sdc/components/sdc-be/templates/job.yaml index b9db3f93c8..aaf8fada28 100644 --- a/kubernetes/sdc/components/sdc-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/job.yaml @@ -64,7 +64,7 @@ spec: - name: {{ include "common.fullname" . }}-environments mountPath: /home/onap/chef-solo/environments/ - name: sdc-logs - mountPath: /var/lib/jetty/logs + mountPath: /home/onap/logs env: - name: ENVNAME value: {{ .Values.env.name }} diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml index fc3b53fc50..3e5c58b0bc 100644 --- a/kubernetes/sdc/components/sdc-be/values.yaml +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -35,8 +35,8 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-backend-all-plugins:1.8.5 -backendInitImage: onap/sdc-backend-init:1.8.5 +image: onap/sdc-backend-all-plugins:1.9.0 +backendInitImage: onap/sdc-backend-init:1.9.0 pullPolicy: Always @@ -90,7 +90,6 @@ liveness: failureThreshold: 3 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container - port: api enabled: true readiness: @@ -111,6 +110,7 @@ service: type: NodePort name: sdc-be both_tls_and_plain: true + internalPort: 8080 msb: - port: 8443 url: "/sdc/v1" diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml index 3422f9d14d..2308f95fb2 100644 --- a/kubernetes/sdc/components/sdc-cs/values.yaml +++ b/kubernetes/sdc/components/sdc-cs/values.yaml @@ -38,8 +38,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-cassandra:1.8.5 -cassandraInitImage: onap/sdc-cassandra-init:1.8.5 +image: onap/sdc-cassandra:1.9.0 +cassandraInitImage: onap/sdc-cassandra-init:1.9.0 pullPolicy: Always config: diff --git a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml index 0a5c0a3445..407d61c904 100644 --- a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml @@ -148,12 +148,12 @@ spec: value: {{ .Values.config.javaOptions }} volumeMounts: - name: sdc-environments-output - mountPath: /var/lib/jetty/chef-solo/environments/ + mountPath: /app/jetty/chef-solo/environments/ - name: sdc-environments-output - mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12 + mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - name: sdc-environments-output - mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks + mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime @@ -161,7 +161,7 @@ spec: - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-configs - mountPath: /var/lib/jetty/config/catalog-fe/plugins-configuration.yaml + mountPath: /app/jetty/config/catalog-fe/plugins-configuration.yaml subPath: plugins-configuration.yaml - name: {{ include "common.fullname" . }}-logback mountPath: /tmp/logback.xml @@ -169,7 +169,7 @@ spec: lifecycle: postStart: exec: - command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/catalog-fe/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] + command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/app/jetty/config/catalog-fe/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] # side car containers - name: {{ include "common.name" . }}-filebeat-onap image: {{ include "repositoryGenerator.image.logging" . }} diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml index dde22b5b55..82afc4d3db 100644 --- a/kubernetes/sdc/components/sdc-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-fe/values.yaml @@ -47,7 +47,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-frontend:1.8.5 +image: onap/sdc-frontend:1.9.0 pullPolicy: Always config: diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml index 7251006d38..257f8b79a5 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml @@ -122,9 +122,9 @@ spec: - containerPort: {{ .Values.service.internalPort2 }} {{ if eq .Values.liveness.enabled true }} livenessProbe: - exec: - command: - - "/var/lib/jetty/ready-probe.sh" + httpGet: + path: /onboarding-api/v1.0/healthcheck + port: {{ .Values.service.internalPort2 }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} @@ -132,18 +132,18 @@ spec: failureThreshold: {{ .Values.liveness.failureThreshold }} {{ end }} readinessProbe: - exec: - command: - - "/var/lib/jetty/ready-probe.sh" + httpGet: + path: /onboarding-api/v1.0/healthcheck + port: {{ .Values.service.internalPort2 }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} successThreshold: {{ .Values.readiness.successThreshold }} failureThreshold: {{ .Values.readiness.failureThreshold }} startupProbe: - exec: - command: - - "/var/lib/jetty/ready-probe.sh" + httpGet: + path: /onboarding-api/v1.0/healthcheck + port: {{ .Values.service.internalPort2 }} initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }} periodSeconds: {{ .Values.startup.periodSeconds }} timeoutSeconds: {{ .Values.startup.timeoutSeconds }} @@ -173,12 +173,12 @@ spec: value: {{ .Values.cert.certDir }} volumeMounts: - name: sdc-environments-output - mountPath: /var/lib/jetty/chef-solo/environments/ + mountPath: /app/jetty/chef-solo/environments/ - name: sdc-environments-output - mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12 + mountPath: /app/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - name: sdc-environments-output - mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks + mountPath: /app/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime @@ -193,7 +193,7 @@ spec: lifecycle: postStart: exec: - command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/onboarding-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] + command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/app/jetty/config/onboarding-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] # side car containers - name: {{ include "common.name" . }}-filebeat-onap image: {{ include "repositoryGenerator.image.logging" . }} diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml index f26a0208b9..f09958e811 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml @@ -59,8 +59,8 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-onboard-backend:1.8.5 -onboardingInitImage: onap/sdc-onboard-cassandra-init:1.8.5 +image: onap/sdc-onboard-backend:1.9.0 +onboardingInitImage: onap/sdc-onboard-cassandra-init:1.9.0 pullPolicy: Always # flag to enable debugging - application support required @@ -141,7 +141,7 @@ persistence: ##Certificate storage persistence ##This is temporary solution for SDC-1980 cert: - certDir: /var/lib/jetty/cert + certDir: /app/jetty/cert persistence: enabled: true size: 10Mi diff --git a/kubernetes/sdc/requirements.yaml b/kubernetes/sdc/requirements.yaml index 2f2cb6c373..1f9b2d1600 100644 --- a/kubernetes/sdc/requirements.yaml +++ b/kubernetes/sdc/requirements.yaml @@ -37,4 +37,4 @@ dependencies: - name: sdc-helm-validator version: ~8.x-0 repository: 'file://components/sdc-helm-validator' - condition: sdc-helm-validator.enabled + condition: sdcHelmValidator.enabled diff --git a/kubernetes/sdc/resources/config/environments/AUTO.json b/kubernetes/sdc/resources/config/environments/AUTO.json index 79428f73c6..d01f8557f3 100755 --- a/kubernetes/sdc/resources/config/environments/AUTO.json +++ b/kubernetes/sdc/resources/config/environments/AUTO.json @@ -46,6 +46,14 @@ "VnfRepo": { "vnfRepoPort": "{{.Values.config.environment.vnfRepoPort}}", "vnfRepoHost": "refrepo.{{include "common.namespace" .}}" + }, + "HelmValidator": { + "validator_enabled": "{{.Values.sdcHelmValidator.enabled}}", + "helm_version": "{{.Values.sdcHelmValidator.helmVersion}}", + "deployable": "{{.Values.sdcHelmValidator.deployable}}", + "lintable": "{{.Values.sdcHelmValidator.lintable}}", + "strict_lintable": "{{.Values.sdcHelmValidator.strictLintable}}", + "validator_url": "{{.Values.sdcHelmValidator.url}}" } }, "override_attributes": { diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml index b7476a584e..cd3dc1e5fd 100644 --- a/kubernetes/sdc/values.yaml +++ b/kubernetes/sdc/values.yaml @@ -63,5 +63,10 @@ cassandra: # dependency / sub-chart configuration sdc-wfd: enabled: true -sdc-helm-validator: +sdcHelmValidator: enabled: true + helmVersion: 3.5.2 + deployable: true + lintable: false + strictLintable: false + url: http://sdc-helm-validator:8080/validate |