diff options
Diffstat (limited to 'kubernetes')
55 files changed, 478 insertions, 45 deletions
diff --git a/kubernetes/Makefile b/kubernetes/Makefile index 7150f10c1f..faa96df811 100644 --- a/kubernetes/Makefile +++ b/kubernetes/Makefile @@ -28,9 +28,9 @@ endif SUBMODS := robot aai EXCLUDES := config oneclick readiness test dist helm $(PARENT_CHART) dcae $(SUBMODS) -HELM_CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) $(PARENT_CHART) +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) $(SUBMODS) $(PARENT_CHART) -.PHONY: $(EXCLUDES) $(HELM_CHARTS) $(SUBMODS) +.PHONY: $(EXCLUDES) $(HELM_CHARTS) all: $(COMMON_CHARTS_DIR) $(SUBMODS) $(HELM_CHARTS) plugins diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml index 3f7782c604..dd04c93bd7 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml @@ -46,8 +46,8 @@ flavor: small resources: small: limits: - cpu: 20m - memory: 50Mi + cpu: 50m + memory: 100Mi requests: cpu: 10m memory: 10Mi diff --git a/kubernetes/cds/charts/cds-py-executor/Chart.yaml b/kubernetes/cds/charts/cds-py-executor/Chart.yaml new file mode 100755 index 0000000000..41b43c34a3 --- /dev/null +++ b/kubernetes/cds/charts/cds-py-executor/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright (c) 2020 Bell Canada, Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP CDS Py Executor +name: cds-py-executor +version: 6.0.0
\ No newline at end of file diff --git a/kubernetes/cds/charts/cds-py-executor/requirements.yaml b/kubernetes/cds/charts/cds-py-executor/requirements.yaml new file mode 100755 index 0000000000..676fe8f6b2 --- /dev/null +++ b/kubernetes/cds/charts/cds-py-executor/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright (c) 2020 Bell Canada, Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml b/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml new file mode 100755 index 0000000000..f9c3377dd8 --- /dev/null +++ b/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml @@ -0,0 +1,90 @@ +# Copyright (c) 2020 Bell Canada, Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + command: + - bash + args: + - '-c' + - 'AUTH_TOKEN=`echo -n $API_USERNAME:$API_PASSWORD | base64` /opt/app/onap/python/start.sh' + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{- include "common.containerPorts" . | nindent 12 }} + {{ if .Values.liveness.enabled }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} + {{ end }} + readinessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} + env: + - name: APP_PORT + value: {{ .Values.config.appPort }} + - name: AUTH_TYPE + value: {{ .Values.config.authType }} + - name: API_USERNAME + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "login") | nindent 12 }} + - name: API_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "password") | nindent 12 }} + - name: LOG_FILE + value: {{ .Values.config.logFile }} + - name: ARTIFACT_MANAGER_PORT + value: {{ .Values.config.artifactManagerPort }} + - name: ARTIFACT_MANAGER_SERVER_LOG_FILE + value: {{ .Values.config.artifactManagerLogFile }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: {{ .Values.persistence.deployedBlueprint }} + name: {{ include "common.fullname" . }}-blueprints + resources: +{{ include "common.resources" . | nindent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | nindent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | nindent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + # Py executor shares the blueprintsprocessor storage (for now) to + # share uploaded CBA files. In the future it will be deprecated + # when all parts of the CDS will make use of Artifact Manager + - name: {{ include "common.fullname" . }}-blueprints + persistentVolumeClaim: + claimName: {{ include "common.release" . }}-cds-blueprints + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml b/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml new file mode 100644 index 0000000000..c36607b172 --- /dev/null +++ b/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (c) 2020 Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }}
\ No newline at end of file diff --git a/kubernetes/cds/charts/cds-py-executor/templates/service.yaml b/kubernetes/cds/charts/cds-py-executor/templates/service.yaml new file mode 100755 index 0000000000..1267791b6c --- /dev/null +++ b/kubernetes/cds/charts/cds-py-executor/templates/service.yaml @@ -0,0 +1,15 @@ +# Copyright (c) 2020 Bell Canada, Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/cds/charts/cds-py-executor/values.yaml b/kubernetes/cds/charts/cds-py-executor/values.yaml new file mode 100755 index 0000000000..206ae10a75 --- /dev/null +++ b/kubernetes/cds/charts/cds-py-executor/values.yaml @@ -0,0 +1,120 @@ +# Copyright (c) 2020 Bell Canada, Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific lan`guage governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + # Change to an unused port prefix range to prevent port conflicts + # with other instances running within the same k8s cluster + nodePortPrefix: 302 + + # image repositories + repository: nexus3.onap.org:10001 + + # readiness check + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + + # image pull policy + pullPolicy: Always + + persistence: + mountPath: /dockerdata-nfs + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/ccsdk-py-executor:0.7.2 +pullPolicy: Always + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + port: 50052 + initialDelaySeconds: 20 + periodSeconds: 20 + timeoutSeconds: 20 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + port: 50052 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 20 + +service: + type: ClusterIP + ports: + - port: 50052 + name: executor-grpc + - port: 50053 + name: manager-grpc + +secrets: + - uid: api-credentials + externalSecret: '{{ tpl (default "" .Values.config.authCredentialsExternalSecret) . }}' + type: basicAuth + login: '{{ .Values.config.apiUsername }}' + password: '{{ .Values.config.apiPassword }}' + passwordPolicy: required + +config: + # the api credentials below are used to authenticate communication with blueprint + # processor API. Py executor in this context is a client of the blueprint processor + apiUsername: ccsdkapps + apiPassword: ccsdkapps + env: + appPort: 50052 + authType: tls-auth + logFile: /dev/stdout + artifactManagerPort: 50053 + artifactManagerLogFile: /dev/stdout + +persistence: + enabled: true + mountSubPath: cds/blueprints/deploy + deployedBlueprint: /opt/app/onap/blueprints/deploy + +ingress: + enabled: false + +flavor: small + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 4Gi + unlimited: {} diff --git a/kubernetes/common/Makefile b/kubernetes/common/Makefile index 5bd503e0ff..941c2f84df 100644 --- a/kubernetes/common/Makefile +++ b/kubernetes/common/Makefile @@ -20,7 +20,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets COMMON_CHARTS_DIR := common EXCLUDES := -HELM_CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -49,4 +49,4 @@ clean: @rm -f *tgz */charts/*tgz @rm -rf $(PACKAGE_DIR) %: - @:
\ No newline at end of file + @: diff --git a/kubernetes/common/cassandra/requirements.yaml b/kubernetes/common/cassandra/requirements.yaml index bab2c4befc..90e6621aa3 100644 --- a/kubernetes/common/cassandra/requirements.yaml +++ b/kubernetes/common/cassandra/requirements.yaml @@ -16,4 +16,4 @@ dependencies: - name: common version: ~6.x-0 - repository: '@local' + repository: 'file://../common' diff --git a/kubernetes/common/dgbuilder/requirements.yaml b/kubernetes/common/dgbuilder/requirements.yaml index 7d56bf28ef..4735901dfa 100644 --- a/kubernetes/common/dgbuilder/requirements.yaml +++ b/kubernetes/common/dgbuilder/requirements.yaml @@ -15,4 +15,4 @@ dependencies: - name: common version: ~6.x-0 - repository: '@local'
\ No newline at end of file + repository: 'file://../common' diff --git a/kubernetes/common/elasticsearch/components/curator/requirements.yaml b/kubernetes/common/elasticsearch/components/curator/requirements.yaml index ff65593469..e9a5a5f61a 100644 --- a/kubernetes/common/elasticsearch/components/curator/requirements.yaml +++ b/kubernetes/common/elasticsearch/components/curator/requirements.yaml @@ -15,4 +15,4 @@ dependencies: - name: common version: ~6.x-0 - repository: '@local'
\ No newline at end of file + repository: 'file://../../../common' diff --git a/kubernetes/common/elasticsearch/components/data/requirements.yaml b/kubernetes/common/elasticsearch/components/data/requirements.yaml index 6a61926e9e..a1f72ffc60 100644 --- a/kubernetes/common/elasticsearch/components/data/requirements.yaml +++ b/kubernetes/common/elasticsearch/components/data/requirements.yaml @@ -15,4 +15,4 @@ dependencies: - name: common version: ~6.x-0 - repository: '@local'
\ No newline at end of file + repository: 'file://../../../common' diff --git a/kubernetes/common/elasticsearch/components/master/requirements.yaml b/kubernetes/common/elasticsearch/components/master/requirements.yaml index 6a61926e9e..a1f72ffc60 100644 --- a/kubernetes/common/elasticsearch/components/master/requirements.yaml +++ b/kubernetes/common/elasticsearch/components/master/requirements.yaml @@ -15,4 +15,4 @@ dependencies: - name: common version: ~6.x-0 - repository: '@local'
\ No newline at end of file + repository: 'file://../../../common' diff --git a/kubernetes/common/elasticsearch/requirements.yaml b/kubernetes/common/elasticsearch/requirements.yaml index 84fa71c6e6..8a02fef7b7 100644 --- a/kubernetes/common/elasticsearch/requirements.yaml +++ b/kubernetes/common/elasticsearch/requirements.yaml @@ -15,7 +15,7 @@ dependencies: - name: common version: ~6.x-0 - repository: '@local' + repository: 'file://../common' - name: master version: ~6.x-0 repository: 'file://components/master' @@ -27,4 +27,3 @@ dependencies: version: ~6.x-0 repository: 'file://components/curator' condition: elasticsearch.curator.enabled,curator.enabled - diff --git a/kubernetes/common/etcd/requirements.yaml b/kubernetes/common/etcd/requirements.yaml index facbc4434e..e90e615d73 100644 --- a/kubernetes/common/etcd/requirements.yaml +++ b/kubernetes/common/etcd/requirements.yaml @@ -15,4 +15,4 @@ dependencies: - name: common version: ~6.x-0 - repository: '@local' + repository: 'file://../common' diff --git a/kubernetes/common/mongo/requirements.yaml b/kubernetes/common/mongo/requirements.yaml index f99477141f..6ba617e990 100644 --- a/kubernetes/common/mongo/requirements.yaml +++ b/kubernetes/common/mongo/requirements.yaml @@ -15,4 +15,4 @@ dependencies: - name: common version: ~6.x-0 - repository: '@local' + repository: 'file://../common' diff --git a/kubernetes/common/music/charts/music-cassandra/requirements.yaml b/kubernetes/common/music/charts/music-cassandra/requirements.yaml index 38536fcd78..0a80d654d0 100644 --- a/kubernetes/common/music/charts/music-cassandra/requirements.yaml +++ b/kubernetes/common/music/charts/music-cassandra/requirements.yaml @@ -15,4 +15,4 @@ dependencies: - name: common version: ~6.x-0 - repository: '@local'
\ No newline at end of file + repository: 'file://../../../common' diff --git a/kubernetes/common/music/requirements.yaml b/kubernetes/common/music/requirements.yaml index a7089ea6b3..1c428d214e 100644 --- a/kubernetes/common/music/requirements.yaml +++ b/kubernetes/common/music/requirements.yaml @@ -15,4 +15,4 @@ dependencies: - name: common version: ~6.x-0 - repository: '@local' + repository: 'file://../common' diff --git a/kubernetes/common/network-name-gen/requirements.yaml b/kubernetes/common/network-name-gen/requirements.yaml index 8152196ab5..8c2277c210 100644 --- a/kubernetes/common/network-name-gen/requirements.yaml +++ b/kubernetes/common/network-name-gen/requirements.yaml @@ -15,12 +15,12 @@ dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../common'
- name: mariadb-galera
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../mariadb-galera'
condition: global.mariadbGalera.localCluster
- name: mariadb-init
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../mariadb-init'
condition: not global.mariadbGalera.localCluster
diff --git a/kubernetes/common/postgres/requirements.yaml b/kubernetes/common/postgres/requirements.yaml index 76afd96b98..6f898b6171 100644 --- a/kubernetes/common/postgres/requirements.yaml +++ b/kubernetes/common/postgres/requirements.yaml @@ -15,4 +15,4 @@ dependencies: - name: common version: ~6.x-0 - repository: '@local' + repository: 'file://../common' diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index 5fcd916989..a9cac8beac 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -107,7 +107,7 @@ mongo: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.5 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.6 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml index 9bee0510cd..8a03e90333 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml @@ -65,6 +65,19 @@ spec: volumeMounts: - mountPath: /opt/app/osaaf name: tls-info + {{- if .Values.persistence.enabled }} + - name: remove-lost-found + image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /cfy-persist + name: cm-persistent + command: + - /bin/sh + args: + - -c + - "rm -rf '/cfy-persist/lost+found';" + {{- end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml index 25ddfc7558..aff40d4a6a 100644 --- a/kubernetes/dcaegen2/values.yaml +++ b/kubernetes/dcaegen2/values.yaml @@ -22,5 +22,7 @@ global: tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 consulLoaderRepository: nexus3.onap.org:10001 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 + busyboxRepository: docker.io + busyboxImage: library/busybox:1.30 redis: replicaCount: 6 diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml index 5c32d9950d..8b44e160ba 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml @@ -144,6 +144,7 @@ service: type: NodePort name: dmaap-dr-node useNodePortExt: true + both_tls_and_plain: true annotations: service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" ports: diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml index a278a47e4a..30ca493775 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml @@ -62,7 +62,7 @@ mariadb-galera: flavor: small repository: nexus3.onap.org:10001 -image: onap/modeling/etsicatalog:1.0.5 +image: onap/modeling/etsicatalog:1.0.6 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/policy/charts/drools/values.yaml b/kubernetes/policy/charts/drools/values.yaml index 0126c6e06b..3552b2e2f6 100644 --- a/kubernetes/policy/charts/drools/values.yaml +++ b/kubernetes/policy/charts/drools/values.yaml @@ -82,7 +82,7 @@ ingress: # Default installation values to be overridden server: - jvmOpts: -server -Xms1024m -Xmx2048m + jvmOpts: -server -XshowSettings:vm aaf: enabled: "false" diff --git a/kubernetes/policy/charts/policy-distribution/resources/config/config.json b/kubernetes/policy/charts/policy-distribution/resources/config/config.json index 906263343a..4c42ed2353 100644 --- a/kubernetes/policy/charts/policy-distribution/resources/config/config.json +++ b/kubernetes/policy/charts/policy-distribution/resources/config/config.json @@ -21,8 +21,8 @@ "restServerParameters":{ "host":"0.0.0.0", "port":6969, - "userName":"healthcheck", - "password":"zb!XztG34", + "userName":"${RESTSERVER_USER}", + "password":"${RESTSERVER_PASSWORD}", "https":true }, "receptionHandlerParameters":{ @@ -61,8 +61,8 @@ "messageBusAddress": [ "message-router" ], - "user": "policy", - "password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U", + "user": "${SDCBE_USER}", + "password": "${SDCBE_PASSWORD}", "pollingInterval":20, "pollingTimeout":30, "consumerId": "policy-id", @@ -107,14 +107,14 @@ "apiParameters": { "hostName": "policy-api", "port": 6969, - "userName": "healthcheck", - "password": "zb!XztG34" + "userName": "${API_USER}", + "password": "${API_PASSWORD}" }, "papParameters": { "hostName": "policy-pap", "port": 6969, - "userName": "healthcheck", - "password": "zb!XztG34" + "userName": "${PAP_USER}", + "password": "${PAP_PASSWORD}" }, "isHttps": true, "deployPolicies": true diff --git a/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml b/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml index 65961d8f8b..b3b017acd3 100644 --- a/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml +++ b/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml @@ -16,6 +16,37 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: + initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: RESTSERVER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }} + - name: RESTSERVER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }} + - name: API_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "apiparameters-creds" "key" "login") | indent 10 }} + - name: API_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "apiparameters-creds" "key" "password") | indent 10 }} + - name: PAP_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "papparameters-creds" "key" "login") | indent 10 }} + - name: PAP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "papparameters-creds" "key" "password") | indent 10 }} + - name: SDCBE_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdcbe-creds" "key" "login") | indent 10 }} + - name: SDCBE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdcbe-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: distributionconfig-input + - mountPath: /config + name: distributionconfig + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -58,9 +89,12 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: distributionconfig + - name: distributionconfig-input configMap: name: {{ include "common.fullname" . }}-configmap defaultMode: 0755 + - name: distributionconfig + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/policy-distribution/templates/secrets.yaml b/kubernetes/policy/charts/policy-distribution/templates/secrets.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/policy/charts/policy-distribution/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/charts/policy-distribution/values.yaml b/kubernetes/policy/charts/policy-distribution/values.yaml index 835bfc4656..c8d24e5563 100644 --- a/kubernetes/policy/charts/policy-distribution/values.yaml +++ b/kubernetes/policy/charts/policy-distribution/values.yaml @@ -18,10 +18,40 @@ # ============LICENSE_END========================================================= ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: restserver-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + login: '{{ .Values.restServer.user }}' + password: '{{ .Values.restServer.password }}' + passwordPolicy: required + - uid: apiparameters-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.apiParameters.credsExternalSecret) . }}' + login: '{{ .Values.apiParameters.user }}' + password: '{{ .Values.apiParameters.password }}' + passwordPolicy: required + - uid: papparameters-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.papParameters.credsExternalSecret) . }}' + login: '{{ .Values.papParameters.user }}' + password: '{{ .Values.papParameters.password }}' + passwordPolicy: required + - uid: sdcbe-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.sdcBe.credsExternalSecret) . }}' + login: '{{ .Values.sdcBe.user }}' + password: '{{ .Values.sdcBe.password }}' + passwordPolicy: required + +################################################################# # Global configuration defaults. ################################################################# global: persistence: {} + envsubstImage: dibi/envsubst ################################################################# # Application configuration defaults. @@ -36,6 +66,19 @@ debugEnabled: false # application configuration +restServer: + user: healthcheck + password: zb!XztG34 +apiParameters: + user: healthcheck + password: zb!XztG34 +papParameters: + user: healthcheck + password: zb!XztG34 +sdcBe: + user: policy + password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties index f2c2cd7765..c7e4ad197e 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties +++ b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties @@ -50,4 +50,4 @@ xacml.pip.engines=count-recent-operations,get-operation-outcome javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/operationshistory javax.persistence.jdbc.user=${SQL_USER} -javax.persistence.jdbc.password=${SQL_PASSWORD} +javax.persistence.jdbc.password=${SQL_PASSWORD_BASE64} diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml index 9ac5d68a89..bd126b810b 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml +++ b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml @@ -35,7 +35,7 @@ spec: - sh args: - -c - - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - name: RESTSERVER_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }} @@ -45,6 +45,10 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "login") | indent 10 }} - name: API_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "password") | indent 10 }} + - name: SQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: SQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} volumeMounts: - mountPath: /config-input name: pdpxconfig @@ -59,11 +63,6 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"] args: ["/opt/app/policy/pdpx/etc/mounted/config.json"] - env: - - name: SQL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} - - name: SQL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger diff --git a/kubernetes/portal/charts/portal-app/values.yaml b/kubernetes/portal/charts/portal-app/values.yaml index 8d18fd0dbd..01bc0dab93 100644 --- a/kubernetes/portal/charts/portal-app/values.yaml +++ b/kubernetes/portal/charts/portal-app/values.yaml @@ -32,7 +32,7 @@ global: # application image repository: nexus3.onap.org:10001 -image: onap/portal-app:3.2.0 +image: onap/portal-app:3.2.1 pullPolicy: Always #AAF local config diff --git a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql index 13b319c76a..7502e9322a 100644 --- a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql +++ b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql @@ -78,7 +78,7 @@ update fn_app set app_username='aaiui', app_password='4LK69amiIFtuzcl6Gsv97Tt7ML /* Replace spaces with underscores for role names to match AAF role names */ -UPDATE fn_role SET role_name= REPLACE(role_name, ' ', '_') WHERE active_yn= 'Y'; +UPDATE fn_role SET role_name= REPLACE(role_name, ' ', '_') WHERE active_yn= 'Y' AND role_id NOT IN (999); /* diff --git a/kubernetes/robot b/kubernetes/robot -Subproject c81062626b69160145baac5e6a5d670cb67211f +Subproject 4a50a3b035623ab285263a9ebed5d98f33bc65f diff --git a/kubernetes/sdnc/Makefile b/kubernetes/sdnc/Makefile index d634a8c506..e4b5dda95d 100644 --- a/kubernetes/sdnc/Makefile +++ b/kubernetes/sdnc/Makefile @@ -18,8 +18,8 @@ OUTPUT_DIR := $(ROOT_DIR)/../dist PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets -EXCLUDES := -HELM_CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) +EXCLUDES := dist resources templates charts +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -48,4 +48,4 @@ clean: @rm -f *tgz */charts/*tgz @rm -rf $(PACKAGE_DIR) %: - @:
\ No newline at end of file + @: diff --git a/kubernetes/sdnc/components/Makefile b/kubernetes/sdnc/components/Makefile new file mode 100644 index 0000000000..4e737638a6 --- /dev/null +++ b/kubernetes/sdnc/components/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# FIXME OOM-765 +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/sdnc/sdnc-prom/Chart.yaml b/kubernetes/sdnc/components/sdnc-prom/Chart.yaml index 54fb337f04..54fb337f04 100644 --- a/kubernetes/sdnc/sdnc-prom/Chart.yaml +++ b/kubernetes/sdnc/components/sdnc-prom/Chart.yaml diff --git a/kubernetes/sdnc/sdnc-prom/requirements.yaml b/kubernetes/sdnc/components/sdnc-prom/requirements.yaml index e4c7240290..e4c7240290 100644 --- a/kubernetes/sdnc/sdnc-prom/requirements.yaml +++ b/kubernetes/sdnc/components/sdnc-prom/requirements.yaml diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/ensureSdncActive.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh index fb24653129..fb24653129 100755 --- a/kubernetes/sdnc/sdnc-prom/resources/bin/ensureSdncActive.sh +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/ensureSdncStandby.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh index 8dd84bd3ea..8dd84bd3ea 100755 --- a/kubernetes/sdnc/sdnc-prom/resources/bin/ensureSdncStandby.sh +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/prom.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh index c93ba24bd7..c93ba24bd7 100755 --- a/kubernetes/sdnc/sdnc-prom/resources/bin/prom.sh +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.cluster b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.cluster index bdfa1a440b..bdfa1a440b 100755 --- a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.cluster +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.cluster diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.dnsswitch b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.dnsswitch index 209352c4e3..209352c4e3 100755 --- a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.dnsswitch +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.dnsswitch diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.failover b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.failover index e78b7eeee3..e78b7eeee3 100755 --- a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.failover +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.failover diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.monitor b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.monitor index 0042ac368a..0042ac368a 100755 --- a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.monitor +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.monitor diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/switchVoting.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/switchVoting.sh index f13196e7e8..f13196e7e8 100755 --- a/kubernetes/sdnc/sdnc-prom/resources/bin/switchVoting.sh +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/switchVoting.sh diff --git a/kubernetes/sdnc/sdnc-prom/resources/config/config.json b/kubernetes/sdnc/components/sdnc-prom/resources/config/config.json index 54f95c140c..54f95c140c 100644 --- a/kubernetes/sdnc/sdnc-prom/resources/config/config.json +++ b/kubernetes/sdnc/components/sdnc-prom/resources/config/config.json diff --git a/kubernetes/sdnc/sdnc-prom/resources/config/healthchecks.json b/kubernetes/sdnc/components/sdnc-prom/resources/config/healthchecks.json index ea8ceccc0c..ea8ceccc0c 100644 --- a/kubernetes/sdnc/sdnc-prom/resources/config/healthchecks.json +++ b/kubernetes/sdnc/components/sdnc-prom/resources/config/healthchecks.json diff --git a/kubernetes/sdnc/sdnc-prom/templates/configmap.yaml b/kubernetes/sdnc/components/sdnc-prom/templates/configmap.yaml index 927bb1e5be..927bb1e5be 100644 --- a/kubernetes/sdnc/sdnc-prom/templates/configmap.yaml +++ b/kubernetes/sdnc/components/sdnc-prom/templates/configmap.yaml diff --git a/kubernetes/sdnc/sdnc-prom/templates/deployment.yaml b/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml index 7492b5501e..7492b5501e 100644 --- a/kubernetes/sdnc/sdnc-prom/templates/deployment.yaml +++ b/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml diff --git a/kubernetes/sdnc/sdnc-prom/templates/pv.yaml b/kubernetes/sdnc/components/sdnc-prom/templates/pv.yaml index bef2d6a85f..bef2d6a85f 100644 --- a/kubernetes/sdnc/sdnc-prom/templates/pv.yaml +++ b/kubernetes/sdnc/components/sdnc-prom/templates/pv.yaml diff --git a/kubernetes/sdnc/sdnc-prom/templates/pvc.yaml b/kubernetes/sdnc/components/sdnc-prom/templates/pvc.yaml index 9933852f16..9933852f16 100644 --- a/kubernetes/sdnc/sdnc-prom/templates/pvc.yaml +++ b/kubernetes/sdnc/components/sdnc-prom/templates/pvc.yaml diff --git a/kubernetes/sdnc/sdnc-prom/values.yaml b/kubernetes/sdnc/components/sdnc-prom/values.yaml index 7216e81abf..7216e81abf 100644 --- a/kubernetes/sdnc/sdnc-prom/values.yaml +++ b/kubernetes/sdnc/components/sdnc-prom/values.yaml |