aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/Makefile4
-rw-r--r--kubernetes/aaf/charts/aaf-locate/values.yaml30
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml4
-rwxr-xr-xkubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties6
-rwxr-xr-xkubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml9
-rwxr-xr-xkubernetes/cds/charts/cds-blueprints-processor/values.yaml12
-rwxr-xr-xkubernetes/cds/charts/cds-py-executor/Chart.yaml18
-rwxr-xr-xkubernetes/cds/charts/cds-py-executor/requirements.yaml18
-rwxr-xr-xkubernetes/cds/charts/cds-py-executor/templates/deployment.yaml90
-rw-r--r--kubernetes/cds/charts/cds-py-executor/templates/secret.yaml15
-rwxr-xr-xkubernetes/cds/charts/cds-py-executor/templates/service.yaml15
-rwxr-xr-xkubernetes/cds/charts/cds-py-executor/values.yaml120
-rw-r--r--kubernetes/cds/values.yaml7
-rw-r--r--kubernetes/common/Makefile4
-rw-r--r--kubernetes/common/cassandra/requirements.yaml2
-rw-r--r--kubernetes/common/dgbuilder/requirements.yaml2
-rw-r--r--kubernetes/common/elasticsearch/components/curator/requirements.yaml2
-rw-r--r--kubernetes/common/elasticsearch/components/data/requirements.yaml2
-rw-r--r--kubernetes/common/elasticsearch/components/master/requirements.yaml2
-rw-r--r--kubernetes/common/elasticsearch/requirements.yaml3
-rw-r--r--kubernetes/common/etcd/requirements.yaml2
-rw-r--r--kubernetes/common/mariadb-galera/values.yaml2
-rw-r--r--kubernetes/common/mongo/requirements.yaml2
-rw-r--r--kubernetes/common/music/charts/music-cassandra/requirements.yaml2
-rw-r--r--kubernetes/common/music/requirements.yaml2
-rw-r--r--kubernetes/common/network-name-gen/requirements.yaml6
-rw-r--r--kubernetes/common/postgres/requirements.yaml2
-rw-r--r--kubernetes/common/postgres/values.yaml6
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml2
-rw-r--r--kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml13
-rw-r--r--kubernetes/dcaegen2/values.yaml2
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/values.yaml1
-rw-r--r--kubernetes/esr/charts/esr-gui/templates/deployment.yaml33
-rw-r--r--kubernetes/esr/charts/esr-server/templates/deployment.yaml29
-rwxr-xr-xkubernetes/helm/plugins/deploy/deploy.sh6
-rw-r--r--kubernetes/modeling/charts/modeling-etsicatalog/values.yaml2
-rw-r--r--kubernetes/policy/charts/drools/values.yaml2
-rw-r--r--kubernetes/policy/charts/policy-distribution/resources/config/config.json16
-rw-r--r--kubernetes/policy/charts/policy-distribution/templates/deployment.yaml36
-rw-r--r--kubernetes/policy/charts/policy-distribution/templates/secrets.yaml15
-rw-r--r--kubernetes/policy/charts/policy-distribution/values.yaml43
-rw-r--r--kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties2
-rw-r--r--kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml11
-rw-r--r--kubernetes/portal/charts/portal-app/values.yaml2
-rw-r--r--kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql2
m---------kubernetes/robot0
-rw-r--r--kubernetes/sdnc/Makefile6
-rw-r--r--kubernetes/sdnc/components/Makefile51
-rw-r--r--kubernetes/sdnc/components/sdnc-prom/Chart.yaml (renamed from kubernetes/sdnc/sdnc-prom/Chart.yaml)0
-rw-r--r--kubernetes/sdnc/components/sdnc-prom/requirements.yaml (renamed from kubernetes/sdnc/sdnc-prom/requirements.yaml)0
-rwxr-xr-xkubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh (renamed from kubernetes/sdnc/sdnc-prom/resources/bin/ensureSdncActive.sh)0
-rwxr-xr-xkubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh (renamed from kubernetes/sdnc/sdnc-prom/resources/bin/ensureSdncStandby.sh)0
-rwxr-xr-xkubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh (renamed from kubernetes/sdnc/sdnc-prom/resources/bin/prom.sh)0
-rwxr-xr-xkubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.cluster (renamed from kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.cluster)0
-rwxr-xr-xkubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.dnsswitch (renamed from kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.dnsswitch)0
-rwxr-xr-xkubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.failover (renamed from kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.failover)0
-rwxr-xr-xkubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.monitor (renamed from kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.monitor)0
-rwxr-xr-xkubernetes/sdnc/components/sdnc-prom/resources/bin/switchVoting.sh (renamed from kubernetes/sdnc/sdnc-prom/resources/bin/switchVoting.sh)0
-rw-r--r--kubernetes/sdnc/components/sdnc-prom/resources/config/config.json (renamed from kubernetes/sdnc/sdnc-prom/resources/config/config.json)0
-rw-r--r--kubernetes/sdnc/components/sdnc-prom/resources/config/healthchecks.json (renamed from kubernetes/sdnc/sdnc-prom/resources/config/healthchecks.json)0
-rw-r--r--kubernetes/sdnc/components/sdnc-prom/templates/configmap.yaml (renamed from kubernetes/sdnc/sdnc-prom/templates/configmap.yaml)0
-rw-r--r--kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml (renamed from kubernetes/sdnc/sdnc-prom/templates/deployment.yaml)0
-rw-r--r--kubernetes/sdnc/components/sdnc-prom/templates/pv.yaml (renamed from kubernetes/sdnc/sdnc-prom/templates/pv.yaml)0
-rw-r--r--kubernetes/sdnc/components/sdnc-prom/templates/pvc.yaml (renamed from kubernetes/sdnc/sdnc-prom/templates/pvc.yaml)0
-rw-r--r--kubernetes/sdnc/components/sdnc-prom/values.yaml (renamed from kubernetes/sdnc/sdnc-prom/values.yaml)0
-rwxr-xr-xkubernetes/so/charts/so-bpmn-infra/values.yaml2
-rwxr-xr-xkubernetes/so/charts/so-catalog-db-adapter/values.yaml2
-rw-r--r--kubernetes/so/charts/so-monitoring/values.yaml2
-rwxr-xr-xkubernetes/so/charts/so-nssmf-adapter/values.yaml2
-rwxr-xr-xkubernetes/so/charts/so-openstack-adapter/values.yaml2
-rwxr-xr-xkubernetes/so/charts/so-request-db-adapter/values.yaml2
-rwxr-xr-xkubernetes/so/charts/so-sdc-controller/values.yaml2
-rwxr-xr-xkubernetes/so/charts/so-sdnc-adapter/values.yaml2
-rwxr-xr-xkubernetes/so/charts/so-ve-vnfm-adapter/values.yaml2
-rwxr-xr-xkubernetes/so/charts/so-vfc-adapter/values.yaml2
-rwxr-xr-xkubernetes/so/charts/so-vnfm-adapter/values.yaml2
-rwxr-xr-xkubernetes/so/values.yaml2
-rw-r--r--kubernetes/vnfsdk/resources/config/configuration.xml35
-rw-r--r--kubernetes/vnfsdk/templates/configmap.yaml2
-rw-r--r--kubernetes/vnfsdk/templates/deployment.yaml33
-rw-r--r--kubernetes/vnfsdk/templates/job.yaml6
-rw-r--r--kubernetes/vnfsdk/templates/secrets.yaml16
-rw-r--r--kubernetes/vnfsdk/values.yaml21
83 files changed, 693 insertions, 107 deletions
diff --git a/kubernetes/Makefile b/kubernetes/Makefile
index 7150f10c1f..ee9e8d980b 100644
--- a/kubernetes/Makefile
+++ b/kubernetes/Makefile
@@ -28,9 +28,9 @@ endif
SUBMODS := robot aai
EXCLUDES := config oneclick readiness test dist helm $(PARENT_CHART) dcae $(SUBMODS)
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) $(PARENT_CHART)
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) $(PARENT_CHART)
-.PHONY: $(EXCLUDES) $(HELM_CHARTS) $(SUBMODS)
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
all: $(COMMON_CHARTS_DIR) $(SUBMODS) $(HELM_CHARTS) plugins
diff --git a/kubernetes/aaf/charts/aaf-locate/values.yaml b/kubernetes/aaf/charts/aaf-locate/values.yaml
index 47b2f205e5..01a5ab158a 100644
--- a/kubernetes/aaf/charts/aaf-locate/values.yaml
+++ b/kubernetes/aaf/charts/aaf-locate/values.yaml
@@ -62,18 +62,18 @@ ingress:
# Configure resource requests and limits
resources:
- small:
- limits:
- cpu: 100m
- memory: 320Mi
- requests:
- cpu: 1m
- memory: 210Mi
- large:
- limits:
- cpu: 400m
- memory: 1Gi
- requests:
- cpu: 40m
- memory: 500Mi
- unlimited: {}
+ small:
+ limits:
+ cpu: 500m
+ memory: 320Mi
+ requests:
+ cpu: 1m
+ memory: 210Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1Gi
+ requests:
+ cpu: 40m
+ memory: 500Mi
+ unlimited: {}
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml
index 3f7782c604..dd04c93bd7 100644
--- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml
@@ -46,8 +46,8 @@ flavor: small
resources:
small:
limits:
- cpu: 20m
- memory: 50Mi
+ cpu: 50m
+ memory: 100Mi
requests:
cpu: 10m
memory: 10Mi
diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties
index 94f3466d9d..05ac61cf57 100755
--- a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties
+++ b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties
@@ -53,9 +53,9 @@ blueprintsprocessor.db.hibernateDialect=org.hibernate.dialect.MySQL5InnoDBDialec
# processor-db endpoint
blueprintsprocessor.db.processor-db.type=maria-db
-blueprintsprocessor.db.processor-db.url=jdbc:mysql://{{.Values.config.cdsDB.dbServer}}:{{.Values.config.cdsDB.dbPort}}/{{.Values.config.cdsDB.dbName}}
-blueprintsprocessor.db.processor-db.username=root
-blueprintsprocessor.db.processor-db.password=${CDS_DB_ROOT_PASSWORD}
+blueprintsprocessor.db.processor-db.url=jdbc:mysql://{{ .Values.config.sdncDB.dbService }}:{{ .Values.config.sdncDB.dbPort }}/{{.Values.config.sdncDB.dbName}}
+blueprintsprocessor.db.processor-db.username=${SDNC_DB_USERNAME}
+blueprintsprocessor.db.processor-db.password=${SDNC_DB_PASSWORD}
# Python executor
blueprints.processor.functions.python.executor.executionPath=/opt/app/onap/scripts/jython/ccsdk_blueprints
diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml b/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml
index ac0e9c5f80..161cf28d27 100755
--- a/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml
+++ b/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml
@@ -48,15 +48,16 @@ spec:
- sh
args:
- -c
- - "cd /config-input && for PFILE in `ls -1 .`; do envsubst '${CDS_DB_USERNAME},${CDS_DB_PASSWORD},${CDS_DB_ROOT_PASSWORD}' <${PFILE} >/config/${PFILE}; done"
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst '${CDS_DB_USERNAME},${CDS_DB_PASSWORD},${SDNC_DB_USERNAME},${SDNC_DB_PASSWORD}' <${PFILE} >/config/${PFILE}; done"
env:
- name: CDS_DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-db-user-creds" "key" "login") | indent 10}}
- name: CDS_DB_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-db-user-creds" "key" "password") | indent 10}}
- - name: CDS_DB_ROOT_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-db-root-pass" "key" "password") | indent 10}}
-
+ - name: SDNC_DB_USERNAME
+ value: root
+ - name: SDNC_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-db-root-pass" "key" "password") | indent 10}}
volumeMounts:
- mountPath: /config-input/application.properties
name: {{ include "common.fullname" . }}-config
diff --git a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml
index f120f12072..a14dbad99b 100755
--- a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml
+++ b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml
@@ -51,10 +51,10 @@ secrets:
login: '{{ .Values.config.cdsDB.dbUser }}'
password: '{{ .Values.config.cdsDB.dbPassword }}'
passwordPolicy: required
- - uid: 'cds-db-root-pass'
+ - uid: 'sdnc-db-root-pass'
type: password
- externalSecret: '{{ tpl (default "" .Values.config.cdsDB.dbRootPassExternalSecret) . }}'
- password: '{{ .Values.config.cdsDB.dbRootPassword }}'
+ externalSecret: '{{ tpl (default "" .Values.config.sdncDB.dbRootPassExternalSecret) . }}'
+ password: '{{ .Values.config.sdncDB.dbRootPass }}'
passwordPolicy: required
#################################################################
@@ -72,6 +72,12 @@ debugEnabled: false
config:
appConfigDir: /opt/app/onap/config
useScriptCompileCache: true
+ sdncDB:
+ dbService: mariadb-galera
+ dbPort: 3306
+ dbName: sdnctl
+ #dbRootPass: Custom root password
+ dbRootPassExternalSecret: '{{ include "common.mariadb.secret.rootPassSecretName" ( dict "dot" . "chartName" .Values.config.sdncDB.dbService ) }}'
cdsDB:
dbServer: cds-db
dbPort: 3306
diff --git a/kubernetes/cds/charts/cds-py-executor/Chart.yaml b/kubernetes/cds/charts/cds-py-executor/Chart.yaml
new file mode 100755
index 0000000000..41b43c34a3
--- /dev/null
+++ b/kubernetes/cds/charts/cds-py-executor/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright (c) 2020 Bell Canada, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP CDS Py Executor
+name: cds-py-executor
+version: 6.0.0 \ No newline at end of file
diff --git a/kubernetes/cds/charts/cds-py-executor/requirements.yaml b/kubernetes/cds/charts/cds-py-executor/requirements.yaml
new file mode 100755
index 0000000000..676fe8f6b2
--- /dev/null
+++ b/kubernetes/cds/charts/cds-py-executor/requirements.yaml
@@ -0,0 +1,18 @@
+# Copyright (c) 2020 Bell Canada, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local' \ No newline at end of file
diff --git a/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml b/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml
new file mode 100755
index 0000000000..f9c3377dd8
--- /dev/null
+++ b/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml
@@ -0,0 +1,90 @@
+# Copyright (c) 2020 Bell Canada, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ command:
+ - bash
+ args:
+ - '-c'
+ - 'AUTH_TOKEN=`echo -n $API_USERNAME:$API_PASSWORD | base64` /opt/app/onap/python/start.sh'
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{- include "common.containerPorts" . | nindent 12 }}
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+ env:
+ - name: APP_PORT
+ value: {{ .Values.config.appPort }}
+ - name: AUTH_TYPE
+ value: {{ .Values.config.authType }}
+ - name: API_USERNAME
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "login") | nindent 12 }}
+ - name: API_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "password") | nindent 12 }}
+ - name: LOG_FILE
+ value: {{ .Values.config.logFile }}
+ - name: ARTIFACT_MANAGER_PORT
+ value: {{ .Values.config.artifactManagerPort }}
+ - name: ARTIFACT_MANAGER_SERVER_LOG_FILE
+ value: {{ .Values.config.artifactManagerLogFile }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: {{ .Values.persistence.deployedBlueprint }}
+ name: {{ include "common.fullname" . }}-blueprints
+ resources:
+{{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | nindent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | nindent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ # Py executor shares the blueprintsprocessor storage (for now) to
+ # share uploaded CBA files. In the future it will be deprecated
+ # when all parts of the CDS will make use of Artifact Manager
+ - name: {{ include "common.fullname" . }}-blueprints
+ persistentVolumeClaim:
+ claimName: {{ include "common.release" . }}-cds-blueprints
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml b/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml
new file mode 100644
index 0000000000..c36607b172
--- /dev/null
+++ b/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright (c) 2020 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }} \ No newline at end of file
diff --git a/kubernetes/cds/charts/cds-py-executor/templates/service.yaml b/kubernetes/cds/charts/cds-py-executor/templates/service.yaml
new file mode 100755
index 0000000000..1267791b6c
--- /dev/null
+++ b/kubernetes/cds/charts/cds-py-executor/templates/service.yaml
@@ -0,0 +1,15 @@
+# Copyright (c) 2020 Bell Canada, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.service" . }} \ No newline at end of file
diff --git a/kubernetes/cds/charts/cds-py-executor/values.yaml b/kubernetes/cds/charts/cds-py-executor/values.yaml
new file mode 100755
index 0000000000..206ae10a75
--- /dev/null
+++ b/kubernetes/cds/charts/cds-py-executor/values.yaml
@@ -0,0 +1,120 @@
+# Copyright (c) 2020 Bell Canada, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific lan`guage governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ # Change to an unused port prefix range to prevent port conflicts
+ # with other instances running within the same k8s cluster
+ nodePortPrefix: 302
+
+ # image repositories
+ repository: nexus3.onap.org:10001
+
+ # readiness check
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+
+ # image pull policy
+ pullPolicy: Always
+
+ persistence:
+ mountPath: /dockerdata-nfs
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/ccsdk-py-executor:0.7.2
+pullPolicy: Always
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ port: 50052
+ initialDelaySeconds: 20
+ periodSeconds: 20
+ timeoutSeconds: 20
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ port: 50052
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 20
+
+service:
+ type: ClusterIP
+ ports:
+ - port: 50052
+ name: executor-grpc
+ - port: 50053
+ name: manager-grpc
+
+secrets:
+ - uid: api-credentials
+ externalSecret: '{{ tpl (default "" .Values.config.authCredentialsExternalSecret) . }}'
+ type: basicAuth
+ login: '{{ .Values.config.apiUsername }}'
+ password: '{{ .Values.config.apiPassword }}'
+ passwordPolicy: required
+
+config:
+ # the api credentials below are used to authenticate communication with blueprint
+ # processor API. Py executor in this context is a client of the blueprint processor
+ apiUsername: ccsdkapps
+ apiPassword: ccsdkapps
+ env:
+ appPort: 50052
+ authType: tls-auth
+ logFile: /dev/stdout
+ artifactManagerPort: 50053
+ artifactManagerLogFile: /dev/stdout
+
+persistence:
+ enabled: true
+ mountSubPath: cds/blueprints/deploy
+ deployedBlueprint: /opt/app/onap/blueprints/deploy
+
+ingress:
+ enabled: false
+
+flavor: small
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 4Gi
+ unlimited: {}
diff --git a/kubernetes/cds/values.yaml b/kubernetes/cds/values.yaml
index 1ead35e234..d04c22beb0 100644
--- a/kubernetes/cds/values.yaml
+++ b/kubernetes/cds/values.yaml
@@ -38,11 +38,6 @@ secrets:
externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "cds-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
- - name: &dbRootPasswordSecretName '{{ include "common.release" . }}-cds-db-root-pass'
- uid: 'cds-db-root-pass'
- type: password
- externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) .) (hasSuffix "cds-db-root-pass" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret"))}}'
- password: '{{ index .Values "mariadb-galera" "config" "mariadbRootPassword" }}'
#################################################################
# Application configuration defaults.
@@ -86,7 +81,6 @@ mariadb-galera:
userName: sdnctl
# userPassword: sdnctl
userCredentialsExternalSecret: *dbUserSecretName
- mariadbRootPasswordExternalSecret: *dbRootPasswordSecretName
mysqlDatabase: &mysqlDbName sdnctl
nameOverride: &dbServer cds-db
service:
@@ -104,7 +98,6 @@ cds-blueprints-processor:
dbPort: 3306
dbName: *mysqlDbName
dbCredsExternalSecret: *dbUserSecretName
- dbRootPassExternalSecret: *dbRootPasswordSecretName
#Resource Limit flavor -By Default using small
flavor: small
diff --git a/kubernetes/common/Makefile b/kubernetes/common/Makefile
index 5bd503e0ff..941c2f84df 100644
--- a/kubernetes/common/Makefile
+++ b/kubernetes/common/Makefile
@@ -20,7 +20,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
COMMON_CHARTS_DIR := common
EXCLUDES :=
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.)))
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@@ -49,4 +49,4 @@ clean:
@rm -f *tgz */charts/*tgz
@rm -rf $(PACKAGE_DIR)
%:
- @: \ No newline at end of file
+ @:
diff --git a/kubernetes/common/cassandra/requirements.yaml b/kubernetes/common/cassandra/requirements.yaml
index bab2c4befc..90e6621aa3 100644
--- a/kubernetes/common/cassandra/requirements.yaml
+++ b/kubernetes/common/cassandra/requirements.yaml
@@ -16,4 +16,4 @@
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../common'
diff --git a/kubernetes/common/dgbuilder/requirements.yaml b/kubernetes/common/dgbuilder/requirements.yaml
index 7d56bf28ef..4735901dfa 100644
--- a/kubernetes/common/dgbuilder/requirements.yaml
+++ b/kubernetes/common/dgbuilder/requirements.yaml
@@ -15,4 +15,4 @@
dependencies:
- name: common
version: ~6.x-0
- repository: '@local' \ No newline at end of file
+ repository: 'file://../common'
diff --git a/kubernetes/common/elasticsearch/components/curator/requirements.yaml b/kubernetes/common/elasticsearch/components/curator/requirements.yaml
index ff65593469..e9a5a5f61a 100644
--- a/kubernetes/common/elasticsearch/components/curator/requirements.yaml
+++ b/kubernetes/common/elasticsearch/components/curator/requirements.yaml
@@ -15,4 +15,4 @@
dependencies:
- name: common
version: ~6.x-0
- repository: '@local' \ No newline at end of file
+ repository: 'file://../../../common'
diff --git a/kubernetes/common/elasticsearch/components/data/requirements.yaml b/kubernetes/common/elasticsearch/components/data/requirements.yaml
index 6a61926e9e..a1f72ffc60 100644
--- a/kubernetes/common/elasticsearch/components/data/requirements.yaml
+++ b/kubernetes/common/elasticsearch/components/data/requirements.yaml
@@ -15,4 +15,4 @@
dependencies:
- name: common
version: ~6.x-0
- repository: '@local' \ No newline at end of file
+ repository: 'file://../../../common'
diff --git a/kubernetes/common/elasticsearch/components/master/requirements.yaml b/kubernetes/common/elasticsearch/components/master/requirements.yaml
index 6a61926e9e..a1f72ffc60 100644
--- a/kubernetes/common/elasticsearch/components/master/requirements.yaml
+++ b/kubernetes/common/elasticsearch/components/master/requirements.yaml
@@ -15,4 +15,4 @@
dependencies:
- name: common
version: ~6.x-0
- repository: '@local' \ No newline at end of file
+ repository: 'file://../../../common'
diff --git a/kubernetes/common/elasticsearch/requirements.yaml b/kubernetes/common/elasticsearch/requirements.yaml
index 84fa71c6e6..8a02fef7b7 100644
--- a/kubernetes/common/elasticsearch/requirements.yaml
+++ b/kubernetes/common/elasticsearch/requirements.yaml
@@ -15,7 +15,7 @@
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../common'
- name: master
version: ~6.x-0
repository: 'file://components/master'
@@ -27,4 +27,3 @@ dependencies:
version: ~6.x-0
repository: 'file://components/curator'
condition: elasticsearch.curator.enabled,curator.enabled
-
diff --git a/kubernetes/common/etcd/requirements.yaml b/kubernetes/common/etcd/requirements.yaml
index facbc4434e..e90e615d73 100644
--- a/kubernetes/common/etcd/requirements.yaml
+++ b/kubernetes/common/etcd/requirements.yaml
@@ -15,4 +15,4 @@
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../common'
diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml
index 6decff2463..af08ea3d58 100644
--- a/kubernetes/common/mariadb-galera/values.yaml
+++ b/kubernetes/common/mariadb-galera/values.yaml
@@ -129,7 +129,7 @@ ingress:
## Configure MariaDB-Galera with a custom my.cnf file
## ref: https://mariadb.com/kb/en/mariadb/configuring-mariadb-with-mycnf/#example-of-configuration-file
##
-externalConfig: {}
+externalConfig: ""
# externalConfig: |-
# [mysqld]
# innodb_buffer_pool_size=2G
diff --git a/kubernetes/common/mongo/requirements.yaml b/kubernetes/common/mongo/requirements.yaml
index f99477141f..6ba617e990 100644
--- a/kubernetes/common/mongo/requirements.yaml
+++ b/kubernetes/common/mongo/requirements.yaml
@@ -15,4 +15,4 @@
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../common'
diff --git a/kubernetes/common/music/charts/music-cassandra/requirements.yaml b/kubernetes/common/music/charts/music-cassandra/requirements.yaml
index 38536fcd78..0a80d654d0 100644
--- a/kubernetes/common/music/charts/music-cassandra/requirements.yaml
+++ b/kubernetes/common/music/charts/music-cassandra/requirements.yaml
@@ -15,4 +15,4 @@
dependencies:
- name: common
version: ~6.x-0
- repository: '@local' \ No newline at end of file
+ repository: 'file://../../../common'
diff --git a/kubernetes/common/music/requirements.yaml b/kubernetes/common/music/requirements.yaml
index a7089ea6b3..1c428d214e 100644
--- a/kubernetes/common/music/requirements.yaml
+++ b/kubernetes/common/music/requirements.yaml
@@ -15,4 +15,4 @@
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../common'
diff --git a/kubernetes/common/network-name-gen/requirements.yaml b/kubernetes/common/network-name-gen/requirements.yaml
index 8152196ab5..8c2277c210 100644
--- a/kubernetes/common/network-name-gen/requirements.yaml
+++ b/kubernetes/common/network-name-gen/requirements.yaml
@@ -15,12 +15,12 @@
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../common'
- name: mariadb-galera
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../mariadb-galera'
condition: global.mariadbGalera.localCluster
- name: mariadb-init
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../mariadb-init'
condition: not global.mariadbGalera.localCluster
diff --git a/kubernetes/common/postgres/requirements.yaml b/kubernetes/common/postgres/requirements.yaml
index 76afd96b98..6f898b6171 100644
--- a/kubernetes/common/postgres/requirements.yaml
+++ b/kubernetes/common/postgres/requirements.yaml
@@ -15,4 +15,4 @@
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../common'
diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml
index 10f9405de6..a5a416329b 100644
--- a/kubernetes/common/postgres/values.yaml
+++ b/kubernetes/common/postgres/values.yaml
@@ -58,9 +58,9 @@ pullPolicy: Always
config:
pgUserName: testuser
pgDatabase: userdb
- pgPrimaryPassword: password
- pgUserPassword: password
- pgRootPassword: password
+ # pgPrimaryPassword: password
+ # pgUserPassword: password
+ # pgRootPassword: password
container:
name:
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
index 5fcd916989..a9cac8beac 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
@@ -107,7 +107,7 @@ mongo:
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.5
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.6
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml
index 9bee0510cd..8a03e90333 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml
@@ -65,6 +65,19 @@ spec:
volumeMounts:
- mountPath: /opt/app/osaaf
name: tls-info
+ {{- if .Values.persistence.enabled }}
+ - name: remove-lost-found
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /cfy-persist
+ name: cm-persistent
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - "rm -rf '/cfy-persist/lost+found';"
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml
index 25ddfc7558..aff40d4a6a 100644
--- a/kubernetes/dcaegen2/values.yaml
+++ b/kubernetes/dcaegen2/values.yaml
@@ -22,5 +22,7 @@ global:
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
consulLoaderRepository: nexus3.onap.org:10001
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
+ busyboxRepository: docker.io
+ busyboxImage: library/busybox:1.30
redis:
replicaCount: 6
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
index 5c32d9950d..8b44e160ba 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
@@ -144,6 +144,7 @@ service:
type: NodePort
name: dmaap-dr-node
useNodePortExt: true
+ both_tls_and_plain: true
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
ports:
diff --git a/kubernetes/esr/charts/esr-gui/templates/deployment.yaml b/kubernetes/esr/charts/esr-gui/templates/deployment.yaml
index 9319485ddf..9c70d327d7 100644
--- a/kubernetes/esr/charts/esr-gui/templates/deployment.yaml
+++ b/kubernetes/esr/charts/esr-gui/templates/deployment.yaml
@@ -31,6 +31,27 @@ spec:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ securityContext:
+ runAsUser: 1000
+ runAsGroup: 1001
+ fsGroup: 1001
+ initContainers:
+ - command:
+ - cp
+ args:
+ - -r
+ - -T
+ - /home/esr/tomcat
+ - /opt/tomcat
+ securityContext:
+ privileged: true
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: create-tomcat-dir
+ volumeMounts:
+ - name: tomcat-workdir
+ mountPath: /opt/tomcat
+
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -54,15 +75,23 @@ spec:
env:
- name: MSB_ADDR
value: {{ tpl .Values.msbaddr . }}
+ volumeMounts:
+ - name: tomcat-workdir
+ mountPath: /home/esr/tomcat/
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
+ nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
+ affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+
+ volumes:
+ - name: tomcat-workdir
+ emptyDir: {}
+
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/esr/charts/esr-server/templates/deployment.yaml b/kubernetes/esr/charts/esr-server/templates/deployment.yaml
index d6704285d0..995a409d8a 100644
--- a/kubernetes/esr/charts/esr-server/templates/deployment.yaml
+++ b/kubernetes/esr/charts/esr-server/templates/deployment.yaml
@@ -31,6 +31,27 @@ spec:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ securityContext:
+ runAsUser: 1000
+ runAsGroup: 1001
+ fsGroup: 1001
+ initContainers:
+ - command:
+ - cp
+ args:
+ - -r
+ - -T
+ - /home/esr/conf
+ - /opt/conf
+ securityContext:
+ privileged: true
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: create-conf-dir
+ volumeMounts:
+ - name: conf-dir
+ mountPath: /opt/conf
+
containers:
- name: {{ .Chart.Name }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -60,6 +81,8 @@ spec:
readOnly: true
- mountPath: /home/esr/works/logs
name: {{ include "common.fullname" . }}-logs
+ - mountPath: /home/esr/conf
+ name: conf-dir
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -72,6 +95,9 @@ spec:
{{- end }}
# Filebeat sidecar container
- name: {{ include "common.name" . }}-filebeat-onap
+ securityContext:
+ runAsUser: 1000
+ runAsGroup: 1000
image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
@@ -99,5 +125,8 @@ spec:
emptyDir: {}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
+ - name: conf-dir
+ emptyDir: {}
+
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/helm/plugins/deploy/deploy.sh b/kubernetes/helm/plugins/deploy/deploy.sh
index 3da189b908..bb98a3b95e 100755
--- a/kubernetes/helm/plugins/deploy/deploy.sh
+++ b/kubernetes/helm/plugins/deploy/deploy.sh
@@ -151,9 +151,6 @@ deploy() {
# clear previously cached charts
rm -rf $CACHE_DIR
- # create log driectory
- mkdir -p $LOG_DIR
-
# fetch umbrella chart (parent chart containing subcharts)
if [[ -d "$CHART_URL" ]]; then
mkdir -p $CHART_DIR
@@ -169,6 +166,9 @@ deploy() {
helm fetch $CHART_URL --untar --untardir $CACHE_DIR $VERSION
fi
+ # create log driectory
+ mkdir -p $LOG_DIR
+
# move out subcharts to process separately
mkdir -p $CACHE_SUBCHART_DIR
mv $CHART_DIR/charts/* $CACHE_SUBCHART_DIR/
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml
index a278a47e4a..30ca493775 100644
--- a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml
+++ b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml
@@ -62,7 +62,7 @@ mariadb-galera:
flavor: small
repository: nexus3.onap.org:10001
-image: onap/modeling/etsicatalog:1.0.5
+image: onap/modeling/etsicatalog:1.0.6
pullPolicy: Always
#Istio sidecar injection policy
diff --git a/kubernetes/policy/charts/drools/values.yaml b/kubernetes/policy/charts/drools/values.yaml
index 0126c6e06b..3552b2e2f6 100644
--- a/kubernetes/policy/charts/drools/values.yaml
+++ b/kubernetes/policy/charts/drools/values.yaml
@@ -82,7 +82,7 @@ ingress:
# Default installation values to be overridden
server:
- jvmOpts: -server -Xms1024m -Xmx2048m
+ jvmOpts: -server -XshowSettings:vm
aaf:
enabled: "false"
diff --git a/kubernetes/policy/charts/policy-distribution/resources/config/config.json b/kubernetes/policy/charts/policy-distribution/resources/config/config.json
index 906263343a..4c42ed2353 100644
--- a/kubernetes/policy/charts/policy-distribution/resources/config/config.json
+++ b/kubernetes/policy/charts/policy-distribution/resources/config/config.json
@@ -21,8 +21,8 @@
"restServerParameters":{
"host":"0.0.0.0",
"port":6969,
- "userName":"healthcheck",
- "password":"zb!XztG34",
+ "userName":"${RESTSERVER_USER}",
+ "password":"${RESTSERVER_PASSWORD}",
"https":true
},
"receptionHandlerParameters":{
@@ -61,8 +61,8 @@
"messageBusAddress": [
"message-router"
],
- "user": "policy",
- "password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U",
+ "user": "${SDCBE_USER}",
+ "password": "${SDCBE_PASSWORD}",
"pollingInterval":20,
"pollingTimeout":30,
"consumerId": "policy-id",
@@ -107,14 +107,14 @@
"apiParameters": {
"hostName": "policy-api",
"port": 6969,
- "userName": "healthcheck",
- "password": "zb!XztG34"
+ "userName": "${API_USER}",
+ "password": "${API_PASSWORD}"
},
"papParameters": {
"hostName": "policy-pap",
"port": 6969,
- "userName": "healthcheck",
- "password": "zb!XztG34"
+ "userName": "${PAP_USER}",
+ "password": "${PAP_PASSWORD}"
},
"isHttps": true,
"deployPolicies": true
diff --git a/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml b/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml
index 65961d8f8b..b3b017acd3 100644
--- a/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml
+++ b/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml
@@ -16,6 +16,37 @@ spec:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: RESTSERVER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
+ - name: RESTSERVER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }}
+ - name: API_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "apiparameters-creds" "key" "login") | indent 10 }}
+ - name: API_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "apiparameters-creds" "key" "password") | indent 10 }}
+ - name: PAP_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "papparameters-creds" "key" "login") | indent 10 }}
+ - name: PAP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "papparameters-creds" "key" "password") | indent 10 }}
+ - name: SDCBE_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdcbe-creds" "key" "login") | indent 10 }}
+ - name: SDCBE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdcbe-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: distributionconfig-input
+ - mountPath: /config
+ name: distributionconfig
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -58,9 +89,12 @@ spec:
- name: localtime
hostPath:
path: /etc/localtime
- - name: distributionconfig
+ - name: distributionconfig-input
configMap:
name: {{ include "common.fullname" . }}-configmap
defaultMode: 0755
+ - name: distributionconfig
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/policy/charts/policy-distribution/templates/secrets.yaml b/kubernetes/policy/charts/policy-distribution/templates/secrets.yaml
new file mode 100644
index 0000000000..bd7eb8ea40
--- /dev/null
+++ b/kubernetes/policy/charts/policy-distribution/templates/secrets.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/charts/policy-distribution/values.yaml b/kubernetes/policy/charts/policy-distribution/values.yaml
index 835bfc4656..c8d24e5563 100644
--- a/kubernetes/policy/charts/policy-distribution/values.yaml
+++ b/kubernetes/policy/charts/policy-distribution/values.yaml
@@ -18,10 +18,40 @@
# ============LICENSE_END=========================================================
#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: restserver-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ login: '{{ .Values.restServer.user }}'
+ password: '{{ .Values.restServer.password }}'
+ passwordPolicy: required
+ - uid: apiparameters-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.apiParameters.credsExternalSecret) . }}'
+ login: '{{ .Values.apiParameters.user }}'
+ password: '{{ .Values.apiParameters.password }}'
+ passwordPolicy: required
+ - uid: papparameters-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.papParameters.credsExternalSecret) . }}'
+ login: '{{ .Values.papParameters.user }}'
+ password: '{{ .Values.papParameters.password }}'
+ passwordPolicy: required
+ - uid: sdcbe-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.sdcBe.credsExternalSecret) . }}'
+ login: '{{ .Values.sdcBe.user }}'
+ password: '{{ .Values.sdcBe.password }}'
+ passwordPolicy: required
+
+#################################################################
# Global configuration defaults.
#################################################################
global:
persistence: {}
+ envsubstImage: dibi/envsubst
#################################################################
# Application configuration defaults.
@@ -36,6 +66,19 @@ debugEnabled: false
# application configuration
+restServer:
+ user: healthcheck
+ password: zb!XztG34
+apiParameters:
+ user: healthcheck
+ password: zb!XztG34
+papParameters:
+ user: healthcheck
+ password: zb!XztG34
+sdcBe:
+ user: policy
+ password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+
# default number of instances
replicaCount: 1
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties
index f2c2cd7765..c7e4ad197e 100644
--- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties
+++ b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties
@@ -50,4 +50,4 @@ xacml.pip.engines=count-recent-operations,get-operation-outcome
javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver
javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/operationshistory
javax.persistence.jdbc.user=${SQL_USER}
-javax.persistence.jdbc.password=${SQL_PASSWORD}
+javax.persistence.jdbc.password=${SQL_PASSWORD_BASE64}
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml
index 9ac5d68a89..bd126b810b 100644
--- a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml
+++ b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml
@@ -35,7 +35,7 @@ spec:
- sh
args:
- -c
- - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- name: RESTSERVER_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
@@ -45,6 +45,10 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "login") | indent 10 }}
- name: API_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "password") | indent 10 }}
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input
name: pdpxconfig
@@ -59,11 +63,6 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"]
args: ["/opt/app/policy/pdpx/etc/mounted/config.json"]
- env:
- - name: SQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
- - name: SQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
diff --git a/kubernetes/portal/charts/portal-app/values.yaml b/kubernetes/portal/charts/portal-app/values.yaml
index 8d18fd0dbd..01bc0dab93 100644
--- a/kubernetes/portal/charts/portal-app/values.yaml
+++ b/kubernetes/portal/charts/portal-app/values.yaml
@@ -32,7 +32,7 @@ global:
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-app:3.2.0
+image: onap/portal-app:3.2.1
pullPolicy: Always
#AAF local config
diff --git a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql
index 13b319c76a..7502e9322a 100644
--- a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql
+++ b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql
@@ -78,7 +78,7 @@ update fn_app set app_username='aaiui', app_password='4LK69amiIFtuzcl6Gsv97Tt7ML
/*
Replace spaces with underscores for role names to match AAF role names
*/
-UPDATE fn_role SET role_name= REPLACE(role_name, ' ', '_') WHERE active_yn= 'Y';
+UPDATE fn_role SET role_name= REPLACE(role_name, ' ', '_') WHERE active_yn= 'Y' AND role_id NOT IN (999);
/*
diff --git a/kubernetes/robot b/kubernetes/robot
-Subproject c81062626b69160145baac5e6a5d670cb67211f
+Subproject fc6143a31ef4a55d649f8e5384f661671274331
diff --git a/kubernetes/sdnc/Makefile b/kubernetes/sdnc/Makefile
index d634a8c506..e4b5dda95d 100644
--- a/kubernetes/sdnc/Makefile
+++ b/kubernetes/sdnc/Makefile
@@ -18,8 +18,8 @@ OUTPUT_DIR := $(ROOT_DIR)/../dist
PACKAGE_DIR := $(OUTPUT_DIR)/packages
SECRET_DIR := $(OUTPUT_DIR)/secrets
-EXCLUDES :=
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.)))
+EXCLUDES := dist resources templates charts
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@@ -48,4 +48,4 @@ clean:
@rm -f *tgz */charts/*tgz
@rm -rf $(PACKAGE_DIR)
%:
- @: \ No newline at end of file
+ @:
diff --git a/kubernetes/sdnc/components/Makefile b/kubernetes/sdnc/components/Makefile
new file mode 100644
index 0000000000..4e737638a6
--- /dev/null
+++ b/kubernetes/sdnc/components/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# FIXME OOM-765
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
diff --git a/kubernetes/sdnc/sdnc-prom/Chart.yaml b/kubernetes/sdnc/components/sdnc-prom/Chart.yaml
index 54fb337f04..54fb337f04 100644
--- a/kubernetes/sdnc/sdnc-prom/Chart.yaml
+++ b/kubernetes/sdnc/components/sdnc-prom/Chart.yaml
diff --git a/kubernetes/sdnc/sdnc-prom/requirements.yaml b/kubernetes/sdnc/components/sdnc-prom/requirements.yaml
index e4c7240290..e4c7240290 100644
--- a/kubernetes/sdnc/sdnc-prom/requirements.yaml
+++ b/kubernetes/sdnc/components/sdnc-prom/requirements.yaml
diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/ensureSdncActive.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh
index fb24653129..fb24653129 100755
--- a/kubernetes/sdnc/sdnc-prom/resources/bin/ensureSdncActive.sh
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh
diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/ensureSdncStandby.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh
index 8dd84bd3ea..8dd84bd3ea 100755
--- a/kubernetes/sdnc/sdnc-prom/resources/bin/ensureSdncStandby.sh
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh
diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/prom.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh
index c93ba24bd7..c93ba24bd7 100755
--- a/kubernetes/sdnc/sdnc-prom/resources/bin/prom.sh
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh
diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.cluster b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.cluster
index bdfa1a440b..bdfa1a440b 100755
--- a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.cluster
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.cluster
diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.dnsswitch b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.dnsswitch
index 209352c4e3..209352c4e3 100755
--- a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.dnsswitch
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.dnsswitch
diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.failover b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.failover
index e78b7eeee3..e78b7eeee3 100755
--- a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.failover
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.failover
diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.monitor b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.monitor
index 0042ac368a..0042ac368a 100755
--- a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.monitor
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.monitor
diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/switchVoting.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/switchVoting.sh
index f13196e7e8..f13196e7e8 100755
--- a/kubernetes/sdnc/sdnc-prom/resources/bin/switchVoting.sh
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/switchVoting.sh
diff --git a/kubernetes/sdnc/sdnc-prom/resources/config/config.json b/kubernetes/sdnc/components/sdnc-prom/resources/config/config.json
index 54f95c140c..54f95c140c 100644
--- a/kubernetes/sdnc/sdnc-prom/resources/config/config.json
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/config/config.json
diff --git a/kubernetes/sdnc/sdnc-prom/resources/config/healthchecks.json b/kubernetes/sdnc/components/sdnc-prom/resources/config/healthchecks.json
index ea8ceccc0c..ea8ceccc0c 100644
--- a/kubernetes/sdnc/sdnc-prom/resources/config/healthchecks.json
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/config/healthchecks.json
diff --git a/kubernetes/sdnc/sdnc-prom/templates/configmap.yaml b/kubernetes/sdnc/components/sdnc-prom/templates/configmap.yaml
index 927bb1e5be..927bb1e5be 100644
--- a/kubernetes/sdnc/sdnc-prom/templates/configmap.yaml
+++ b/kubernetes/sdnc/components/sdnc-prom/templates/configmap.yaml
diff --git a/kubernetes/sdnc/sdnc-prom/templates/deployment.yaml b/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml
index 7492b5501e..7492b5501e 100644
--- a/kubernetes/sdnc/sdnc-prom/templates/deployment.yaml
+++ b/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml
diff --git a/kubernetes/sdnc/sdnc-prom/templates/pv.yaml b/kubernetes/sdnc/components/sdnc-prom/templates/pv.yaml
index bef2d6a85f..bef2d6a85f 100644
--- a/kubernetes/sdnc/sdnc-prom/templates/pv.yaml
+++ b/kubernetes/sdnc/components/sdnc-prom/templates/pv.yaml
diff --git a/kubernetes/sdnc/sdnc-prom/templates/pvc.yaml b/kubernetes/sdnc/components/sdnc-prom/templates/pvc.yaml
index 9933852f16..9933852f16 100644
--- a/kubernetes/sdnc/sdnc-prom/templates/pvc.yaml
+++ b/kubernetes/sdnc/components/sdnc-prom/templates/pvc.yaml
diff --git a/kubernetes/sdnc/sdnc-prom/values.yaml b/kubernetes/sdnc/components/sdnc-prom/values.yaml
index 7216e81abf..7216e81abf 100644
--- a/kubernetes/sdnc/sdnc-prom/values.yaml
+++ b/kubernetes/sdnc/components/sdnc-prom/values.yaml
diff --git a/kubernetes/so/charts/so-bpmn-infra/values.yaml b/kubernetes/so/charts/so-bpmn-infra/values.yaml
index b04343feef..71c7ceef1a 100755
--- a/kubernetes/so/charts/so-bpmn-infra/values.yaml
+++ b/kubernetes/so/charts/so-bpmn-infra/values.yaml
@@ -57,7 +57,7 @@ secrets:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/bpmn-infra:1.6.0
+image: onap/so/bpmn-infra:1.6.1
pullPolicy: Always
db:
diff --git a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml
index b616abcc06..4d30ae76c2 100755
--- a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml
+++ b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml
@@ -54,7 +54,7 @@ secrets:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/catalog-db-adapter:1.6.0
+image: onap/so/catalog-db-adapter:1.6.1
pullPolicy: Always
db:
diff --git a/kubernetes/so/charts/so-monitoring/values.yaml b/kubernetes/so/charts/so-monitoring/values.yaml
index 910b694245..e3f5c3cc81 100644
--- a/kubernetes/so/charts/so-monitoring/values.yaml
+++ b/kubernetes/so/charts/so-monitoring/values.yaml
@@ -57,7 +57,7 @@ secrets:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/so-monitoring:1.6.0
+image: onap/so/so-monitoring:1.6.1
pullPolicy: Always
db:
diff --git a/kubernetes/so/charts/so-nssmf-adapter/values.yaml b/kubernetes/so/charts/so-nssmf-adapter/values.yaml
index 44536a8a33..6a5f5fbd30 100755
--- a/kubernetes/so/charts/so-nssmf-adapter/values.yaml
+++ b/kubernetes/so/charts/so-nssmf-adapter/values.yaml
@@ -69,7 +69,7 @@ secrets:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/nssmf-adapter:1.6.0
+image: onap/so/nssmf-adapter:1.6.1
pullPolicy: Always
db:
diff --git a/kubernetes/so/charts/so-openstack-adapter/values.yaml b/kubernetes/so/charts/so-openstack-adapter/values.yaml
index ea8dd0d45d..f2cd74d1c9 100755
--- a/kubernetes/so/charts/so-openstack-adapter/values.yaml
+++ b/kubernetes/so/charts/so-openstack-adapter/values.yaml
@@ -51,7 +51,7 @@ secrets:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/openstack-adapter:1.6.0
+image: onap/so/openstack-adapter:1.6.1
pullPolicy: Always
repository: nexus3.onap.org:10001
diff --git a/kubernetes/so/charts/so-request-db-adapter/values.yaml b/kubernetes/so/charts/so-request-db-adapter/values.yaml
index 2f890421e6..9018c099bd 100755
--- a/kubernetes/so/charts/so-request-db-adapter/values.yaml
+++ b/kubernetes/so/charts/so-request-db-adapter/values.yaml
@@ -52,7 +52,7 @@ secrets:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/request-db-adapter:1.6.0
+image: onap/so/request-db-adapter:1.6.1
pullPolicy: Always
db:
diff --git a/kubernetes/so/charts/so-sdc-controller/values.yaml b/kubernetes/so/charts/so-sdc-controller/values.yaml
index a38e256615..31fdb63b45 100755
--- a/kubernetes/so/charts/so-sdc-controller/values.yaml
+++ b/kubernetes/so/charts/so-sdc-controller/values.yaml
@@ -52,7 +52,7 @@ secrets:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/sdc-controller:1.6.0
+image: onap/so/sdc-controller:1.6.1
pullPolicy: Always
db:
diff --git a/kubernetes/so/charts/so-sdnc-adapter/values.yaml b/kubernetes/so/charts/so-sdnc-adapter/values.yaml
index 42c5d4ddb3..ce42af00b7 100755
--- a/kubernetes/so/charts/so-sdnc-adapter/values.yaml
+++ b/kubernetes/so/charts/so-sdnc-adapter/values.yaml
@@ -55,7 +55,7 @@ secrets:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/sdnc-adapter:1.6.0
+image: onap/so/sdnc-adapter:1.6.1
pullPolicy: Always
db:
diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml
index 1d9854c191..434a3e166f 100755
--- a/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml
+++ b/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml
@@ -37,7 +37,7 @@ secrets:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/ve-vnfm-adapter:1.6.0
+image: onap/so/ve-vnfm-adapter:1.6.1
pullPolicy: Always
replicaCount: 1
service:
diff --git a/kubernetes/so/charts/so-vfc-adapter/values.yaml b/kubernetes/so/charts/so-vfc-adapter/values.yaml
index aa4923a9bd..28ca7016ef 100755
--- a/kubernetes/so/charts/so-vfc-adapter/values.yaml
+++ b/kubernetes/so/charts/so-vfc-adapter/values.yaml
@@ -52,7 +52,7 @@ secrets:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/vfc-adapter:1.6.0
+image: onap/so/vfc-adapter:1.6.1
pullPolicy: Always
db:
diff --git a/kubernetes/so/charts/so-vnfm-adapter/values.yaml b/kubernetes/so/charts/so-vnfm-adapter/values.yaml
index 72efcb4b78..f911e499cd 100755
--- a/kubernetes/so/charts/so-vnfm-adapter/values.yaml
+++ b/kubernetes/so/charts/so-vnfm-adapter/values.yaml
@@ -40,7 +40,7 @@ secrets:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/vnfm-adapter:1.6.0
+image: onap/so/vnfm-adapter:1.6.1
pullPolicy: Always
replicaCount: 1
diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index feb0017979..a8910b2a1d 100755
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -137,7 +137,7 @@ dbCreds:
adminName: so_admin
repository: nexus3.onap.org:10001
-image: onap/so/api-handler-infra:1.6.0
+image: onap/so/api-handler-infra:1.6.1
pullPolicy: Always
replicaCount: 1
minReadySeconds: 10
diff --git a/kubernetes/vnfsdk/resources/config/configuration.xml b/kubernetes/vnfsdk/resources/config/configuration.xml
new file mode 100644
index 0000000000..6bd4e1c8eb
--- /dev/null
+++ b/kubernetes/vnfsdk/resources/config/configuration.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Copyright 2017 Huawei Technologies Co., Ltd.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!DOCTYPE configuration
+PUBLIC "//mybatis.org//DTD Config 3.0//EN"
+"http://mybatis.org/dtd/mybatis-3-config.dtd">
+<configuration>
+ <environments default="development">
+ <environment id="development">
+ <transactionManager type="JDBC" />
+ <dataSource type="UNPOOLED">
+ <property name="driver" value="org.postgresql.Driver" />
+ <property name="url" value="jdbc:postgresql://{{ .Values.postgres.service.name }}:{{ .Values.postgres.service.externalPort }}/marketplaceDB" />
+ <property name="username" value="${PG_USER}" />
+ <property name="password" value="${PG_PASSWORD}" />
+ </dataSource>
+ </environment>
+ </environments>
+ <mappers>
+ <mapper resource="mybatis/sql/MarketplaceMapper.xml" />
+ </mappers>
+</configuration>
diff --git a/kubernetes/vnfsdk/templates/configmap.yaml b/kubernetes/vnfsdk/templates/configmap.yaml
index 44d5f41f15..0c39e6e685 100644
--- a/kubernetes/vnfsdk/templates/configmap.yaml
+++ b/kubernetes/vnfsdk/templates/configmap.yaml
@@ -23,4 +23,4 @@ metadata:
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/marketplace_tables_postgres.sql").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/vnfsdk/templates/deployment.yaml b/kubernetes/vnfsdk/templates/deployment.yaml
index bd187db286..3f4d6c43eb 100644
--- a/kubernetes/vnfsdk/templates/deployment.yaml
+++ b/kubernetes/vnfsdk/templates/deployment.yaml
@@ -35,6 +35,25 @@ spec:
spec:
initContainers:
- command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: PG_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
+ - name: PG_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: init-data-input
+ - mountPath: /config
+ name: init-data
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
+ - command:
- /root/ready.py
args:
- --container-name
@@ -54,9 +73,10 @@ spec:
name: {{ include "common.name" . }}
resources:
{{ include "common.resources" . | indent 12 }}
- env:
- - name: POSTGRES_SERVICE_HOST
- value: "$(VNFSDK_DBSET_SERVICE_HOST)"
+ volumes:
+ - mountPath: /service/webapps/ROOT/WEB-INF/classes/mybatis/configuration/configuration.xml
+ name: init-data
+ subPath: configuration.xml
readinessProbe:
tcpSocket:
port: {{ .Values.service.internalPort }}
@@ -64,3 +84,10 @@ spec:
periodSeconds: {{ .Values.readiness.periodSeconds }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+ volumes:
+ - name: init-data-input
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: init-data
+ emptyDir:
+ medium: Memory
diff --git a/kubernetes/vnfsdk/templates/job.yaml b/kubernetes/vnfsdk/templates/job.yaml
index 2ec7b95772..1d0dd29f59 100644
--- a/kubernetes/vnfsdk/templates/job.yaml
+++ b/kubernetes/vnfsdk/templates/job.yaml
@@ -51,13 +51,15 @@ spec:
image: "{{ .Values.postgresRepository }}/{{ .Values.postgresImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
+ - name: PGUSER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
- name: PGPASSWORD
- value: "{{ .Values.postgres.config.pgUserPassword }}"
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
command:
- /bin/sh
- -c
- |
- psql -U {{ .Values.postgres.config.pgUserName }} -h $(VNFSDK_DBPRI_SERVICE_HOST) -f /aaa/init/marketplace_tables_postgres.sql
+ psql -h $(VNFSDK_DBPRI_SERVICE_HOST) -f /aaa/init/marketplace_tables_postgres.sql
volumeMounts:
- name: init-data
mountPath: /aaa/init/marketplace_tables_postgres.sql
diff --git a/kubernetes/vnfsdk/templates/secrets.yaml b/kubernetes/vnfsdk/templates/secrets.yaml
new file mode 100644
index 0000000000..b143034d8f
--- /dev/null
+++ b/kubernetes/vnfsdk/templates/secrets.yaml
@@ -0,0 +1,16 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+# #
+# # Licensed under the Apache License, Version 2.0 (the "License");
+# # you may not use this file except in compliance with the License.
+# # You may obtain a copy of the License at
+# #
+# # http://www.apache.org/licenses/LICENSE-2.0
+# #
+# # Unless required by applicable law or agreed to in writing, software
+# # distributed under the License is distributed on an "AS IS" BASIS,
+# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# # See the License for the specific language governing permissions and
+# # limitations under the License.
+*/}}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml
index 28dea47cfc..82bef2d4eb 100644
--- a/kubernetes/vnfsdk/values.yaml
+++ b/kubernetes/vnfsdk/values.yaml
@@ -22,6 +22,22 @@ global:
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ envsubstImage: dibi/envsubst
+
+secrets:
+ - uid: pg-root-pass
+ name: &pgRootPassSecretName '{{ include "common.release" . }}-vnfsdk-pg-root-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "vnfsdk-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+ password: '{{ .Values.postgres.config.pgRootpassword }}'
+ policy: generate
+ - uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-vnfsdk-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "vnfsdk-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
#################################################################
# Application configuration defaults.
@@ -50,9 +66,8 @@ postgres:
config:
pgUserName: postgres
pgDatabase: postgres
- pgPrimaryPassword: postgres
- pgUserPassword: postgres
- pgRootPassword: postgres
+ pgUserExternalSecret: *pgUserCredsSecretName
+ pgRootPasswordExternalSecret: *pgRootPassSecretName
# flag to enable debugging - application support required
debugEnabled: false