aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/Makefile6
-rw-r--r--kubernetes/a1policymanagement/values.yaml2
-rw-r--r--kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml2
-rw-r--r--kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml2
-rw-r--r--kubernetes/aaf/components/aaf-sms/templates/job.yaml1
-rw-r--r--kubernetes/aaf/components/aaf-sms/values.yaml5
-rw-r--r--kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/deployment.yaml (renamed from kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml)2
-rw-r--r--kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml5
-rw-r--r--kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml1
-rw-r--r--kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml1
m---------kubernetes/aai0
-rwxr-xr-xkubernetes/cds/charts/cds-blueprints-processor/values.yaml38
-rwxr-xr-xkubernetes/cds/charts/cds-command-executor/values.yaml2
-rwxr-xr-xkubernetes/cds/charts/cds-py-executor/values.yaml2
-rw-r--r--kubernetes/cds/charts/cds-sdc-listener/values.yaml38
-rw-r--r--kubernetes/cds/charts/cds-ui/values.yaml2
-rw-r--r--kubernetes/clamp/Makefile5
-rw-r--r--kubernetes/clamp/components/clamp-backend/resources/config/application.properties4
-rw-r--r--kubernetes/clamp/components/clamp-backend/values.yaml2
-rw-r--r--kubernetes/clamp/components/clamp-dash-es/requirements.yaml3
-rw-r--r--kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml14
-rw-r--r--kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml16
-rw-r--r--kubernetes/clamp/components/clamp-dash-es/values.yaml40
-rw-r--r--kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml3
-rw-r--r--kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml6
-rw-r--r--kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml5
-rw-r--r--kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml3
-rw-r--r--kubernetes/clamp/components/clamp-dash-kibana/values.yaml40
-rw-r--r--kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml3
-rw-r--r--kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf19
-rw-r--r--kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml5
-rw-r--r--kubernetes/clamp/components/clamp-dash-logstash/values.yaml40
-rw-r--r--kubernetes/clamp/values.yaml2
-rw-r--r--kubernetes/common/Makefile2
-rw-r--r--kubernetes/common/cmpv2Config/values.yaml6
-rw-r--r--kubernetes/common/dgbuilder/values.yaml2
-rw-r--r--kubernetes/common/elasticsearch/components/data/values.yaml2
-rw-r--r--kubernetes/common/elasticsearch/components/master/values.yaml2
-rw-r--r--kubernetes/common/elasticsearch/values.yaml2
-rw-r--r--kubernetes/common/mongo/templates/statefulset.yaml3
-rw-r--r--kubernetes/common/mongo/values.yaml24
-rw-r--r--kubernetes/contrib/components/awx/charts/awx/templates/job.yaml4
-rw-r--r--kubernetes/contrib/components/awx/charts/awx/templates/statefulset.yaml4
-rwxr-xr-xkubernetes/contrib/components/awx/values.yaml1
-rw-r--r--kubernetes/contrib/components/ejbca/values.yaml1
-rw-r--r--kubernetes/contrib/components/netbox/charts/netbox-app/templates/job.yaml2
-rwxr-xr-xkubernetes/contrib/components/netbox/values.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json6
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml10
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml2
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml9
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml4
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml7
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml16
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml12
-rw-r--r--kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml12
-rw-r--r--kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml2
-rw-r--r--kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml32
-rw-r--r--kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml4
-rw-r--r--kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml2
-rw-r--r--kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml6
-rw-r--r--kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml25
-rw-r--r--kubernetes/dcaegen2/components/dcae-dashboard/values.yaml8
-rwxr-xr-xkubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml4
-rw-r--r--kubernetes/dcaegen2/components/dcae-deployment-handler/templates/secrets.yaml17
-rw-r--r--kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml10
-rw-r--r--kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml2
-rw-r--r--kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml4
-rw-r--r--kubernetes/dcaegen2/components/dcae-policy-handler/templates/secrets.yaml17
-rw-r--r--kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml8
-rw-r--r--kubernetes/dcaegen2/templates/secrets.yaml17
-rw-r--r--kubernetes/dcaegen2/values.yaml26
-rw-r--r--kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml2
-rw-r--r--kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml2
-rw-r--r--kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml4
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/values.yaml2
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml2
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/values.yaml2
-rw-r--r--kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml23
-rw-r--r--kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml21
-rw-r--r--kubernetes/modeling/charts/modeling-etsicatalog/requirements.yaml8
-rw-r--r--kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml34
-rw-r--r--kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml3
-rw-r--r--kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml8
-rw-r--r--kubernetes/modeling/charts/modeling-etsicatalog/values.yaml54
-rw-r--r--kubernetes/nbi/templates/deployment.yaml2
-rw-r--r--kubernetes/nbi/values.yaml2
-rw-r--r--kubernetes/onap/templates/clusterrolebinding.yaml2
-rwxr-xr-xkubernetes/onap/values.yaml20
-rw-r--r--kubernetes/oof/Makefile6
-rwxr-xr-xkubernetes/oof/components/Makefile5
-rw-r--r--kubernetes/oof/components/oof-cmso/Makefile5
-rwxr-xr-xkubernetes/oof/components/oof-cmso/components/Makefile5
-rw-r--r--kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml4
-rw-r--r--kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml6
-rw-r--r--kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml2
-rw-r--r--kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml2
-rw-r--r--kubernetes/oof/components/oof-has/Makefile5
-rwxr-xr-xkubernetes/oof/components/oof-has/components/Makefile5
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml2
-rw-r--r--kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml3
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-api/values.yaml2
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml2
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-data/values.yaml2
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml2
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml2
-rwxr-xr-xkubernetes/oof/components/oof-has/resources/config/conductor.conf4
-rwxr-xr-xkubernetes/oof/components/oof-has/resources/config/log.conf3
-rwxr-xr-xkubernetes/oof/components/oof-has/values.yaml2
-rw-r--r--kubernetes/oof/resources/config/common_config.yaml38
-rw-r--r--kubernetes/oof/resources/config/log.yml101
-rwxr-xr-xkubernetes/oof/resources/config/osdf_config.yaml15
-rw-r--r--kubernetes/oof/templates/deployment.yaml6
-rw-r--r--kubernetes/oof/values.yaml13
-rw-r--r--kubernetes/platform/Makefile5
-rw-r--r--kubernetes/platform/components/Makefile5
-rw-r--r--kubernetes/platform/components/oom-cert-service/Makefile148
-rw-r--r--kubernetes/platform/components/oom-cert-service/resources/certServiceClient-keystore.jksbin4066 -> 0 bytes
-rw-r--r--kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.jksbin4109 -> 0 bytes
-rw-r--r--kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.p12bin4683 -> 0 bytes
-rw-r--r--kubernetes/platform/components/oom-cert-service/resources/root.crt33
-rw-r--r--kubernetes/platform/components/oom-cert-service/resources/truststore.jksbin1730 -> 0 bytes
-rw-r--r--kubernetes/platform/components/oom-cert-service/templates/deployment.yaml4
-rw-r--r--kubernetes/platform/components/oom-cert-service/templates/secret.yaml4
-rw-r--r--kubernetes/platform/components/oom-cert-service/templates/service.yaml4
-rw-r--r--kubernetes/platform/components/oom-cert-service/values.yaml3
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json4
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/values.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-api/resources/config/config.json7
-rwxr-xr-xkubernetes/policy/components/policy-api/templates/deployment.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-api/values.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-distribution/values.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/values.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-pap/resources/config/config.json2
-rwxr-xr-xkubernetes/policy/components/policy-pap/templates/deployment.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-pap/values.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties2
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml4
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/values.yaml2
-rw-r--r--kubernetes/portal/Makefile5
-rw-r--r--kubernetes/portal/components/Makefile5
-rw-r--r--kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/key.properties2
-rw-r--r--kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml11
-rw-r--r--kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties6
-rwxr-xr-xkubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties6
-rw-r--r--kubernetes/portal/components/portal-app/templates/deployment.yaml46
-rw-r--r--kubernetes/portal/components/portal-app/values.yaml36
-rw-r--r--kubernetes/portal/components/portal-cassandra/templates/deployment.yaml4
-rw-r--r--kubernetes/portal/components/portal-cassandra/templates/secrets.yaml17
-rw-r--r--kubernetes/portal/components/portal-cassandra/values.yaml11
-rw-r--r--kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh446
-rw-r--r--kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql5
-rw-r--r--kubernetes/portal/components/portal-mariadb/templates/deployment.yaml12
-rw-r--r--kubernetes/portal/components/portal-mariadb/templates/job.yaml4
-rw-r--r--kubernetes/portal/components/portal-mariadb/templates/secrets.yaml3
-rw-r--r--kubernetes/portal/components/portal-mariadb/values.yaml7
-rw-r--r--kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/key.properties40
-rw-r--r--kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml11
-rw-r--r--kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties6
-rwxr-xr-xkubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties6
-rw-r--r--kubernetes/portal/components/portal-sdk/templates/deployment.yaml42
-rw-r--r--kubernetes/portal/components/portal-sdk/values.yaml37
-rw-r--r--kubernetes/portal/components/portal-widget/values.yaml2
-rw-r--r--kubernetes/portal/templates/secrets.yaml17
-rw-r--r--kubernetes/portal/values.yaml45
m---------kubernetes/robot0
-rw-r--r--kubernetes/sdc/Makefile7
-rw-r--r--kubernetes/sdc/components/Makefile5
-rw-r--r--kubernetes/sdc/components/sdc-be/templates/deployment.yaml28
-rw-r--r--kubernetes/sdc/components/sdc-be/templates/job.yaml18
-rw-r--r--kubernetes/sdc/components/sdc-be/values.yaml12
-rw-r--r--kubernetes/sdc/components/sdc-cs/templates/job.yaml16
-rw-r--r--kubernetes/sdc/components/sdc-cs/values.yaml24
-rw-r--r--kubernetes/sdc/components/sdc-fe/templates/deployment.yaml26
-rw-r--r--kubernetes/sdc/components/sdc-fe/values.yaml14
-rw-r--r--kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml24
-rw-r--r--kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml16
-rw-r--r--kubernetes/sdc/components/sdc-onboarding-be/values.yaml16
-rw-r--r--kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml8
-rw-r--r--kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml70
-rw-r--r--kubernetes/sdc/components/sdc-wfd-be/values.yaml41
-rw-r--r--kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml28
-rw-r--r--kubernetes/sdc/components/sdc-wfd-fe/values.yaml39
-rw-r--r--kubernetes/sdnc/Makefile5
-rw-r--r--kubernetes/sdnc/components/Makefile5
-rw-r--r--kubernetes/sdnc/components/dmaap-listener/values.yaml2
-rw-r--r--kubernetes/sdnc/components/sdnc-ansible-server/values.yaml2
-rw-r--r--kubernetes/sdnc/components/sdnc-web/values.yaml2
-rw-r--r--kubernetes/sdnc/components/ueb-listener/values.yaml2
-rwxr-xr-xkubernetes/sdnc/resources/config/bin/startODL.sh1
-rw-r--r--kubernetes/sdnc/resources/config/conf/setenv10
-rwxr-xr-xkubernetes/sdnc/templates/sdnrdb-init-job.yaml2
-rw-r--r--kubernetes/sdnc/templates/service.yaml6
-rw-r--r--kubernetes/sdnc/templates/statefulset.yaml58
-rw-r--r--kubernetes/sdnc/values.yaml53
-rw-r--r--kubernetes/sniro-emulator/templates/deployment.yaml6
-rwxr-xr-xkubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml2
-rw-r--r--kubernetes/uui/charts/uui-server/values.yaml2
-rw-r--r--kubernetes/uui/values.yaml2
-rw-r--r--kubernetes/vfc/charts/vfc-generic-vnfm-driver/resources/config/logging/log.yml3
-rw-r--r--kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml6
-rw-r--r--kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml2
-rw-r--r--kubernetes/vfc/charts/vfc-nslcm/resources/config/logging/log.yml3
-rw-r--r--kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml6
-rw-r--r--kubernetes/vfc/charts/vfc-nslcm/values.yaml2
-rw-r--r--kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml5
-rw-r--r--kubernetes/vfc/charts/vfc-redis/values.yaml2
-rw-r--r--kubernetes/vfc/charts/vfc-vnflcm/resources/config/logging/log.yml3
-rw-r--r--kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml6
-rw-r--r--kubernetes/vfc/charts/vfc-vnflcm/values.yaml2
-rw-r--r--kubernetes/vfc/charts/vfc-vnfmgr/resources/config/logging/log.yml3
-rw-r--r--kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml6
-rw-r--r--kubernetes/vfc/charts/vfc-vnfmgr/values.yaml2
-rw-r--r--kubernetes/vfc/charts/vfc-vnfres/resources/config/logging/log.yml3
-rw-r--r--kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml6
-rw-r--r--kubernetes/vfc/charts/vfc-vnfres/values.yaml2
-rw-r--r--kubernetes/vfc/charts/vfc-zte-vnfm-driver/resources/config/logging/log.yml3
-rw-r--r--kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml6
-rw-r--r--kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml2
-rw-r--r--kubernetes/vid/values.yaml2
-rw-r--r--kubernetes/vnfsdk/resources/config/configuration.xml2
-rw-r--r--kubernetes/vnfsdk/templates/deployment.yaml2
-rw-r--r--kubernetes/vnfsdk/values.yaml2
225 files changed, 2100 insertions, 681 deletions
diff --git a/kubernetes/Makefile b/kubernetes/Makefile
index b25381fd81..dfad45ff24 100644
--- a/kubernetes/Makefile
+++ b/kubernetes/Makefile
@@ -19,6 +19,7 @@ ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
OUTPUT_DIR := $(ROOT_DIR)/dist
PACKAGE_DIR := $(OUTPUT_DIR)/packages
SECRET_DIR := $(OUTPUT_DIR)/secrets
+HELM_VER := $(shell helm version --template "{{.Version}}")
ifneq ($(SKIP_LINT),TRUE)
HELM_LINT_CMD := helm lint
@@ -65,7 +66,12 @@ lint-%: dep-%
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
+
@helm repo index $(PACKAGE_DIR)
clean:
diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml
index 827a51de93..ac26f9b575 100644
--- a/kubernetes/a1policymanagement/values.yaml
+++ b/kubernetes/a1policymanagement/values.yaml
@@ -30,7 +30,7 @@ secrets:
passwordPolicy: required
repository: nexus3.onap.org:10001
-image: onap/ccsdk-oran-a1policymanagementservice:1.0.0
+image: onap/ccsdk-oran-a1policymanagementservice:1.1.0
pullPolicy: IfNotPresent
replicaCount: 1
diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml
index bf1179d49a..84d69ed127 100644
--- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml
+++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml
@@ -28,7 +28,7 @@ spec:
selector:
matchLabels:
app: {{ include "common.name" . }}
- serviceName:
+ serviceName: {{ include "common.servicename" . }}
template:
metadata:
labels:
diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml
index 45bf399437..b50fe7789c 100644
--- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml
+++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml
@@ -28,7 +28,7 @@ spec:
selector:
matchLabels:
app: {{ include "common.name" . }}
- serviceName:
+ serviceName: {{ include "common.servicename" . }}
template:
metadata:
labels:
diff --git a/kubernetes/aaf/components/aaf-sms/templates/job.yaml b/kubernetes/aaf/components/aaf-sms/templates/job.yaml
index b3745e1e52..3650990b99 100644
--- a/kubernetes/aaf/components/aaf-sms/templates/job.yaml
+++ b/kubernetes/aaf/components/aaf-sms/templates/job.yaml
@@ -25,7 +25,6 @@ metadata:
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
- replicas: {{ .Values.replicaCount }}
template:
metadata:
labels:
diff --git a/kubernetes/aaf/components/aaf-sms/values.yaml b/kubernetes/aaf/components/aaf-sms/values.yaml
index dccf57ca96..148d10da13 100644
--- a/kubernetes/aaf/components/aaf-sms/values.yaml
+++ b/kubernetes/aaf/components/aaf-sms/values.yaml
@@ -104,6 +104,11 @@ service:
internalPort: 10443
externalPort: 10443
+#define value for aaf-sms-quorumclient subchart
+aaf-sms-quorumclient:
+ service:
+ name: aaf-sms
+
persistence:
enabled: true
volumeReclaimPolicy: Retain
diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/deployment.yaml
index 53ea99524b..2715120ba9 100644
--- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml
+++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/deployment.yaml
@@ -17,7 +17,7 @@
{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}}
apiVersion: apps/v1
-kind: StatefulSet
+kind: Deployment
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector: {{- include "common.selectors" . | nindent 4 }}
diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml
index 23fe79d716..90d18997ac 100644
--- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml
+++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml
@@ -48,17 +48,16 @@ spec:
- name: {{ include "common.fullname" . }}-tpmconfig
mountPath: "/abrmd/cred/"
readOnly: true
- resources: {{ toYaml .Values.resources | nindent 10 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
- {{- end -}}
{{- if .Values.global.tpm.enabled }}
{{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }}
{{- end -}}
+ {{- end -}}
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
- resources: {{ include "common.resources" . | nindent 10 }}
volumes:
- name: {{ include "common.fullname" . }}-data
persistentVolumeClaim:
diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml
index c6041d124d..c40c6b075a 100644
--- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml
+++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml
@@ -20,7 +20,6 @@ apiVersion: batch/v1
kind: Job
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- replicas: {{ .Values.replicaCount }}
serviceName:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml
index 1643c15c5d..021276b06d 100644
--- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml
+++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml
@@ -20,7 +20,6 @@ apiVersion: batch/v1
kind: Job
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- replicas: {{ .Values.replicaCount }}
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
diff --git a/kubernetes/aai b/kubernetes/aai
-Subproject 944970742185cccb73110875d1b4ad9f7305337
+Subproject 628ecd0d519acc6b4717d05aa12fd4f7b7dfc55
diff --git a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml
index f1b00c09f4..b23a1b05c2 100755
--- a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml
+++ b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml
@@ -61,7 +61,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-blueprintsprocessor:0.7.5
+image: onap/ccsdk-blueprintsprocessor:1.0.0
pullPolicy: Always
# flag to enable debugging - application support required
@@ -167,21 +167,21 @@ logback:
hibernate: INFO
onapCcsdkCds: INFO
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
+flavor: small
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 4Gi
+ unlimited: {}
diff --git a/kubernetes/cds/charts/cds-command-executor/values.yaml b/kubernetes/cds/charts/cds-command-executor/values.yaml
index 5fcfbc4787..fff3fc7298 100755
--- a/kubernetes/cds/charts/cds-command-executor/values.yaml
+++ b/kubernetes/cds/charts/cds-command-executor/values.yaml
@@ -39,7 +39,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-commandexecutor:0.7.5
+image: onap/ccsdk-commandexecutor:1.0.0
pullPolicy: Always
# application configuration
diff --git a/kubernetes/cds/charts/cds-py-executor/values.yaml b/kubernetes/cds/charts/cds-py-executor/values.yaml
index 6a29b1c80c..6a7f30fdce 100755
--- a/kubernetes/cds/charts/cds-py-executor/values.yaml
+++ b/kubernetes/cds/charts/cds-py-executor/values.yaml
@@ -37,7 +37,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-py-executor:0.7.5
+image: onap/ccsdk-py-executor:1.0.0
pullPolicy: Always
# default number of instances
diff --git a/kubernetes/cds/charts/cds-sdc-listener/values.yaml b/kubernetes/cds/charts/cds-sdc-listener/values.yaml
index 50462bbed7..102ea0f36c 100644
--- a/kubernetes/cds/charts/cds-sdc-listener/values.yaml
+++ b/kubernetes/cds/charts/cds-sdc-listener/values.yaml
@@ -36,7 +36,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-sdclistener:0.7.5
+image: onap/ccsdk-sdclistener:1.0.0
name: sdc-listener
pullPolicy: Always
@@ -88,21 +88,21 @@ logback:
hibernate: INFO
onapCcsdkCds: INFO
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
-# Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
+flavor: small
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 4Gi
+ unlimited: {}
diff --git a/kubernetes/cds/charts/cds-ui/values.yaml b/kubernetes/cds/charts/cds-ui/values.yaml
index da8bf8c871..9fad2aa667 100644
--- a/kubernetes/cds/charts/cds-ui/values.yaml
+++ b/kubernetes/cds/charts/cds-ui/values.yaml
@@ -26,7 +26,7 @@ subChartsOnly:
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-cds-ui-server:0.7.5
+image: onap/ccsdk-cds-ui-server:1.0.0
pullPolicy: Always
# application configuration
diff --git a/kubernetes/clamp/Makefile b/kubernetes/clamp/Makefile
index 8af301d7ae..248fb056ab 100644
--- a/kubernetes/clamp/Makefile
+++ b/kubernetes/clamp/Makefile
@@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES := dist resources templates charts docker
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@@ -39,7 +40,11 @@ lint-%: dep-%
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
@helm repo index $(PACKAGE_DIR)
clean:
diff --git a/kubernetes/clamp/components/clamp-backend/resources/config/application.properties b/kubernetes/clamp/components/clamp-backend/resources/config/application.properties
index b2cee395b9..5bea37aaa3 100644
--- a/kubernetes/clamp/components/clamp-backend/resources/config/application.properties
+++ b/kubernetes/clamp/components/clamp-backend/resources/config/application.properties
@@ -43,7 +43,7 @@ server.ssl.trust-store-password=${cadi_truststore_password}
spring.datasource.username=${MYSQL_USER}
spring.datasource.password=${MYSQL_PASSWORD}
spring.datasource.url=jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3
-spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,legacy-operational-policy,default-dictionary-elements
+spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,default-dictionary-elements
#The log folder that will be used in logback.xml file
clamp.config.files.sdcController=file:/opt/clamp/sdc-controllers-config.json
@@ -66,4 +66,4 @@ clamp.config.dcae.deployment.userName=none
clamp.config.dcae.deployment.password=none
#AAF related parameters
-clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095 \ No newline at end of file
+clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095
diff --git a/kubernetes/clamp/components/clamp-backend/values.yaml b/kubernetes/clamp/components/clamp-backend/values.yaml
index a6d5ca0b4c..97eebeb187 100644
--- a/kubernetes/clamp/components/clamp-backend/values.yaml
+++ b/kubernetes/clamp/components/clamp-backend/values.yaml
@@ -66,7 +66,7 @@ flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-backend:5.1.0
+image: onap/clamp-backend:5.1.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/clamp/components/clamp-dash-es/requirements.yaml b/kubernetes/clamp/components/clamp-dash-es/requirements.yaml
index caff1e5dc4..317d5b5d79 100644
--- a/kubernetes/clamp/components/clamp-dash-es/requirements.yaml
+++ b/kubernetes/clamp/components/clamp-dash-es/requirements.yaml
@@ -17,3 +17,6 @@ dependencies:
- name: common
version: ~6.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local' \ No newline at end of file
diff --git a/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml b/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml
index 1eb20fce89..9e04d5ae01 100644
--- a/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml
+++ b/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml
@@ -106,14 +106,24 @@ transport.tcp.port: {{.Values.service.externalPort2}}
######## Start OpenDistro for Elasticsearch Security Demo Configuration ########
# WARNING: revise all the lines below before you go into production
+{{- if .Values.global.aafEnabled }}
+opendistro_security.ssl.transport.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }}
+opendistro_security.ssl.transport.pemkey_filepath: {{ .Values.certInitializer.clamp_key }}
+opendistro_security.ssl.transport.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }}
+opendistro_security.ssl.http.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }}
+opendistro_security.ssl.http.pemkey_filepath: {{ .Values.certInitializer.clamp_key }}
+opendistro_security.ssl.http.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }}
+{{- else }}
opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
-opendistro_security.ssl.transport.enforce_hostname_verification: false
-opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}}
opendistro_security.ssl.http.pemcert_filepath: esnode.pem
opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
+{{- end }}
+opendistro_security.ssl.transport.enforce_hostname_verification: false
+opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}}
+
opendistro_security.allow_unsafe_democertificates: true
opendistro_security.allow_default_init_securityindex: true
opendistro_security.authcz.admin_dn:
diff --git a/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml
index 0ec38b08e3..0e37df7ddc 100644
--- a/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml
+++ b/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml
@@ -59,10 +59,22 @@ spec:
mountPath: /usr/share/elasticsearch/logs/
- name: {{ include "common.fullname" . }}-data
mountPath: /usr/share/elasticsearch/data/
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_key }}
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_pem }}
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_ca_certs_pem }}
+ /usr/local/bin/docker-entrypoint.sh
+ {{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
name: {{ include "common.servicename" . }}
@@ -85,7 +97,7 @@ spec:
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
env:
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -104,7 +116,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/clamp/components/clamp-dash-es/values.yaml b/kubernetes/clamp/components/clamp-dash-es/values.yaml
index 27158a6668..04580a0354 100644
--- a/kubernetes/clamp/components/clamp-dash-es/values.yaml
+++ b/kubernetes/clamp/components/clamp-dash-es/values.yaml
@@ -20,6 +20,44 @@ global:
nodePortPrefix: 302
repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
persistence: {}
+ centralizedLoggingEnabled: true
+ #AAF service
+ aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ permission_user: 1000
+ permission_group: 999
+ addconfig: true
+ keystoreFile: "org.onap.clamp.p12"
+ truststoreFile: "org.onap.clamp.trust.jks"
+ keyFile: "org.onap.clamp.keyfile"
+ truststoreFileONAP: "truststoreONAPall.jks"
+ clamp_key: "org.onap.clamp.crt.key"
+ clamp_pem: "org.onap.clamp.key.pem"
+ clamp_ca_certs_pem: "clamp-ca-certs.pem"
+ nameOverride: clamp-es-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: clamp
+ fqi: clamp@clamp.onap.org
+ public_fqdn: clamp.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+ cd {{ .Values.credsPath }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+ chmod a+rx *;
+
flavor: small
#################################################################
@@ -32,7 +70,7 @@ busyboxImage: library/busybox:latest
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-elasticsearch:5.0.3
+image: onap/clamp-dashboard-elasticsearch:5.0.4
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml b/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml
index caff1e5dc4..317d5b5d79 100644
--- a/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml
+++ b/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml
@@ -17,3 +17,6 @@ dependencies:
- name: common
version: ~6.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local' \ No newline at end of file
diff --git a/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml b/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml
index db81e3da00..acfb4cc081 100644
--- a/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml
+++ b/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml
@@ -18,9 +18,13 @@ server.host: "0"
server.port: {{.Values.service.externalPort}}
server.ssl.enabled: {{.Values.config.sslEnabled}}
+{{- if .Values.global.aafEnabled }}
+server.ssl.certificate: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }}
+server.ssl.key: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }}
+{{ else }}
server.ssl.certificate: {{.Values.config.sslPemCertFilePath}}
server.ssl.key: {{.Values.config.sslPemkeyFilePath}}
-
+{{- end }}
# The URL of the Elasticsearch instance to use for all your queries.
elasticsearch.hosts: ${elasticsearch_base_url}
diff --git a/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml
index 0e5f65cabb..d9a3035123 100644
--- a/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml
+++ b/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml
@@ -49,6 +49,7 @@ spec:
image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -73,7 +74,7 @@ spec:
env:
- name: elasticsearch_base_url
value: "{{ternary "https" "http" .Values.security.ssl.enabled}}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}"
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -90,7 +91,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml
index 0cd8cfbd36..e5d7174e85 100644
--- a/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml
+++ b/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2020 Samsung, Orange
+{{/* # Copyright © 2020 Samsung, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -11,5 +11,6 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.ingress" . }}
diff --git a/kubernetes/clamp/components/clamp-dash-kibana/values.yaml b/kubernetes/clamp/components/clamp-dash-kibana/values.yaml
index 11f29570bd..37dae0ffb1 100644
--- a/kubernetes/clamp/components/clamp-dash-kibana/values.yaml
+++ b/kubernetes/clamp/components/clamp-dash-kibana/values.yaml
@@ -21,6 +21,44 @@ global:
repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
readinessImage: onap/oom/readiness:3.0.1
persistence: {}
+ centralizedLoggingEnabled: true
+ #AAF service
+ aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ permission_user: 1000
+ permission_group: 999
+ addconfig: true
+ keystoreFile: "org.onap.clamp.p12"
+ truststoreFile: "org.onap.clamp.trust.jks"
+ keyFile: "org.onap.clamp.keyfile"
+ truststoreFileONAP: "truststoreONAPall.jks"
+ clamp_key: "org.onap.clamp.crt.key"
+ clamp_pem: "org.onap.clamp.key.pem"
+ clamp_ca_certs_pem: "clamp-ca-certs.pem"
+ nameOverride: clamp-kibana-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: clamp
+ fqi: clamp@clamp.onap.org
+ public_fqdn: clamp.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+ cd {{ .Values.credsPath }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+ chmod a+rx *;
+
flavor: small
#################################################################
@@ -33,7 +71,7 @@ busyboxImage: library/busybox:latest
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-kibana:5.0.3
+image: onap/clamp-dashboard-kibana:5.0.4
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml b/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml
index caff1e5dc4..317d5b5d79 100644
--- a/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml
+++ b/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml
@@ -17,3 +17,6 @@ dependencies:
- name: common
version: ~6.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local' \ No newline at end of file
diff --git a/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf
index c005fcca3e..87c8f06e42 100644
--- a/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf
+++ b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf
@@ -46,7 +46,11 @@ input {
request_timeout => 30
schedule => { "every" => "1m" }
codec => "plain"
+{{- if .Values.global.aafEnabled }}
+ cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
cacert => "/certs.d/aafca.pem"
+{{- end }}
}
}
@@ -217,8 +221,13 @@ output {
if "error" in [tags] {
elasticsearch {
+ ilm_enabled => false
codec => "json"
+{{- if .Values.global.aafEnabled }}
+ cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
cacert => "/clamp-cert/ca-certs.pem"
+{{- end }}
ssl_certificate_verification => false
hosts => ["${elasticsearch_base_url}"]
user => ["${logstash_user}"]
@@ -229,9 +238,14 @@ output {
} else if "event-cl-aggs" in [tags] {
elasticsearch {
+ ilm_enabled => false
codec => "json"
hosts => ["${elasticsearch_base_url}"]
+{{- if .Values.global.aafEnabled }}
+ cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
cacert => "/clamp-cert/ca-certs.pem"
+{{- end }}
ssl_certificate_verification => false
user => ["${logstash_user}"]
password => ["${logstash_pwd}"]
@@ -243,9 +257,14 @@ output {
} else {
elasticsearch {
+ ilm_enabled => false
codec => "json"
hosts => ["${elasticsearch_base_url}"]
+{{- if .Values.global.aafEnabled }}
+ cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
cacert => "/clamp-cert/ca-certs.pem"
+{{- end }}
ssl_certificate_verification => false
user => ["${logstash_user}"]
password => ["${logstash_pwd}"]
diff --git a/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml
index acd108d2cf..887f722179 100644
--- a/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml
+++ b/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml
@@ -49,6 +49,7 @@ spec:
image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -91,7 +92,7 @@ spec:
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
{{ end -}}
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -111,7 +112,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/clamp/components/clamp-dash-logstash/values.yaml b/kubernetes/clamp/components/clamp-dash-logstash/values.yaml
index c2a522b1c8..2b3c9f1712 100644
--- a/kubernetes/clamp/components/clamp-dash-logstash/values.yaml
+++ b/kubernetes/clamp/components/clamp-dash-logstash/values.yaml
@@ -21,6 +21,44 @@ global:
repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
readinessImage: onap/oom/readiness:3.0.1
persistence: {}
+ centralizedLoggingEnabled: true
+ #AAF service
+ aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ permission_user: 1000
+ permission_group: 999
+ addconfig: true
+ keystoreFile: "org.onap.clamp.p12"
+ truststoreFile: "org.onap.clamp.trust.jks"
+ keyFile: "org.onap.clamp.keyfile"
+ truststoreFileONAP: "truststoreONAPall.jks"
+ clamp_key: "org.onap.clamp.crt.key"
+ clamp_pem: "org.onap.clamp.key.pem"
+ clamp_ca_certs_pem: "clamp-ca-certs.pem"
+ nameOverride: clamp-logstash-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: clamp
+ fqi: clamp@clamp.onap.org
+ public_fqdn: clamp.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+ cd {{ .Values.credsPath }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+ chmod a+rx *;
+
flavor: small
#################################################################
@@ -29,7 +67,7 @@ flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-logstash:5.0.3
+image: onap/clamp-dashboard-logstash:5.0.4
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml
index d180fbf729..7a7609955e 100644
--- a/kubernetes/clamp/values.yaml
+++ b/kubernetes/clamp/values.yaml
@@ -93,7 +93,7 @@ flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-frontend:5.1.0
+image: onap/clamp-frontend:5.1.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/common/Makefile b/kubernetes/common/Makefile
index eb782b4fd8..0e923b7a75 100644
--- a/kubernetes/common/Makefile
+++ b/kubernetes/common/Makefile
@@ -22,7 +22,7 @@ COMMON_CHARTS_DIR := common
EXCLUDES :=
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-HELM_VER != helm version --template "{{.Version}}"
+HELM_VER := $(shell helm version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml
index 1a188355d0..f6feee6e06 100644
--- a/kubernetes/common/cmpv2Config/values.yaml
+++ b/kubernetes/common/cmpv2Config/values.yaml
@@ -14,7 +14,8 @@
global:
platform:
certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.0.0
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
+ secretName: oom-cert-service-client-tls-secret
envVariables:
# Certificate related
cmpv2Organization: "Linux-Foundation"
@@ -27,3 +28,6 @@ global:
requestTimeout: "30000"
keystorePassword: "secret"
truststorePassword: "secret"
+ certPostProcessor:
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.1.0
+
diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml
index cf88fe5c3f..6d1412ee39 100644
--- a/kubernetes/common/dgbuilder/values.yaml
+++ b/kubernetes/common/dgbuilder/values.yaml
@@ -83,7 +83,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-dgbuilder-image:0.7.4
+image: onap/ccsdk-dgbuilder-image:1.0.1
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/common/elasticsearch/components/data/values.yaml b/kubernetes/common/elasticsearch/components/data/values.yaml
index 5624bee78b..a9e3d78ac1 100644
--- a/kubernetes/common/elasticsearch/components/data/values.yaml
+++ b/kubernetes/common/elasticsearch/components/data/values.yaml
@@ -46,7 +46,7 @@ service:
- name: http-transport
port: 9300
-image: bitnami/elasticsearch:6.8.6-debian-9-r23
+image: bitnami/elasticsearch:7.6.1
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
diff --git a/kubernetes/common/elasticsearch/components/master/values.yaml b/kubernetes/common/elasticsearch/components/master/values.yaml
index 22c4987a98..23302335ea 100644
--- a/kubernetes/common/elasticsearch/components/master/values.yaml
+++ b/kubernetes/common/elasticsearch/components/master/values.yaml
@@ -43,7 +43,7 @@ replicaCount: 3
## master acts as master only node, choose 'no' if no further data nodes are deployed)
dedicatednode: "yes"
## dedicatednode: "no"
-image: bitnami/elasticsearch:6.8.6-debian-9-r23
+image: bitnami/elasticsearch:7.6.1
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
diff --git a/kubernetes/common/elasticsearch/values.yaml b/kubernetes/common/elasticsearch/values.yaml
index e6e532d168..31edcabfa1 100644
--- a/kubernetes/common/elasticsearch/values.yaml
+++ b/kubernetes/common/elasticsearch/values.yaml
@@ -40,7 +40,7 @@ sysctlImage:
enabled: true
# application image
-image: bitnami/elasticsearch:6.8.6-debian-9-r23
+image: bitnami/elasticsearch:7.6.1
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
diff --git a/kubernetes/common/mongo/templates/statefulset.yaml b/kubernetes/common/mongo/templates/statefulset.yaml
index abc71b3133..df922ed004 100644
--- a/kubernetes/common/mongo/templates/statefulset.yaml
+++ b/kubernetes/common/mongo/templates/statefulset.yaml
@@ -71,8 +71,7 @@ spec:
volumeMounts:
- name: {{ include "common.fullname" . }}-data
mountPath: /var/lib/mongo
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{ include "common.containerSecurityContext" . | indent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector:
diff --git a/kubernetes/common/mongo/values.yaml b/kubernetes/common/mongo/values.yaml
index d8988c3ae7..b21b0bf758 100644
--- a/kubernetes/common/mongo/values.yaml
+++ b/kubernetes/common/mongo/values.yaml
@@ -90,7 +90,6 @@ securityContext:
ingress:
enabled: false
-resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
@@ -101,13 +100,22 @@ resources: {}
# ref: http://kubernetes.io/docs/user-guide/compute-resources/
# Minimum memory for development is 2 CPU cores and 4GB memory
# Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
+resources:
+ small:
+ limits:
+ cpu: 100m
+ memory: 200Mi
+ requests:
+ cpu: 10m
+ memory: 50Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ unlimited: {}
sdnctlPrefix: mongo
diff --git a/kubernetes/contrib/components/awx/charts/awx/templates/job.yaml b/kubernetes/contrib/components/awx/charts/awx/templates/job.yaml
index 4d80c9e448..74c02bcd5f 100644
--- a/kubernetes/contrib/components/awx/charts/awx/templates/job.yaml
+++ b/kubernetes/contrib/components/awx/charts/awx/templates/job.yaml
@@ -37,7 +37,7 @@ spec:
restartPolicy: Never
initContainers:
- name: {{ include "common.name" . }}-init-readiness
- image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /app/ready.py
@@ -122,4 +122,4 @@ spec:
name: {{ include "common.fullname" . }}-rabbitmq
name: rabbitmq-config
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key" \ No newline at end of file
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/contrib/components/awx/charts/awx/templates/statefulset.yaml b/kubernetes/contrib/components/awx/charts/awx/templates/statefulset.yaml
index cfc517660a..6023bb4fdb 100644
--- a/kubernetes/contrib/components/awx/charts/awx/templates/statefulset.yaml
+++ b/kubernetes/contrib/components/awx/charts/awx/templates/statefulset.yaml
@@ -44,7 +44,7 @@ spec:
initContainers:
- name: {{ include "common.name" . }}-init-readiness
- image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /app/ready.py
@@ -210,4 +210,4 @@ spec:
name: {{ include "common.fullname" . }}-rabbitmq
name: rabbitmq-config
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key" \ No newline at end of file
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/contrib/components/awx/values.yaml b/kubernetes/contrib/components/awx/values.yaml
index bf862b6b63..1ed35c2c23 100755
--- a/kubernetes/contrib/components/awx/values.yaml
+++ b/kubernetes/contrib/components/awx/values.yaml
@@ -16,6 +16,7 @@
# Global configuration defaults.
#################################################################
global:
+ readinessRepository: nexus3.onap.org:10001
nodePortPrefixExt: 304
commonConfigPrefix: awx
readinessImage: onap/oom/readiness:3.0.1
diff --git a/kubernetes/contrib/components/ejbca/values.yaml b/kubernetes/contrib/components/ejbca/values.yaml
index 060dcd98a7..1a9a34bcd1 100644
--- a/kubernetes/contrib/components/ejbca/values.yaml
+++ b/kubernetes/contrib/components/ejbca/values.yaml
@@ -37,6 +37,7 @@ secrets:
password: '{{ .Values.config.ejbca.clientIak }}'
# application configuration
+repository: nexus3.onap.org:10001
config:
db:
userName: ejbca
diff --git a/kubernetes/contrib/components/netbox/charts/netbox-app/templates/job.yaml b/kubernetes/contrib/components/netbox/charts/netbox-app/templates/job.yaml
index 2c4e668699..a1b8cf1aae 100644
--- a/kubernetes/contrib/components/netbox/charts/netbox-app/templates/job.yaml
+++ b/kubernetes/contrib/components/netbox/charts/netbox-app/templates/job.yaml
@@ -33,7 +33,7 @@ spec:
restartPolicy: Never
initContainers:
- name: {{ include "common.name" . }}-init-readiness
- image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /app/ready.py
diff --git a/kubernetes/contrib/components/netbox/values.yaml b/kubernetes/contrib/components/netbox/values.yaml
index 0749d2d948..5dc4535ca3 100755
--- a/kubernetes/contrib/components/netbox/values.yaml
+++ b/kubernetes/contrib/components/netbox/values.yaml
@@ -16,6 +16,7 @@
# Global configuration defaults.
#################################################################
global:
+ readinessRepository: nexus3.onap.org:10001
nodePortPrefixExt: 304
commonConfigPrefix: netbox
readinessImage: onap/oom/readiness:3.0.1
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json
index 3979dd2407..d0413192c8 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json
@@ -49,8 +49,12 @@
"state": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2State }}",
"organizational_unit": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2OrganizationalUnit }}",
"location": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Location }}",
+ "cert_secret_name": "{{ .Values.cmpv2Config.global.platform.certServiceClient.secretName }}",
"keystore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.keystorePassword }}",
"truststore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.truststorePassword }}"
+ },
+ "truststore_merger":
+ {
+ "image_tag": "{{ .Values.global.tlsRepository }}/{{ .Values.cmpv2Config.global.platform.certPostProcessor.image }}"
}
}
-
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml
index a0cbbbdba2..f571affec0 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml
@@ -1,6 +1,7 @@
#============LICENSE_START========================================================
#=================================================================================
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2020 Nokia. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -19,4 +20,9 @@
tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.hv_ves }}
{{ end }}
use_tls: true
-security_ssl_disable: false \ No newline at end of file
+security_ssl_disable: false
+external_cert_ca_name: "RA"
+external_cert_common_name: "dcae-hv-ves-collector"
+external_cert_sans: "dcae-hv-ves-collector:hv-ves-collector:hv-ves"
+external_cert_cert_type: "JKS"
+external_cert_use_external_tls: false
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml
index 5074cb8a7f..02e4dd68fd 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml
@@ -19,4 +19,4 @@
tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.tcagen2 }}
{{ end }}
tca_handle_in_subscribe_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/"
-tca_handle_out_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.TCAGEN2_OUTPUT/"
+tca_handle_out_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.DCAE_CL_OUTPUT/"
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml
index 5a2a595ca6..4ff23b7b2d 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml
@@ -30,4 +30,13 @@ ves_fault_publish_url: "http://{{ .Values.config.address.message_router }}:3904/
ves_measurement_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/"
ves_pnfRegistration_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_PNFREG_OUTPUT/"
ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/"
+ves_3gpp_fault_supervision_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT/"
+ves_3gpp_provisioning_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT/"
+ves_3gpp_hearbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT/"
+ves_3gpp_performance_assurance_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT/"
user_list: "sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6|demouser,$2a$10$1cc.COcqV/d3iT2N7BjPG.S6ZKv2jpb9a5MV.o7lMih/GpjJRX.Ce"
+external_cert_ca_name: "RA"
+external_cert_common_name: "dcae-ves-collector"
+external_cert_sans: "dcae-ves-collector:ves-collector:ves"
+external_cert_cert_type: "JKS"
+external_cert_use_external_tls: false
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml
index dda75dd874..0cbe71a224 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml
@@ -31,3 +31,7 @@ ves_fault_publish_url: "http://{{ .Values.config.address.message_router }}:3904/
ves_measurement_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/"
ves_pnfRegistration_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_PNFREG_OUTPUT/"
ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/"
+ves_3gpp_fault_supervision_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT/"
+ves_3gpp_provisioning_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT/"
+ves_3gpp_hearbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT/"
+ves_3gpp_performance_assurance_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT/" \ No newline at end of file
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml
index afacc26733..4d10bcc0c9 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml
@@ -1,6 +1,6 @@
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -128,10 +128,7 @@ spec:
- name: CMADDR
value: {{ .Values.config.address.cm.host }}
- name: CMPASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.name" . }}-cmpass
- key: password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14}}
- name: CMPROTO
value: {{ .Values.config.address.cm.proto }}
- name: CMPORT
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml
index 44395e48e8..6489659d86 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml
@@ -1,6 +1,6 @@
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -16,18 +16,4 @@
# limitations under the License.
# ============LICENSE_END=========================================================
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.name" . }}-cmpass
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- password: YWRtaW4=
----
{{ include "common.secretFast" . }}
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
index 367014d551..f35a6863d4 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
@@ -36,6 +36,10 @@ secrets:
externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "dcae-bootstrap-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
password: '{{ .Values.postgres.config.pgRootpassword }}'
policy: generate
+ - uid: 'cm-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.cloudifyManagerPassword }}'
config:
logstashServiceName: log-ls
@@ -104,7 +108,7 @@ mongo:
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.0.4
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.1.6
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
@@ -113,10 +117,10 @@ componentImages:
holmes_rules: onap/holmes/rule-management:1.2.7
holmes_engine: onap/holmes/engine-management:1.2.6
tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.2.0
- ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.3
+ ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.6
snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
- prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.2
- hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.4.0
+ prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.4
+ hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.5.0
# Resource Limit flavor -By Default using small
flavor: small
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml
index 539d202c0f..428c7816cd 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml
@@ -1,7 +1,8 @@
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Copyright (c) 2020 J. F. Lucas. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -68,7 +69,6 @@ spec:
- {{ include "common.namespace" . }}
- --configmap
- {{ .Values.multisiteConfigMapName }}
- restartPolicy: Never
- name: init-tls
env:
- name: POD_IP
@@ -116,6 +116,7 @@ spec:
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
{{ end }}
readinessProbe:
exec:
@@ -123,6 +124,7 @@ spec:
- /scripts/readiness-check.sh
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
volumeMounts:
- mountPath: /opt/onap/config.txt
subPath: config.txt
@@ -144,6 +146,9 @@ spec:
name: cm-persistent
- mountPath: /opt/onap/certs
name: tls-info
+ - mountPath: /opt/onap/cm-secrets
+ name: cm-secrets
+ readOnly: true
securityContext:
privileged: True
volumes:
@@ -171,5 +176,8 @@ spec:
{{- end }}
- emptyDir: {}
name: tls-info
+ - name: cm-secrets
+ secret:
+ secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "cm-pass") }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml
index 57cbe89cc1..960ec786b2 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml
@@ -1,3 +1,4 @@
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
@@ -15,7 +16,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
-
+*/}}
{{ if .Values.dcae_ns}}
# Create the namespace
apiVersion: v1
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml
index dee9200eff..876b971db1 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml
@@ -41,3 +41,5 @@ metadata:
annotations:
kubernetes.io/service-account.name: default
type: kubernetes.io/service-account-token
+---
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
index a727b1a41b..bb2987881c 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
@@ -1,7 +1,8 @@
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Copyright (c) 2020 J. F. Lucas. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -31,7 +32,15 @@ global:
user: docker
password: docker
+secrets:
+ - uid: 'cm-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.cloudifyManagerPassword }}'
+ policy: required
+
config:
+ cloudifyManagerPassword: "override me"
logstashServiceName: log-ls
logstashPort: 5044
# Addresses of other ONAP entities
@@ -45,7 +54,7 @@ config:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.cm-container:3.1.0
+image: onap/org.onap.dcaegen2.deployments.cm-container:3.3.4
pullPolicy: Always
# name of shared ConfigMap with kubeconfig for multiple clusters
@@ -61,6 +70,7 @@ cleanupImage: onap/org.onap.dcaegen2.deployments.dcae-k8s-cleanup-container:1.0.
liveness:
initialDelaySeconds: 10
periodSeconds: 10
+ timeoutSeconds: 5
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
# liveness not desirable for Cloudify Manager container
@@ -68,7 +78,13 @@ liveness:
readiness:
initialDelaySeconds: 60
- periodSeconds: 10
+ # In some environments we see CM coming up
+ # properly but readiness probe timing out.
+ # Increasing the timeout and adjusting the
+ # period so it's longer than the timeout.
+ # (DCAEGEN2-2465)
+ periodSeconds: 30
+ timeoutSeconds: 10
service:
type: ClusterIP
@@ -79,21 +95,23 @@ service:
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
+# Due to memory issues in ONAP integration environment,
+# we've increased the memory amounts for both flavors.
resources:
small:
limits:
cpu: 2
- memory: 2Gi
+ memory: 4Gi
requests:
cpu: 1
- memory: 1Gi
+ memory: 2Gi
large:
limits:
cpu: 4
- memory: 4Gi
+ memory: 8Gi
requests:
cpu: 2
- memory: 2Gi
+ memory: 4Gi
unlimited: {}
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml
index 299e3ef878..e0e45c457a 100644
--- a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml
@@ -89,7 +89,7 @@ spec:
port: {{ .Values.service.secure.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
+ {{ end }}
readinessProbe:
httpGet:
scheme: "HTTPS"
@@ -139,7 +139,7 @@ spec:
port: {{ .Values.service.insecure.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
+ {{ end }}
readinessProbe:
httpGet:
scheme: "HTTP"
diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml
index 0d3082819f..a7be74a7ad 100644
--- a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml
@@ -44,7 +44,7 @@ config:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.configbinding:2.5.2
+image: onap/org.onap.dcaegen2.platform.configbinding:2.5.3
pullPolicy: Always
# probe configuration parameters
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
index e46901bc94..404927cda8 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
@@ -1,6 +1,6 @@
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -105,7 +105,7 @@ spec:
successThreshold: 1
timeoutSeconds: 1
volumeMounts:
- - mountPath: /usr/local/share/ca-certificates/
+ - mountPath: /opt/app/osaaf/
name: tls-info
- mountPath: /opt/logs/dcae/dashboard
name: component-log
@@ -119,7 +119,7 @@ spec:
- name: postgres_port
value: "{{ .Values.postgres.config.pgPort }}"
- name: cloudify_password
- value: admin
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }}
- name: dhandler_url
value: {{ .Values.config.dhandler_url }}
- name: cfy_url
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml
index b143034d8f..34932b713d 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml
@@ -1,16 +1,17 @@
{{/*
# Copyright © 2020 Samsung Electronics
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
*/}}
+
{{ include "common.secretFast" . }}
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
index 884a753ff8..a86a1eed49 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
@@ -34,8 +34,14 @@ secrets:
login: '{{ .Values.postgres.config.pgUserName }}'
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
+ - uid: 'cm-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.cloudifyManagerPassword }}'
+ policy: required
config:
+ cloudifyManagerPassword: "override me"
logstashServiceName: log-ls
logstashPort: 5044
dhandler_url: https://deployment-handler:8443
@@ -52,7 +58,7 @@ config:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.3.2
+image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.4.0
pullPolicy: Always
# probe configuration parameters
diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml
index 1a28bc45c0..88ec5cbe66 100755
--- a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml
@@ -1,6 +1,6 @@
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2020 Nokia
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -124,7 +124,7 @@ spec:
- name: CLOUDIFY_USER
value: admin
- name: CLOUDIFY_PASSWORD
- value: admin
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }}
- name: CONFIG_BINDING_SERVICE
value: config-binding-service
- name: NODE_EXTRA_CA_CERTS
diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/secrets.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/secrets.yaml
new file mode 100644
index 0000000000..34932b713d
--- /dev/null
+++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/secrets.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml
index fd705499d0..7e340db628 100644
--- a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml
@@ -31,7 +31,15 @@ global:
user: docker
password: docker
+secrets:
+ - uid: 'cm-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.cloudifyManagerPassword }}'
+ policy: required
+
config:
+ cloudifyManagerPassword: "override me"
logstashServiceName: log-ls
logstashPort: 5044
# Addresses of other ONAP entities
@@ -45,7 +53,7 @@ config:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.deployment-handler:4.3.0
+image: onap/org.onap.dcaegen2.platform.deployment-handler:4.4.1
pullPolicy: Always
# probe configuration parameters
diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml
index ee2c03e237..3fec537716 100644
--- a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml
@@ -53,7 +53,7 @@ config:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.inventory-api:3.4.1
+image: onap/org.onap.dcaegen2.platform.inventory-api:3.5.1
pullPolicy: Always
diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml
index a29e334a25..61084fa26c 100644
--- a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml
@@ -1,6 +1,6 @@
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -117,7 +117,7 @@ spec:
- name: CLOUDIFY_USER
value: admin
- name: CLOUDIFY_PASSWORD
- value: admin
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }}
- name: CONFIG_BINDING_SERVICE
value: config-binding-service
- name: POD_IP
diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/secrets.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/secrets.yaml
new file mode 100644
index 0000000000..34932b713d
--- /dev/null
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/secrets.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml
index 2d0930846f..4a587d82eb 100644
--- a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml
@@ -31,7 +31,15 @@ global:
user: docker
password: docker
+secrets:
+ - uid: 'cm-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.cloudifyManagerPassword }}'
+ policy: required
+
config:
+ cloudifyManagerPassword: "override me"
logstashServiceName: log-ls
logstashPort: 5044
# Addresses of other ONAP entities
diff --git a/kubernetes/dcaegen2/templates/secrets.yaml b/kubernetes/dcaegen2/templates/secrets.yaml
new file mode 100644
index 0000000000..34932b713d
--- /dev/null
+++ b/kubernetes/dcaegen2/templates/secrets.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml
index 939bd115a4..1918a8fea7 100644
--- a/kubernetes/dcaegen2/values.yaml
+++ b/kubernetes/dcaegen2/values.yaml
@@ -1,5 +1,6 @@
# Copyright © 2018 Amdocs, Bell Canada
# Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -25,22 +26,47 @@ global:
busyboxRepository: docker.io
busyboxImage: library/busybox:1.30
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+- name: &cmPassSecretName '{{ include "common.release" . }}-dcaegen2-cm-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.cloudifyManagerPassword }}'
+
+config: {}
+
+# To work around DCAEGEN2-2450, set password strength to "basic"
+# to ensure password contains only alphanumerics
+passwordStrengthOverride: basic
+
# Enable all DCAE components by default
dcae-bootstrap:
enabled: true
+ config:
+ cloudifyManagerPasswordExternalSecret: *cmPassSecretName
dcae-cloudify-manager:
enabled: true
+ config:
+ cloudifyManagerPasswordExternalSecret: *cmPassSecretName
dcae-config-binding-service:
enabled: true
dcae-dashboard:
enabled: true
+ config:
+ cloudifyManagerPasswordExternalSecret: *cmPassSecretName
dcae-deployment-handler:
enabled: true
+ config:
+ cloudifyManagerPasswordExternalSecret: *cmPassSecretName
dcae-healthcheck:
enabled: true
dcae-inventory-api:
enabled: true
dcae-policy-handler:
enabled: true
+ config:
+ cloudifyManagerPasswordExternalSecret: *cmPassSecretName
dcae-servicechange-handler:
enabled: true
diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml
index f373888ab8..c717ca3309 100644
--- a/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml
@@ -35,7 +35,7 @@ config:
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.distributorapi:1.0.1
+image: onap/org.onap.dcaegen2.platform.mod.distributorapi:1.1.0
service:
type: ClusterIP
diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml
index a83770ea45..161b3621a0 100644
--- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml
@@ -92,7 +92,7 @@ postgres:
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.2
+image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.3
# Resource Limit flavor -By Default using small
flavor: small
diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
index e2251e00fb..2d136c8324 100644
--- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
@@ -34,7 +34,7 @@ config:
#dashboardPassword: doesntmatter
mrTopicURL: http://message-router:3904/events
importCloudify: https://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml
- importK8S: plugin:k8splugin?version=3.3.0
+ importK8S: plugin:k8splugin?version=3.4.2
importPostgres: plugin:pgaas?version=1.3.0
importClamp: plugin:clamppolicyplugin?version=1.1.0
importDMaaP: plugin:dmaap?version=1.5.0
@@ -71,7 +71,7 @@ readiness:
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.6
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.1.1
# Resource Limit flavor -By Default using small
flavor: small
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
index 2b4b722bfb..1e08954b66 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
@@ -24,7 +24,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-node:2.1.6
+image: onap/dmaap/datarouter-node:2.1.7
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml
index c4ca4edc8b..d33cb297db 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml
@@ -15,7 +15,7 @@
apiVersion: v1
kind: Service
metadata:
- name: {{ .Values.global.dmaapDrProvName }}
+ name: {{ default "dmaap-dr-prov" .Values.global.dmaapDrProvName }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
index 1cf2e583d1..3d4febcde1 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
@@ -35,7 +35,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-prov:2.1.6
+image: onap/dmaap/datarouter-prov:2.1.7
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml
index fd4a67acfb..8a4caf6747 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml
@@ -40,29 +40,12 @@ spec:
prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }}
{{- end }}
spec:
- podAntiAffinity:
- {{if eq .Values.podAntiAffinityType "hard" -}}
- requiredDuringSchedulingIgnoredDuringExecution:
- {{- else -}}
- preferredDuringSchedulingIgnoredDuringExecution:
- {{- end}}
- - weight: 1
- podAffinityTerm:
- labelSelector:
- matchExpressions:
- - key: "app"
- operator: In
- values:
- - {{ include "common.name" . }}
- - key: "release"
- operator: In
- values:
- - {{ include "common.release" . }}
- topologyKey: "kubernetes.io/hostname"
{{- if .Values.nodeAffinity }}
nodeAffinity:
{{ toYaml .Values.nodeAffinity | indent 10 }}
{{- end }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
initContainers:
- name: {{ include "common.name" . }}-initcontainer
image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.ubuntuInitImage }}"
@@ -286,5 +269,3 @@ spec:
requests:
storage: {{ .Values.persistence.size | quote }}
{{ end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml
index 7c6334c76d..ad9e5319f4 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml
@@ -45,25 +45,12 @@ spec:
prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }}
{{- end }}
spec:
- podAntiAffinity:
- preferredDuringSchedulingIgnoredDuringExecution:
- - weight: 1
- podAffinityTerm:
- labelSelector:
- matchExpressions:
- - key: "app"
- operator: In
- values:
- - {{ include "common.name" . }}
- - key: "release"
- operator: In
- values:
- - {{ include "common.release" . }}
- topologyKey: "kubernetes.io/hostname"
{{- if .Values.nodeAffinity }}
nodeAffinity:
{{ toYaml .Values.nodeAffinity | indent 10 }}
{{- end }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
initContainers:
- name: {{ include "common.name" . }}-permission-fixer
command:
@@ -148,7 +135,7 @@ spec:
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
resources:
-{{ toYaml .Values.resources | indent 10 }}
+{{ include "common.resources" . | indent 10 }}
env:
- name : KAFKA_HEAP_OPTS
value: "{{ .Values.zkConfig.heapOptions }}"
@@ -234,5 +221,3 @@ spec:
requests:
storage: {{ .Values.persistence.size | quote }}
{{ end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/requirements.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/requirements.yaml
index 7fdc969094..7d89fefe8d 100644
--- a/kubernetes/modeling/charts/modeling-etsicatalog/requirements.yaml
+++ b/kubernetes/modeling/charts/modeling-etsicatalog/requirements.yaml
@@ -19,3 +19,11 @@ dependencies:
- name: mariadb-galera
version: ~6.x-0
repository: '@local'
+ condition: global.mariadbGalera.localCluster
+ - name: mariadb-init
+ version: ~6.x-0
+ repository: '@local'
+ condition: not global.mariadbGalera.localCluster
+ - name: readinessCheck
+ version: ~6.x-0
+ repository: '@local'
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml
index 91fa4830e2..52d675a39e 100644
--- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml
+++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml
@@ -39,8 +39,8 @@ spec:
- command:
- /app/ready.py
args:
- - --container-name
- - modeling-mariadb
+ - -j
+ - "{{ include "common.release" . }}-{{ include "common.name" . }}-config-job"
env:
- name: NAMESPACE
valueFrom:
@@ -49,7 +49,8 @@ spec:
fieldPath: metadata.namespace
image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+ name: {{ include "common.name" . }}-job-readiness
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for.msb ) | indent 6 | trim }}
- command:
- /bin/sh
- -c
@@ -62,11 +63,6 @@ spec:
mountPath: /service/modeling/etsicatalog/static
containers:
- name: {{ include "common.name" . }}
- command:
- - bash
- args:
- - -c
- - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
@@ -86,16 +82,20 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbProtocol }}"
- - name: SSL_ENABLED
- value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- - name: MYSQL_ADDR
- value: {{ (index .Values "mariadb-galera" "service" "name") }}:{{ (index .Values "mariadb-galera" "service" "internalPort") }}
- - name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12}}
+ value: "{{ .Values.config.msbProtocol }}://{{ .Values.config.msbServiceName }}:{{ .Values.config.msbPort }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.config.ssl_enabled }}"
+ - name: MSB_ENABLED
+ value: "{{ .Values.config.msb_enabled }}"
+ - name: DB_IP
+ value: "{{ include "common.mariadbService" . }}"
+ - name: DB_PORT
+ value: "{{ include "common.mariadbPort" . }}"
+ - name: DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-db-secret" "key" "login") | indent 12 }}
+ - name: DB_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-db-secret" "key" "password") | indent 12 }}
volumeMounts:
- name: {{ include "common.fullname" . }}-etsicatalog
mountPath: /service/modeling/etsicatalog/static
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml
index b0cc27bd8d..8bfebf1679 100644
--- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml
+++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml
@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Samsung Electronics
+{{/*# Copyright (c) 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -11,5 +11,6 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml
index 61aefa570c..4dbace3c0c 100644
--- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml
+++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml
@@ -30,7 +30,7 @@ metadata:
"url": "/api/parser/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
- "enable_ssl": {{ .Values.global.config.ssl_enabled }},
+ "enable_ssl": {{ .Values.config.ssl_enabled }},
"visualRange":"1"
},
{
@@ -39,7 +39,7 @@ metadata:
"url": "/api/catalog/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
- "enable_ssl": {{ .Values.global.config.ssl_enabled }},
+ "enable_ssl": {{ .Values.config.ssl_enabled }},
"visualRange":"1"
},
{
@@ -48,7 +48,7 @@ metadata:
"url": "/api/nsd/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
- "enable_ssl": {{ .Values.global.config.ssl_enabled }},
+ "enable_ssl": {{ .Values.config.ssl_enabled }},
"visualRange":"1"
},
{
@@ -57,7 +57,7 @@ metadata:
"url": "/api/vnfpkgm/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
- "enable_ssl": {{ .Values.global.config.ssl_enabled }},
+ "enable_ssl": {{ .Values.config.ssl_enabled }},
"visualRange":"1"
}
]'
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml
index d4719dad5f..9bc8aa0433 100644
--- a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml
+++ b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml
@@ -21,29 +21,43 @@ global:
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
- config:
- ssl_enabled: false
- msbProtocol: https
- msbServiceName: msb-iag
- msbPort: 443
-
persistence:
mountPath: /dockerdata-nfs
+ mariadbGalera:
+ #This flag allows Modeling to instantiate its own mariadb-galera cluster
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
+readinessCheck:
+ wait_for:
+ msb:
+ name: msb
+ containers:
+ - msb-iag
+
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- - uid: "db-root-pass"
- externalSecret: '{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}'
- type: password
+ - uid: modeling-db-secret
+ name: &dbSecretName '{{ include "common.release" . }}-modeling-db-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.userName }}'
+ password: '{{ .Values.config.db.userPassword }}'
#################################################################
# Dependencies configuration
#################################################################
mariadb-galera:
- nameOverride: modeling-mariadb
+ config: &mariadbConfig
+ userCredentialsExternalSecret: *dbSecretName
+ mysqlDatabase: etsicatalog
+ nameOverride: modeling-db
service:
name: modeling-db
portName: modeling-db
@@ -54,14 +68,32 @@ mariadb-galera:
enabled: true
disableNfsProvisioner: true
+mariadb-init:
+ config: *mariadbConfig
+ # nameOverride should be the same with common.name
+ nameOverride: modeling-etsicatalog
+
#################################################################
# Application configuration defaults.
#################################################################
+config:
+ #application configuration about msb
+ ssl_enabled: false
+ msbProtocol: https
+ msbServiceName: msb-iag
+ msbPort: 443
+ msb_enabled: true
+ #application configuration user password about mariadb
+ db:
+ userName: etsicatalog
+ # userPassword: password
+ # userCredentialsExternalSecret: some-secret
+
# application image
flavor: small
repository: nexus3.onap.org:10001
-image: onap/modeling/etsicatalog:1.0.6
+image: onap/modeling/etsicatalog:1.0.7
initImage: busybox:latest
pullPolicy: Always
diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml
index 631cb7cba8..febb8a9624 100644
--- a/kubernetes/nbi/templates/deployment.yaml
+++ b/kubernetes/nbi/templates/deployment.yaml
@@ -51,7 +51,7 @@ spec:
# so K8s doesn't restart unresponsive container
{{- if .Values.global.aafEnabled }}
command:
- - bash
+ - sh
args:
- -c
- |
diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml
index 1fc1600374..0f3fd1a352 100644
--- a/kubernetes/nbi/values.yaml
+++ b/kubernetes/nbi/values.yaml
@@ -71,7 +71,7 @@ subChartsOnly:
# application image
repository: nexus3.onap.org:10001
-image: onap/externalapi/nbi:7.0.0
+image: onap/externalapi/nbi:7.0.2
pullPolicy: IfNotPresent
sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU=
aai_authorization: Basic QUFJOkFBSQ==
diff --git a/kubernetes/onap/templates/clusterrolebinding.yaml b/kubernetes/onap/templates/clusterrolebinding.yaml
index 2367143b11..c2f48d9ba8 100644
--- a/kubernetes/onap/templates/clusterrolebinding.yaml
+++ b/kubernetes/onap/templates/clusterrolebinding.yaml
@@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "common.namespace" . }}-binding
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index e699581727..3413c3840e 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -106,8 +106,8 @@ global:
ingress:
enabled: false
virtualhost:
- enabled: true
- baseurl: "simpledemo.onap.org"
+ enabled: true
+ baseurl: "simpledemo.onap.org"
# Global Service Mesh configuration
# POC Mode, don't use it in production
@@ -125,7 +125,7 @@ global:
cmpv2Enabled: true
platform:
certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.0.0
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
secret:
name: oom-cert-service-client-tls-secret
mountPath: /etc/onap/oom/certservice/certs/
@@ -141,6 +141,7 @@ global:
requestURL: "https://oom-cert-service:8443/v1/certificate/"
requestTimeout: "30000"
keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks"
+ outputType: "P12"
keystorePassword: "secret"
truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks"
truststorePassword: "secret"
@@ -156,13 +157,12 @@ global:
# default
centralizedLoggingEnabled: &centralizedLogging false
-
-# Example of specific for the components where you want to disable TLS only for
-# it:
-# if set this element will force or not tls even if global.serviceMesh.tls and
-# global.tlsEnabled is set otherwise.
-# robot:
-# tlsOverride: false
+ # Example of specific for the components where you want to disable TLS only for
+ # it:
+ # if set this element will force or not tls even if global.serviceMesh.tls and
+ # global.tlsEnabled is set otherwise.
+ # robot:
+ # tlsOverride: false
# Global storage configuration
# Set to "-" for default, or with the name of the storage class
diff --git a/kubernetes/oof/Makefile b/kubernetes/oof/Makefile
index 8af301d7ae..4628206e87 100644
--- a/kubernetes/oof/Makefile
+++ b/kubernetes/oof/Makefile
@@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES := dist resources templates charts docker
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@@ -39,7 +40,12 @@ lint-%: dep-%
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
+
@helm repo index $(PACKAGE_DIR)
clean:
diff --git a/kubernetes/oof/components/Makefile b/kubernetes/oof/components/Makefile
index 2fc0cbe4ab..02371366f6 100755
--- a/kubernetes/oof/components/Makefile
+++ b/kubernetes/oof/components/Makefile
@@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES :=
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@@ -39,7 +40,11 @@ lint-%: dep-%
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
@helm repo index $(PACKAGE_DIR)
clean:
diff --git a/kubernetes/oof/components/oof-cmso/Makefile b/kubernetes/oof/components/oof-cmso/Makefile
index 52df18adad..48cebe96e7 100644
--- a/kubernetes/oof/components/oof-cmso/Makefile
+++ b/kubernetes/oof/components/oof-cmso/Makefile
@@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES := dist resources templates charts docker
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@@ -39,7 +40,11 @@ lint-%: dep-%
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
@helm repo index $(PACKAGE_DIR)
clean:
diff --git a/kubernetes/oof/components/oof-cmso/components/Makefile b/kubernetes/oof/components/oof-cmso/components/Makefile
index 35be2140e1..f7a698d0ec 100755
--- a/kubernetes/oof/components/oof-cmso/components/Makefile
+++ b/kubernetes/oof/components/oof-cmso/components/Makefile
@@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES :=
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@@ -39,7 +40,11 @@ lint-%: dep-%
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
@helm repo index $(PACKAGE_DIR)
clean:
diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml
index e7be354153..6b04cdb0d9 100644
--- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml
@@ -25,12 +25,12 @@ subChartsOnly:
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-cmso-optimizer:2.2.0
+image: onap/optf-cmso-optimizer:2.3.0
pullPolicy: Always
#init container image
dbinit:
- image: onap/optf-cmso-dbinit:2.2.0
+ image: onap/optf-cmso-dbinit:2.3.0
# flag to enable debugging - application support required
debugEnabled: false
diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml
index 2906fb77c2..4f4503be62 100644
--- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml
@@ -25,13 +25,13 @@ subChartsOnly:
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-cmso-service:2.2.0
-robotimage: onap/optf-cmso-robot:2.2.0
+image: onap/optf-cmso-service:2.3.0
+robotimage: onap/optf-cmso-robot:2.3.0
pullPolicy: Always
#init container image
dbinit:
- image: onap/optf-cmso-dbinit:2.2.0
+ image: onap/optf-cmso-dbinit:2.3.0
# flag to enable debugging - application support required
debugEnabled: false
diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml
index 4920113b41..1c1ae7ab43 100644
--- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml
@@ -24,7 +24,7 @@ subChartsOnly:
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-cmso-ticketmgt:2.2.0
+image: onap/optf-cmso-ticketmgt:2.3.0
pullPolicy: Always
diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml
index a8911aa910..9d5cec1014 100644
--- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml
@@ -24,7 +24,7 @@ subChartsOnly:
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-cmso-topology:2.2.0
+image: onap/optf-cmso-topology:2.3.0
pullPolicy: Always
diff --git a/kubernetes/oof/components/oof-has/Makefile b/kubernetes/oof/components/oof-has/Makefile
index 52df18adad..48cebe96e7 100644
--- a/kubernetes/oof/components/oof-has/Makefile
+++ b/kubernetes/oof/components/oof-has/Makefile
@@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES := dist resources templates charts docker
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@@ -39,7 +40,11 @@ lint-%: dep-%
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
@helm repo index $(PACKAGE_DIR)
clean:
diff --git a/kubernetes/oof/components/oof-has/components/Makefile b/kubernetes/oof/components/oof-has/components/Makefile
index 35be2140e1..f7a698d0ec 100755
--- a/kubernetes/oof/components/oof-has/components/Makefile
+++ b/kubernetes/oof/components/oof-has/components/Makefile
@@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES :=
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@@ -39,7 +40,11 @@ lint-%: dep-%
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
@helm repo index $(PACKAGE_DIR)
clean:
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml
index c61be424fe..1538b47343 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml
@@ -93,7 +93,7 @@ spec:
image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/bin/bash","-c"]
- args: ["/usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port={{ .Values.uwsgi.internalPort }} --die-on-term --exit-on-reload --logto /var/log/conductor/conductor-uwsgi.log --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --logfile-chown --logfile-chmod 664 --protocol=uwsgi --socket 0.0.0.0:{{ .Values.uwsgi.internalPort }}"]
+ args: ["/usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port={{ .Values.uwsgi.internalPort }} --die-on-term --exit-on-reload --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --protocol=uwsgi --socket 0.0.0.0:{{ .Values.uwsgi.internalPort }}"]
ports:
- containerPort: {{ .Values.uwsgi.internalPort }}
# disable liveness probe when breakpoints set in debugger
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml
index 0cd8cfbd36..2afc5dad2a 100644
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2020 Samsung, Orange
+{{/*# Copyright © 2020 Samsung, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -11,5 +11,6 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.ingress" . }}
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
index 81c14afead..f19ecb61ee 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
@@ -16,7 +16,7 @@
global: # global defaults
nodePortPrefix: 302
image:
- optf_has: onap/optf-has:2.0.4
+ optf_has: onap/optf-has:2.1.1
service:
type: NodePort
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
index 83c3c43b40..5fa0f2408e 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
@@ -16,7 +16,7 @@ global:
readinessImage: onap/oom/readiness:3.0.1
repository: nexus3.onap.org:10001
image:
- optf_has: onap/optf-has:2.0.4
+ optf_has: onap/optf-has:2.1.1
ingress:
enabled: false
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
index 83c3c43b40..5fa0f2408e 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
@@ -16,7 +16,7 @@ global:
readinessImage: onap/oom/readiness:3.0.1
repository: nexus3.onap.org:10001
image:
- optf_has: onap/optf-has:2.0.4
+ optf_has: onap/optf-has:2.1.1
ingress:
enabled: false
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
index 83c3c43b40..5fa0f2408e 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
@@ -16,7 +16,7 @@ global:
readinessImage: onap/oom/readiness:3.0.1
repository: nexus3.onap.org:10001
image:
- optf_has: onap/optf-has:2.0.4
+ optf_has: onap/optf-has:2.1.1
ingress:
enabled: false
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
index 83c3c43b40..5fa0f2408e 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
@@ -16,7 +16,7 @@ global:
readinessImage: onap/oom/readiness:3.0.1
repository: nexus3.onap.org:10001
image:
- optf_has: onap/optf-has:2.0.4
+ optf_has: onap/optf-has:2.1.1
ingress:
enabled: false
diff --git a/kubernetes/oof/components/oof-has/resources/config/conductor.conf b/kubernetes/oof/components/oof-has/resources/config/conductor.conf
index 881ed22562..4c7228a301 100755
--- a/kubernetes/oof/components/oof-has/resources/config/conductor.conf
+++ b/kubernetes/oof/components/oof-has/resources/config/conductor.conf
@@ -327,6 +327,8 @@ concurrent = true
# Minimum value: 1
#max_translation_counter = 1
+# (string value)
+opt_schema_file = /opt/has/conductor/etc/conductor/opt_schema.json
[data]
@@ -361,7 +363,7 @@ concurrent = true
#
# Extensions list to use (list value)
-#extensions = aai
+extensions = aai,generator
[messaging_server]
diff --git a/kubernetes/oof/components/oof-has/resources/config/log.conf b/kubernetes/oof/components/oof-has/resources/config/log.conf
index c476d0b6c8..374d02abcd 100755
--- a/kubernetes/oof/components/oof-has/resources/config/log.conf
+++ b/kubernetes/oof/components/oof-has/resources/config/log.conf
@@ -1,5 +1,6 @@
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T,VMware
+# Modifications Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -25,7 +26,7 @@ handlers=trfhand,consoleHandler,audithand,metrichand,errhand,debughand
[handler_consoleHandler]
class=StreamHandler
-level=NOTSET
+level=INFO
formatter=generic
args=(sys.stdout,)
diff --git a/kubernetes/oof/components/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml
index 66780735db..c7799cdc02 100755
--- a/kubernetes/oof/components/oof-has/values.yaml
+++ b/kubernetes/oof/components/oof-has/values.yaml
@@ -23,7 +23,7 @@ global:
repository: nexus3.onap.org:10001
commonConfigPrefix: onap-oof-has
image:
- optf_has: onap/optf-has:2.0.4
+ optf_has: onap/optf-has:2.1.1
filebeat: docker.elastic.co/beats/filebeat:5.5.0
persistence:
enabled: true
diff --git a/kubernetes/oof/resources/config/common_config.yaml b/kubernetes/oof/resources/config/common_config.yaml
index a91c1d1d23..7e8fe5dc72 100644
--- a/kubernetes/oof/resources/config/common_config.yaml
+++ b/kubernetes/oof/resources/config/common_config.yaml
@@ -40,12 +40,11 @@ osdf_temp: # special configuration required for "workarounds" or testing
- vnfPolicy_vPGN_TD.json
- affinity_vFW_TD.json
- QueryPolicy_vFW_TD.json
-
- slice_selection_policy_dir_urllc_1: "./test/policy-local-files/"
- slice_selection_policy_files_urllc_1:
- - vnfPolicy_URLLC_Core_1.json
- - thresholdPolicy_URLLC_Core_1.json
- - subscriber_policy_URLLC_1.json
+ slice_selection_policy_dir_embb-nst: "./test/policy-local-files/slice-selection-files/"
+ slice_selection_policy_files_embb-nst:
+ - query_policy_nsi.json
+ - threshold_policy_nsi.json
+ - vnf_policy_nsi_shared_case.json
service_info:
vCPE:
@@ -65,6 +64,12 @@ references:
subscriber_role:
source: onap.policies.optimization.SubscriberPolicy
value: properties.properties.subscriberRole
+ resource_sharing_level:
+ source: request
+ value: serviceProfile.resourceSharingLevel
+ reuse_preference:
+ source: request
+ value: preferReuse
policy_info:
prioritization_attributes:
@@ -81,10 +86,19 @@ policy_info:
policy_scope:
-
scope:
- - OSDF_FRANKFURT
+ - get_param: resource_sharing_level
+ - get_param: reuse_preference
services:
- get_param: service_name
+ subnet_selection:
+ policy_fetch: by_scope
+ policy_scope:
+ - scope:
+ - OSDF_GUILIN
+ services:
+ - get_param: service_name
+
placement:
policy_fetch: by_scope
policy_scope:
@@ -103,3 +117,13 @@ policy_info:
default: # if no explicit service related information is needed
policy_fetch: by_name
policy_scope: none
+
+PCI:
+ ML:
+ average_ho_threshold: 10000
+ latest_ho_threshold: 500
+ DES:
+ service_id: ho_metric
+ filter:
+ interval: 10
+ ml_enabled: false
diff --git a/kubernetes/oof/resources/config/log.yml b/kubernetes/oof/resources/config/log.yml
new file mode 100644
index 0000000000..3966ea28c0
--- /dev/null
+++ b/kubernetes/oof/resources/config/log.yml
@@ -0,0 +1,101 @@
+version: 1
+disable_existing_loggers: True
+
+loggers:
+ error:
+ handlers: [error_handler, console_handler]
+ level: "WARN"
+ propagate: True
+ debug:
+ handlers: [debug_handler, console_handler]
+ level: "DEBUG"
+ propagate: True
+ metrics:
+ handlers: [metrics_handler, console_handler]
+ level: "INFO"
+ propagate: True
+ audit:
+ handlers: [audit_handler, console_handler]
+ level: "INFO"
+ propagate: True
+handlers:
+ debug_handler:
+ level: "DEBUG"
+ class: "logging.handlers.TimedRotatingFileHandler"
+ filename: "logs/debug.log"
+ formatter: "debugFormat"
+ when: midnight
+ interval: 1
+ utc: True
+ delay: False
+ backupCount: 10
+ error_handler:
+ level: "WARN"
+ class: "logging.handlers.TimedRotatingFileHandler"
+ filename: "logs/error.log"
+ formatter: "errorFormat"
+ when: midnight
+ interval: 1
+ utc: True
+ delay: False
+ backupCount: 10
+ metrics_handler:
+ level: "INFO"
+ class: "logging.handlers.TimedRotatingFileHandler"
+ filename: "logs/metrics.log"
+ formatter: "metricsFormat"
+ when: midnight
+ interval: 1
+ utc: True
+ delay: False
+ backupCount: 10
+ audit_handler:
+ level: "INFO"
+ class: "logging.handlers.TimedRotatingFileHandler"
+ filename: "logs/audit.log"
+ formatter: "auditFormat"
+ when: midnight
+ interval: 1
+ utc: True
+ delay: False
+ backupCount: 10
+ console_handler:
+ level: "DEBUG"
+ class: "logging.StreamHandler"
+ formatter: "metricsFormat"
+
+formatters:
+ standard:
+ format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
+ debugFormat:
+ format: "%(mdc)s"
+ datefmt: "%Y-%m-%dT%H:%M:%S"
+ mdcfmt: "%(asctime)s.%(msecs)03d+00:00|{requestID}|%(threadName)s|{server}|%(levelname)s|%(message)s"
+ (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+ errorFormat:
+ format: "%(mdc)s"
+ datefmt: "%Y-%m-%dT%H:%M:%S"
+ mdcfmt: "%(asctime)s.%(msecs)03d+00:00|{requestID}|%(threadName)s|{serviceName}|{partnerName}\
+ |{targetEntity}|{targetServiceName}|%(levelname)s|{errorCode}|{errorDescription}|%(message)s"
+ (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+ auditFormat:
+ format: "%(mdc)s"
+ datefmt: "%Y-%m-%dT%H:%M:%S"
+ mdcfmt: "{entryTimestamp}+00:00|%(asctime)s.%(msecs)03d+00:00|{requestID}|{serviceInstanceID}\
+ |%(threadName)s|{server}|{serviceName}|{partnerName}|{statusCode}|{responseCode}|{responseDescription}\
+ |{instanceUUID}|%(levelname)s|{severity}|{serverIPAddress}|{timer}|{server}|{IPAddress}||{unused}\
+ |{processKey}|{customField1}|{customField2}|{customField3}|{customField4}|%(message)s"
+ (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+ metricsFormat:
+ format: "%(mdc)s"
+ datefmt: "%Y-%m-%dT%H:%M:%S"
+ mdcfmt: "{entryTimestamp}+00:00|%(asctime)s.%(msecs)03d+00:00|{requestID}|{serviceInstanceID}\
+ |%(threadName)s|{server}|{serviceName}|{partnerName}|{targetEntity}|{targetServiceName}|{statusCode}|{responseCode}|{responseDescription}\
+ |{instanceUUID}|%(levelname)s|{severity}|{serverIPAddress}|{timer}|{server}|{IPAddress}||{unused}\
+ |{processKey}|{TargetVirtualEntity}|{customField1}|{customField2}|{customField3}|{customField4}|%(message)s"
+ (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+ mdcFormat:
+ format: "%(asctime)s.%(msecs)03d+00:00|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s"
+ mdcfmt: "{requestID} {invocationID} {serviceName} {serverIPAddress}"
+ (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+
diff --git a/kubernetes/oof/resources/config/osdf_config.yaml b/kubernetes/oof/resources/config/osdf_config.yaml
index b544c42e7a..5c9aa2bb64 100755
--- a/kubernetes/oof/resources/config/osdf_config.yaml
+++ b/kubernetes/oof/resources/config/osdf_config.yaml
@@ -48,5 +48,20 @@ configDbUrl: {{ .Values.config.configDbUrl }}
configDbGetCellListUrl: {{ .Values.config.configDbGetCellListUrl }}
configDbGetNbrListUrl: {{ .Values.config.configDbGetNbrListUrl }}
+# AAI api
+aaiUrl: {{ .Values.config.aaiUrl }}
+aaiGetLinksUrl: {{ .Values.config.aaiGetLinksUrl }}
+aaiServiceInstanceUrl : {{ .Values.config.aaiServiceInstanceUrl }}
+aaiGetControllersUrl: {{ .Values.config.aaiGetControllersUrl }}
+controllerQueryUrl: {{ .Values.config.controllerQueryUrl }}
+aaiGetInterDomainLinksUrl: {{ .Values.config.aaiGetInterDomainLinksUrl }}
+
+#DES api
+desUrl: {{ .Values.config.desUrl }}
+desApiPath: {{ .Values.config.desApiPath }}
+desHeaders:
+ Accept: application/json
+ Content-Type: application/json
+
#key
appkey: ''
diff --git a/kubernetes/oof/templates/deployment.yaml b/kubernetes/oof/templates/deployment.yaml
index 70eadd9d6c..76d1a62604 100644
--- a/kubernetes/oof/templates/deployment.yaml
+++ b/kubernetes/oof/templates/deployment.yaml
@@ -1,5 +1,6 @@
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T,VMware
+# Modifications Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -103,6 +104,9 @@ spec:
- mountPath: /opt/osdf/config/common_config.yaml
name: {{ include "common.fullname" . }}-config
subPath: common_config.yaml
+ - mountPath: /opt/osdf/config/log.yml
+ name: {{ include "common.fullname" . }}-config
+ subPath: log.yml
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -129,5 +133,7 @@ spec:
path: aaf_root_ca.cer
- key: common_config.yaml
path: common_config.yaml
+ - key: log.yml
+ path: log.yml
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml
index 97b5767a1f..0dc035494b 100644
--- a/kubernetes/oof/values.yaml
+++ b/kubernetes/oof/values.yaml
@@ -26,7 +26,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-osdf:2.0.4
+image: onap/optf-osdf:3.0.0
pullPolicy: Always
# flag to enable debugging - application support required
@@ -78,6 +78,17 @@ config:
configDbUrl: http://config.db.url:8080
configDbGetCellListUrl: 'SDNCConfigDBAPI/getCellList'
configDbGetNbrListUrl: 'SDNCConfigDBAPI/getNbrList'
+ #aai api
+ aaiUrl: https://aai:8443
+ aaiGetLinksUrl: /aai/v16/network/logical-links
+ aaiServiceInstanceUrl : /aai/v20/nodes/service-instances/service-instance/
+ aaiGetControllersUrl: /aai/v19/external-system/esr-thirdparty-sdnc-list
+ controllerQueryUrl: /aai/v19/query?format=resource
+ aaiGetInterDomainLinksUrl: /aai/v19/network/logical-links?link-type=inter-domain&operational-status=up
+ #des api
+ desUrl: https://des.url:9000
+ desApiPath: /datalake/v1/exposure/
+
# default number of instances
replicaCount: 1
nodeSelector: {}
diff --git a/kubernetes/platform/Makefile b/kubernetes/platform/Makefile
index 7a55c2ed59..d3fa8b70d1 100644
--- a/kubernetes/platform/Makefile
+++ b/kubernetes/platform/Makefile
@@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES := dist resources templates charts
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@@ -39,7 +40,11 @@ lint-%: dep-%
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
@helm repo index $(PACKAGE_DIR)
clean:
diff --git a/kubernetes/platform/components/Makefile b/kubernetes/platform/components/Makefile
index 27e17db9ff..cf69fa68be 100644
--- a/kubernetes/platform/components/Makefile
+++ b/kubernetes/platform/components/Makefile
@@ -20,6 +20,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES :=
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@@ -40,7 +41,11 @@ lint-%: dep-%
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
@helm repo index $(PACKAGE_DIR)
clean:
diff --git a/kubernetes/platform/components/oom-cert-service/Makefile b/kubernetes/platform/components/oom-cert-service/Makefile
new file mode 100644
index 0000000000..c4723dfdd1
--- /dev/null
+++ b/kubernetes/platform/components/oom-cert-service/Makefile
@@ -0,0 +1,148 @@
+CERTS_DIR = resources
+CURRENT_DIR := ${CURDIR}
+DOCKER_CONTAINER = generate-certs
+DOCKER_EXEC = docker exec ${DOCKER_CONTAINER}
+
+all: start_docker \
+ clear_all \
+ root_generate_keys \
+ root_create_certificate \
+ root_self_sign_certificate \
+ client_generate_keys \
+ client_generate_csr \
+ client_sign_certificate_by_root \
+ client_import_root_certificate \
+ client_convert_certificate_to_jks \
+ server_generate_keys \
+ server_generate_csr \
+ server_sign_certificate_by_root \
+ server_import_root_certificate \
+ server_convert_certificate_to_jks \
+ server_convert_certificate_to_p12 \
+ clear_unused_files \
+ stop_docker
+
+.PHONY: all
+
+# Starts docker container for generating certificates - deletes first, if already running
+start_docker:
+ @make stop_docker
+ docker run -d --rm --name ${DOCKER_CONTAINER} --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/certs -w /certs docker.io/openjdk:11-jre-slim tail -f /dev/null
+
+# Stops docker container for generating certificates. 'true' is used to return 0 status code, if container is already deleted
+stop_docker:
+ docker rm ${DOCKER_CONTAINER} -f 1>/dev/null || true
+
+#Clear all files related to certificates
+clear_all:
+ @make clear_existing_certificates
+ @make clear_unused_files
+
+#Clear certificates
+clear_existing_certificates:
+ @echo "Clear certificates"
+ ${DOCKER_EXEC} rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12
+ @echo "#####done#####"
+
+#Generate root private and public keys
+root_generate_keys:
+ @echo "Generate root private and public keys"
+ ${DOCKER_EXEC} keytool -genkeypair -v -alias root -keyalg RSA -keysize 4096 -validity 3650 -keystore root-keystore.jks \
+ -dname "CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL" -keypass secret \
+ -storepass secret -ext BasicConstraints:critical="ca:true"
+ @echo "#####done#####"
+
+#Export public key as certificate
+root_create_certificate:
+ @echo "(Export public key as certificate)"
+ ${DOCKER_EXEC} keytool -exportcert -alias root -keystore root-keystore.jks -storepass secret -file root.crt -rfc
+ @echo "#####done#####"
+
+#Self-signed root (import root certificate into truststore)
+root_self_sign_certificate:
+ @echo "(Self-signed root (import root certificate into truststore))"
+ ${DOCKER_EXEC} keytool -importcert -alias root -keystore truststore.jks -file root.crt -storepass secret -noprompt
+ @echo "#####done#####"
+
+#Generate certService's client private and public keys
+client_generate_keys:
+ @echo "Generate certService's client private and public keys"
+ ${DOCKER_EXEC} keytool -genkeypair -v -alias certServiceClient -keyalg RSA -keysize 2048 -validity 365 \
+ -keystore certServiceClient-keystore.jks -storetype JKS \
+ -dname "CN=certServiceClient.com,OU=certServiceClient company,O=certServiceClient org,L=Wroclaw,ST=Dolny Slask,C=PL" \
+ -keypass secret -storepass secret
+ @echo "####done####"
+
+#Generate certificate signing request for certService's client
+client_generate_csr:
+ @echo "Generate certificate signing request for certService's client"
+ ${DOCKER_EXEC} keytool -certreq -keystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -file certServiceClient.csr
+ @echo "####done####"
+
+#Sign certService's client certificate by root CA
+client_sign_certificate_by_root:
+ @echo "Sign certService's client certificate by root CA"
+ ${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceClient.csr \
+ -outfile certServiceClientByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth"
+ @echo "####done####"
+
+#Import root certificate into client
+client_import_root_certificate:
+ @echo "Import root certificate into intermediate"
+ ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceClientByRoot.crt"
+ @echo "####done####"
+
+#Import signed certificate into certService's client
+client_convert_certificate_to_jks:
+ @echo "Import signed certificate into certService's client"
+ ${DOCKER_EXEC} keytool -importcert -file certServiceClientByRoot.crt -destkeystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -noprompt
+ @echo "####done####"
+
+#Generate certService private and public keys
+server_generate_keys:
+ @echo "Generate certService private and public keys"
+ ${DOCKER_EXEC} keytool -genkeypair -v -alias oom-cert-service -keyalg RSA -keysize 2048 -validity 365 \
+ -keystore certServiceServer-keystore.jks -storetype JKS \
+ -dname "CN=oom-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \
+ -keypass secret -storepass secret -ext BasicConstraints:critical="ca:false"
+ @echo "####done####"
+
+#Generate certificate signing request for certService
+server_generate_csr:
+ @echo "Generate certificate signing request for certService"
+ ${DOCKER_EXEC} keytool -certreq -keystore certServiceServer-keystore.jks -alias oom-cert-service -storepass secret -file certServiceServer.csr
+ @echo "####done####"
+
+#Sign certService certificate by root CA
+server_sign_certificate_by_root:
+ @echo "Sign certService certificate by root CA"
+ ${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \
+ -outfile certServiceServerByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" \
+ -ext SubjectAlternativeName:="DNS:oom-cert-service,DNS:localhost"
+ @echo "####done####"
+
+#Import root certificate into server
+server_import_root_certificate:
+ @echo "Import root certificate into intermediate(server)"
+ ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceServerByRoot.crt"
+ @echo "####done####"
+
+#Import signed certificate into certService
+server_convert_certificate_to_jks:
+ @echo "Import signed certificate into certService"
+ ${DOCKER_EXEC} keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias oom-cert-service \
+ -storepass secret -noprompt
+ @echo "####done####"
+
+#Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)
+server_convert_certificate_to_p12:
+ @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)"
+ ${DOCKER_EXEC} keytool -importkeystore -srckeystore certServiceServer-keystore.jks -srcstorepass secret \
+ -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret
+ @echo "#####done#####"
+
+#Clear unused certificates
+clear_unused_files:
+ @echo "Clear unused certificates"
+ ${DOCKER_EXEC} rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr
+ @echo "#####done#####"
diff --git a/kubernetes/platform/components/oom-cert-service/resources/certServiceClient-keystore.jks b/kubernetes/platform/components/oom-cert-service/resources/certServiceClient-keystore.jks
deleted file mode 100644
index c089764466..0000000000
--- a/kubernetes/platform/components/oom-cert-service/resources/certServiceClient-keystore.jks
+++ /dev/null
Binary files differ
diff --git a/kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.jks b/kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.jks
deleted file mode 100644
index e3882b1357..0000000000
--- a/kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.jks
+++ /dev/null
Binary files differ
diff --git a/kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.p12 b/kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.p12
deleted file mode 100644
index ce9261146c..0000000000
--- a/kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.p12
+++ /dev/null
Binary files differ
diff --git a/kubernetes/platform/components/oom-cert-service/resources/root.crt b/kubernetes/platform/components/oom-cert-service/resources/root.crt
deleted file mode 100644
index 242e437f75..0000000000
--- a/kubernetes/platform/components/oom-cert-service/resources/root.crt
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFnjCCA4agAwIBAgIEHn8h9TANBgkqhkiG9w0BAQwFADB3MQswCQYDVQQGEwJV
-UzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuLUZyYW5jaXNjbzEZ
-MBcGA1UEChMQTGludXgtRm91bmRhdGlvbjENMAsGA1UECxMET05BUDERMA8GA1UE
-AxMIb25hcC5vcmcwHhcNMjAwODI3MDg1MjQ3WhcNMzAwODI1MDg1MjQ3WjB3MQsw
-CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuLUZy
-YW5jaXNjbzEZMBcGA1UEChMQTGludXgtRm91bmRhdGlvbjENMAsGA1UECxMET05B
-UDERMA8GA1UEAxMIb25hcC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
-AoICAQCOQ8TArFljhDu9EXKqAppV/eslelFAGG1NhDnh3PI6jK7qKKSTIcUpKPiG
-u9CagyNq4Y1dNt1LsP/KSDDkm6CGYW2z4E0Nm0ckcGc4izdoFDFhoXkrMoKvQxct
-az3YD1AiEH7kIYqDp7S3LMP8FbAXlcV62J2AEPqWtbFGszi6Pj65InNnFTGT4Oon
-E46egKcSWAhNR6vN29MO9/0wZHxwXWlcS2CKt6+2QKpfimHf48EJ0idntsKpj302
-i93jWGVNtORZbDddmVZG6XaVQkfRrJiivPQHvIXU5bWCsV7OQsrzbbsSscnqDuAr
-5DjR1Jbm2394e3DkXZTnqLGKReaaz0roA7ybLSesU1Fu0ZjD5Zq6ZezpXEQvcxcd
-wmq1A8ugeuRKhizeBO9YddjYTHWflHLBpiEyIwDCUsXfdNdS0nHQNKMDNbkC9512
-SLbG1N6iLGt85BriMLzJrlMP48feuheu3G/Mrit01yBzIgbqP30DcAIox5bgnJOY
-knxPctNaGsBup76msBzk+aBeDU5N/zirEJYxTmC3okeISzcLFlqYUUSsEzlqh8SS
-pNDK6ZbnX1khJJdUbCJGmgFS6N4RPXdxX12OCJDyjjCXcn7RXcZsYb3A+eF09+EM
-l0Vp3P+Aj6+eSN+t1Ez0sjGfSv/I8q1zV/trYZBq/LZIznfBFwIDAQABozIwMDAd
-BgNVHQ4EFgQUC0e3vObokYFDHM21OlRF4UO6L7EwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQwFAAOCAgEAWLrsWPcRJb81ozx1O8lytX4aUagjYyWIDOst1mqI
-VH+U5bHo7oReKdfFcy4Zen2bKh9DITGD7jweqTxAVx3scLq/3PE2HSG+6fNJ6wt7
-amrMZA6IdWqDWnaFMZQug3JTMH7s6v3rD7FU7awVc6lY+7TjR3qunU2m8F5GvATF
-ag+VmMSLiaBBbbmQqd1JkvCzPXlwwN3rg2u81zMys1AIbgeOlE5ZmWppOQpi7UrZ
-C8PTsRKzapgENlgxtsqVjsAMJI6OGk20bNcQKDn5fU6QwYLfnLPlkuRmFD8FeluI
-jz+ROjzxdC7E/BA80uZctvEEvn2VnD01IlEm6HoC+71erT+zmvM4AGd7EJa6mklb
-X+tGSkfzbIAR2gcn9sdNdhYA2hXXpQaeEp19bB8MAoSp5raCtbqZDQVHofJFY7gG
-FW+yKLlqBTCTm1XOPriUwbP6gkpLlkeTxeIAx8QbucoFx11J7jAeXY7oTXfSQw3h
-OR0/CHlG0BjVep6RNGA0k9cDNRyIdkxvA31rtgYCSbtepR5IhZyFhiN25Djxu/g9
-krspoxAS9ModBSiswjl4Q26eoYT4pnFXMfYbh5E4qNZNv0/S3YQ0HSTupls6M77J
-KHMx17m8EWtdsv2KyUkFqu1Q1nGky7SjpFUsVlp65Q+au3ftKxUDIRWK6jgpRH1e
-YIk=
------END CERTIFICATE-----
diff --git a/kubernetes/platform/components/oom-cert-service/resources/truststore.jks b/kubernetes/platform/components/oom-cert-service/resources/truststore.jks
deleted file mode 100644
index 3d857e34af..0000000000
--- a/kubernetes/platform/components/oom-cert-service/resources/truststore.jks
+++ /dev/null
Binary files differ
diff --git a/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml b/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml
index 666e83c5f8..a6ce2825ec 100644
--- a/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml
+++ b/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2020, Nokia
+{{/*# Copyright © 2020, Nokia
# Modifications Copyright © 2020, Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,7 +11,7 @@
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
-# limitations under the License.
+# limitations under the License.*/}}
{{- if .Values.global.cmpv2Enabled }}
apiVersion: apps/v1
diff --git a/kubernetes/platform/components/oom-cert-service/templates/secret.yaml b/kubernetes/platform/components/oom-cert-service/templates/secret.yaml
index 33056c79fd..280922a014 100644
--- a/kubernetes/platform/components/oom-cert-service/templates/secret.yaml
+++ b/kubernetes/platform/components/oom-cert-service/templates/secret.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2020, Nokia
+{{/*# Copyright © 2020, Nokia
# Modifications Copyright © 2020, Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,7 +11,7 @@
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
-# limitations under the License.
+# limitations under the License.*/}}
{{- if .Values.global.cmpv2Enabled }}
{{ include "common.secretFast" . }}
diff --git a/kubernetes/platform/components/oom-cert-service/templates/service.yaml b/kubernetes/platform/components/oom-cert-service/templates/service.yaml
index 60e2afa41d..5ae6b36dad 100644
--- a/kubernetes/platform/components/oom-cert-service/templates/service.yaml
+++ b/kubernetes/platform/components/oom-cert-service/templates/service.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2020, Nokia
+{{/*# Copyright © 2020, Nokia
# Modifications Copyright © 2020, Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,7 +11,7 @@
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
-# limitations under the License.
+# limitations under the License.*/}}
{{- if .Values.global.cmpv2Enabled }}
{{ include "common.service" . }}
{{ end -}} \ No newline at end of file
diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml
index 4a3a289484..3ab9895037 100644
--- a/kubernetes/platform/components/oom-cert-service/values.yaml
+++ b/kubernetes/platform/components/oom-cert-service/values.yaml
@@ -47,7 +47,7 @@ service:
# Deployment configuration
repository: nexus3.onap.org:10001
-image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.0.0
+image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0
pullPolicy: Always
replicaCount: 1
@@ -117,6 +117,7 @@ credentials:
#truststorePasswordExternalSecret:
# Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled
cmp:
+ # Used only if cmpv2 testing is enabled
clientIakExternalSecret: '{{ include "common.release" . }}-ejbca-client-iak'
#clientRvExternalSecret:
raIakExternalSecret: '{{ include "common.release" . }}-ejbca-ra-iak'
diff --git a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
index 767d1452cc..539ef5a465 100755
--- a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
+++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
@@ -14,10 +14,6 @@
"description":"Pdp Heartbeat",
"supportedPolicyTypes": [
{
- "name": "onap.policies.controlloop.operational.Apex",
- "version": "1.0.0"
- },
- {
"name": "onap.policies.native.Apex",
"version": "1.0.0"
},
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml
index 4deb21a79b..6b27103660 100755
--- a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml
@@ -44,7 +44,7 @@ spec:
- sh
args:
- -c
- - "export TRUSTSTORE_PASSWORD_BASE64=`echo -n ${TRUSTSTORE_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- name: TRUSTSTORE_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 10 }}
diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml
index e149aa596a..ee40ac8359 100755
--- a/kubernetes/policy/components/policy-apex-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml
@@ -52,7 +52,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-apex-pdp:2.4.1
+image: onap/policy-apex-pdp:2.4.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-api/resources/config/config.json b/kubernetes/policy/components/policy-api/resources/config/config.json
index 8db1f5a99f..cebfbc1628 100755
--- a/kubernetes/policy/components/policy-api/resources/config/config.json
+++ b/kubernetes/policy/components/policy-api/resources/config/config.json
@@ -31,11 +31,11 @@
"databaseDriver": "org.mariadb.jdbc.Driver",
"databaseUrl": "jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin",
"databaseUser": "${SQL_USER}",
- "databasePassword": "${SQL_PASSWORD_BASE64}",
+ "databasePassword": "${SQL_PASSWORD}",
"persistenceUnit": "PolicyMariaDb"
},
"preloadPolicyTypes": [
- "policytypes/onap.policies.monitoring.cdap.tca.hi.lo.app.yaml",
+ "policytypes/onap.policies.monitoring.tcagen2.yaml",
"policytypes/onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml",
"policytypes/onap.policies.Optimization.yaml",
"policytypes/onap.policies.optimization.Resource.yaml",
@@ -53,9 +53,10 @@
"policytypes/onap.policies.controlloop.guard.common.Blacklist.yaml",
"policytypes/onap.policies.controlloop.guard.common.FrequencyLimiter.yaml",
"policytypes/onap.policies.controlloop.guard.common.MinMax.yaml",
+ "policytypes/onap.policies.controlloop.guard.common.Filter.yaml",
"policytypes/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.yaml",
- "policytypes/onap.policies.controlloop.Operational.yaml",
"policytypes/onap.policies.Naming.yaml",
+ "policytypes/onap.policies.Match.yaml",
"policytypes/onap.policies.native.Drools.yaml",
"policytypes/onap.policies.native.Xacml.yaml",
"policytypes/onap.policies.native.Apex.yaml",
diff --git a/kubernetes/policy/components/policy-api/templates/deployment.yaml b/kubernetes/policy/components/policy-api/templates/deployment.yaml
index 5774344fd3..021b49dc6d 100755
--- a/kubernetes/policy/components/policy-api/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-api/templates/deployment.yaml
@@ -38,7 +38,7 @@ spec:
- sh
args:
- -c
- - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- name: SQL_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }}
diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml
index a94031ac95..b108fd8d8d 100755
--- a/kubernetes/policy/components/policy-api/values.yaml
+++ b/kubernetes/policy/components/policy-api/values.yaml
@@ -84,7 +84,7 @@ certInitializer:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-api:2.3.1
+image: onap/policy-api:2.3.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml
index 9d20941773..748c5ccc61 100755
--- a/kubernetes/policy/components/policy-distribution/values.yaml
+++ b/kubernetes/policy/components/policy-distribution/values.yaml
@@ -70,7 +70,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-distribution:2.4.1
+image: onap/policy-distribution:2.4.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml
index 5e8c8be179..b723ec2e13 100755
--- a/kubernetes/policy/components/policy-drools-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml
@@ -39,7 +39,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pdpd-cl:1.7.1
+image: onap/policy-pdpd-cl:1.7.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-pap/resources/config/config.json b/kubernetes/policy/components/policy-pap/resources/config/config.json
index 72c318042f..065e5c47ea 100755
--- a/kubernetes/policy/components/policy-pap/resources/config/config.json
+++ b/kubernetes/policy/components/policy-pap/resources/config/config.json
@@ -42,7 +42,7 @@
"databaseDriver": "org.mariadb.jdbc.Driver",
"databaseUrl": "jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin",
"databaseUser": "${SQL_USER}",
- "databasePassword": "${SQL_PASSWORD_BASE64}",
+ "databasePassword": "${SQL_PASSWORD}",
"persistenceUnit": "PolicyMariaDb"
},
"topicParameterGroup": {
diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml
index f07ed4a7ba..a756beed34 100755
--- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml
@@ -44,7 +44,7 @@ spec:
- sh
args:
- -c
- - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- name: SQL_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml
index 008fefd1a9..5c3efcda9c 100755
--- a/kubernetes/policy/components/policy-pap/values.yaml
+++ b/kubernetes/policy/components/policy-pap/values.yaml
@@ -98,7 +98,7 @@ certInitializer:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pap:2.3.1
+image: onap/policy-pap:2.3.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties
index b53200be9a..a4b3309e80 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties
+++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties
@@ -50,4 +50,4 @@ xacml.pip.engines=count-recent-operations,get-operation-outcome
javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver
javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/operationshistory
javax.persistence.jdbc.user=${SQL_USER}
-javax.persistence.jdbc.password=${SQL_PASSWORD_BASE64}
+javax.persistence.jdbc.password=${SQL_PASSWORD}
diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml
index a4d060ccfe..bdf4e6cf9b 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml
@@ -56,7 +56,7 @@ spec:
- sh
args:
- -c
- - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- name: RESTSERVER_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
@@ -119,8 +119,6 @@ spec:
readOnly: true
- mountPath: /opt/app/policy/pdpx/etc/mounted
name: pdpxconfig-processed
- emptyDir:
- medium: Memory
resources:
{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
index 81196e1236..cdfa5bde56 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
@@ -89,7 +89,7 @@ certInitializer:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-xacml-pdp:2.3.1
+image: onap/policy-xacml-pdp:2.3.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/portal/Makefile b/kubernetes/portal/Makefile
index 8af301d7ae..248fb056ab 100644
--- a/kubernetes/portal/Makefile
+++ b/kubernetes/portal/Makefile
@@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES := dist resources templates charts docker
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@@ -39,7 +40,11 @@ lint-%: dep-%
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
@helm repo index $(PACKAGE_DIR)
clean:
diff --git a/kubernetes/portal/components/Makefile b/kubernetes/portal/components/Makefile
index 2fc0cbe4ab..02371366f6 100644
--- a/kubernetes/portal/components/Makefile
+++ b/kubernetes/portal/components/Makefile
@@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES :=
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@@ -39,7 +40,11 @@ lint-%: dep-%
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
@helm repo index $(PACKAGE_DIR)
clean:
diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/key.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/key.properties
new file mode 100644
index 0000000000..368cbe75b8
--- /dev/null
+++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/key.properties
@@ -0,0 +1,2 @@
+# Encrypted Properties
+cipher.enc.key = ${CIPHER_ENC_KEY}
diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml
index 99fe917de5..e707e259ca 100644
--- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml
+++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml
@@ -40,6 +40,8 @@
<!-- specify the component name -->
<property name="componentName" value="onapportal"></property>
+ <!-- specify the application name -->
+ <property name="application_name" value="Portal"></property>
<!-- specify the base path of the log directory -->
<property name="logDirPrefix" value="/var/log/onap"></property>
@@ -67,7 +69,7 @@
value="%X{MetricsLogBeginTimestamp}|%X{MetricsLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVisualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />
<property name="errorLoggerPattern"
- value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ClassName}|%X{AlertSeverity}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />
+ value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ErrorCategory}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />
<property name="defaultLoggerPattern"
value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ClassName}| %msg%n" />
@@ -274,15 +276,15 @@
<appender-ref ref="asyncEELFServer" /> </logger> <logger name="com.att.eelf.policy"
level="info" additivity="false"> <appender-ref ref="asyncEELFPolicy" /> </logger> -->
- <logger name="com.att.eelf.audit" level="info" additivity="false">
+ <logger name="EELFAudit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
- <logger name="com.att.eelf.metrics" level="info" additivity="false">
+ <logger name="EELFMetrics" level="info" additivity="false">
<appender-ref ref="asyncEELFMetrics" />
</logger>
- <logger name="com.att.eelf.error" level="info" additivity="false">
+ <logger name="EELFError" level="info" additivity="false">
<appender-ref ref="asyncEELFError" />
</logger>
@@ -292,6 +294,7 @@
<root level="INFO">
<appender-ref ref="asyncEELF" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties
index 37544d11e3..e0724c6d06 100644
--- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties
+++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties
@@ -27,7 +27,7 @@ music.serialize.compress = true
#By default it's eventual
music.atomic.get = false
-music.atomic.put = true
+music.atomic.put = false
cassandra.host={{.Values.cassandra.service.name}}
-cassandra.user={{.Values.cassandra.config.cassandraUsername}}
-cassandra.password={{.Values.cassandra.config.cassandraPassword}}
+cassandra.user=${CASSA_USER}
+cassandra.password=${CASSA_PASSWORD}
diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
index b5b4e48b97..c8a292f60b 100755
--- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
+++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
@@ -16,8 +16,8 @@
#mysql
db.driver = org.mariadb.jdbc.Driver
db.connectionURL = jdbc:mariadb:failover://portal-db:3306/portal
-db.userName =root
-db.password =Aa123456
+db.userName =${PORTAL_DB_USER}
+db.password =${PORTAL_DB_PASSWORD}
db.hib.dialect = org.hibernate.dialect.MySQLDialect
db.min_pool_size = 5
db.max_pool_size = 10
@@ -122,4 +122,4 @@ remote_centralized_system_access = {{.Values.global.aafEnabled}}
ext_central_access_user_name = aaf_admin@people.osaaf.org
ext_central_access_password = demo123456!
ext_central_access_url = {{.Values.aafURL}}
-ext_central_access_user_domain = @people.osaaf.org \ No newline at end of file
+ext_central_access_user_domain = @people.osaaf.org
diff --git a/kubernetes/portal/components/portal-app/templates/deployment.yaml b/kubernetes/portal/components/portal-app/templates/deployment.yaml
index 6964715ef1..8c434c55ff 100644
--- a/kubernetes/portal/components/portal-app/templates/deployment.yaml
+++ b/kubernetes/portal/components/portal-app/templates/deployment.yaml
@@ -49,6 +49,42 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-portal-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ cd /config-input && \
+ for PFILE in `ls -1 *.xml`
+ do
+ cp ${PFILE} /config
+ chmod 0755 /config/${PFILE}
+ done
+ cd /config-input && \
+ for PFILE in `ls -1 *.properties`
+ do
+ envsubst <${PFILE} >/config/${PFILE}
+ chmod 0755 /config/${PFILE}
+ done
+ env:
+ - name: CASSA_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "login") | indent 12 }}
+ - name: CASSA_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }}
+ - name: CIPHER_ENC_KEY
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }}
+ - name: PORTAL_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }}
+ - name: PORTAL_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: properties-onapportal-scrubbed
+ - mountPath: /config
+ name: properties-onapportal
{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
@@ -103,6 +139,9 @@ spec:
mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/portal.properties"
subPath: portal.properties
- name: properties-onapportal
+ mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/key.properties"
+ subPath: key.properties
+ - name: properties-onapportal
mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/music.properties"
subPath: music.properties
- name: properties-onapportal
@@ -114,6 +153,8 @@ spec:
- name: properties-onapportal
mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/web.xml"
subPath: web.xml
+ - name: properties-onapportal
+ mountPath: "{{ .Values.global.env.tomcatDir }}/temp"
- name: var-log-onap
mountPath: /var/log/onap
resources:
@@ -122,7 +163,7 @@ spec:
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end -}}
- {{- if .Values.affinity }}
+{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
@@ -143,6 +184,9 @@ spec:
hostPath:
path: /etc/localtime
- name: properties-onapportal
+ emptyDir:
+ medium: Memory
+ - name: properties-onapportal-scrubbed
configMap:
name: {{ include "common.fullname" . }}-onapportal
defaultMode: 0755
diff --git a/kubernetes/portal/components/portal-app/values.yaml b/kubernetes/portal/components/portal-app/values.yaml
index 73306ba773..3f55f4a08e 100644
--- a/kubernetes/portal/components/portal-app/values.yaml
+++ b/kubernetes/portal/components/portal-app/values.yaml
@@ -23,18 +23,47 @@ global:
readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ envsubstImage: dibi/envsubst
#AAF service
aafEnabled: true
+################################################################
+# Secrets metaconfig
+#################################################################
+
+secrets:
+ - uid: portal-cass
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.cassandra.config.cassandraExternalSecret) . }}'
+ login: '{{ .Values.cassandra.config.cassandraUsername }}'
+ password: '{{ .Values.cassandra.config.cassandraPassword }}'
+ passwordPolicy: required
+ - uid: cipher-enc-key
+ type: password
+ externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}'
+ password: '{{ .Values.config.cipherEncKey }}'
+ passwordPolicy: required
+ - uid: portal-backend-db
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}'
+ login: '{{ .Values.mariadb.config.backendUserName }}'
+ password: '{{ .Values.mariadb.config.backendPassword }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-app:3.2.3
+image: onap/portal-app:3.4.1
pullPolicy: Always
+# application configuration
+config:
+ # cipherEncKeyExternalSecret: some secret
+ cipherEncKey: AGLDdG4D04BKm2IxIWEr8o==!
+
#AAF local config
aafURL: https://aaf-service:8100/authz/
@@ -97,6 +126,10 @@ service:
mariadb:
service:
name: portal-db
+ config:
+ # backendDbExternalSecret: some secret
+ backendUserName: portal
+ backendPassword: portal
widget:
service:
name: portal-widget
@@ -104,6 +137,7 @@ cassandra:
service:
name: portal-cassandra
config:
+ # cassandraExternalSecret: some secret
cassandraUsername: root
cassandraPassword: Aa123456
messageRouter:
diff --git a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml
index 5b4bf0c0e7..16b8971339 100644
--- a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml
+++ b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml
@@ -64,9 +64,9 @@ spec:
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: CASSUSER
- value: "{{ .Values.config.cassandraUsername }}"
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12}}
- name: CASSPASS
- value: "{{ .Values.config.cassandraPassword }}"
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12}}
- name: JVM_OPTS
value: "{{ .Values.config.cassandraJvmOpts }}"
- name: POD_IP
diff --git a/kubernetes/portal/components/portal-cassandra/templates/secrets.yaml b/kubernetes/portal/components/portal-cassandra/templates/secrets.yaml
new file mode 100644
index 0000000000..34932b713d
--- /dev/null
+++ b/kubernetes/portal/components/portal-cassandra/templates/secrets.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/portal/components/portal-cassandra/values.yaml b/kubernetes/portal/components/portal-cassandra/values.yaml
index 65fcdbe84a..eb6fc12274 100644
--- a/kubernetes/portal/components/portal-cassandra/values.yaml
+++ b/kubernetes/portal/components/portal-cassandra/values.yaml
@@ -26,10 +26,21 @@ repository: nexus3.onap.org:10001
image: onap/music/cassandra_music:3.0.0
pullPolicy: Always
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: 'db-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.cassandraExternalSecret) . }}'
+ login: '{{ .Values.config.cassandraUsername }}'
+ password: '{{ .Values.config.cassandraPassword }}'
+
# application configuration
config:
cassandraUsername: root
cassandraPassword: Aa123456
+# cassandraCredsExternalSecret: some secret
cassandraJvmOpts: -Xmx2536m -Xms2536m
# default number of instances
diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
index 28fcee1551..390241fa1d 100644
--- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
+++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
@@ -2,21 +2,21 @@
set -eo pipefail
shopt -s nullglob
-# if command starts with an option, prepend mysqld
-if [ "${1:0:1}" = '-' ]; then
- set -- mysqld "$@"
-fi
-
-# skip setup if they want an option that stops mysqld
-wantHelp=
-for arg; do
- case "$arg" in
- -'?'|--help|--print-defaults|-V|--version)
- wantHelp=1
- break
- ;;
- esac
-done
+# logging functions
+mysql_log() {
+ local type="$1"; shift
+ printf '%s [%s] [Entrypoint]: %s\n' "$(date --rfc-3339=seconds)" "$type" "$*"
+}
+mysql_note() {
+ mysql_log Note "$@"
+}
+mysql_warn() {
+ mysql_log Warn "$@" >&2
+}
+mysql_error() {
+ mysql_log ERROR "$@" >&2
+ exit 1
+}
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
@@ -27,8 +27,7 @@ file_env() {
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
- echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
- exit 1
+ mysql_error "Both $var and $fileVar are set (but are exclusive)"
fi
local val="$def"
if [ "${!var:-}" ]; then
@@ -40,157 +39,328 @@ file_env() {
unset "$fileVar"
}
-_check_config() {
- toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" )
+# check to see if this file is being run or sourced from another script
+_is_sourced() {
+ # https://unix.stackexchange.com/a/215279
+ [ "${#FUNCNAME[@]}" -ge 2 ] \
+ && [ "${FUNCNAME[0]}" = '_is_sourced' ] \
+ && [ "${FUNCNAME[1]}" = 'source' ]
+}
+
+# usage: docker_process_init_files [file [file [...]]]
+# ie: docker_process_init_files /always-initdb.d/*
+# process initializer files, based on file extensions
+docker_process_init_files() {
+ # mysql here for backwards compatibility "${mysql[@]}"
+ mysql=( docker_process_sql )
+
+ echo
+ local f
+ for f; do
+ case "$f" in
+ *.sh)
+ # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
+ # https://github.com/docker-library/postgres/pull/452
+ if [ -x "$f" ]; then
+ mysql_note "$0: running $f"
+ "$f"
+ else
+ mysql_note "$0: sourcing $f"
+ . "$f"
+ fi
+ ;;
+ *.sql) mysql_note "$0: running $f"; docker_process_sql < "$f"; echo ;;
+ *.sql.gz) mysql_note "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
+ *.sql.xz) mysql_note "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;;
+ *) mysql_warn "$0: ignoring $f" ;;
+ esac
+ echo
+ done
+}
+
+mysql_check_config() {
+ local toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) errors
if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
- cat >&2 <<-EOM
- ERROR: mysqld failed while attempting to check config
- command was: "${toRun[*]}"
- $errors
- EOM
- exit 1
+ mysql_error $'mysqld failed while attempting to check config\n\tcommand was: '"${toRun[*]}"$'\n\t'"$errors"
fi
}
# Fetch value from server config
# We use mysqld --verbose --help instead of my_print_defaults because the
# latter only show values present in config files, and not server defaults
-_get_config() {
+mysql_get_config() {
local conf="$1"; shift
"$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \
- | awk '$1 == "'"$conf"'" && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }'
+ | awk -v conf="$conf" '$1 == conf && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }'
# match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)"
}
-# allow the container to be started with `--user`
-if [ "$1" = 'mysqld' -a -z "$wantHelp" -a "$(id -u)" = '0' ]; then
- _check_config "$@"
- DATADIR="$(_get_config 'datadir' "$@")"
+# Do a temporary startup of the MySQL server, for init purposes
+docker_temp_server_start() {
+ "$@" --skip-networking --socket="${SOCKET}" &
+ mysql_note "Waiting for server startup"
+ local i
+ for i in {30..0}; do
+ # only use the root password if the database has already been initializaed
+ # so that it won't try to fill in a password file when it hasn't been set yet
+ extraArgs=()
+ if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
+ extraArgs+=( '--dont-use-mysql-root-password' )
+ fi
+ if docker_process_sql "${extraArgs[@]}" --database=mysql <<<'SELECT 1' &> /dev/null; then
+ break
+ fi
+ sleep 1
+ done
+ if [ "$i" = 0 ]; then
+ mysql_error "Unable to start server."
+ fi
+}
+
+# Stop the server. When using a local socket file mysqladmin will block until
+# the shutdown is complete.
+docker_temp_server_stop() {
+ if ! mysqladmin --defaults-extra-file=<( _mysql_passfile ) shutdown -uroot --socket="${SOCKET}"; then
+ mysql_error "Unable to shut down server."
+ fi
+}
+
+# Verify that the minimally required password settings are set for new databases.
+docker_verify_minimum_env() {
+ if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
+ mysql_error $'Database is uninitialized and password option is not specified\n\tYou need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD'
+ fi
+}
+
+# creates folders for the database
+# also ensures permission for user mysql of run as root
+docker_create_db_directories() {
+ local user; user="$(id -u)"
+
+ # TODO other directories that are used by default? like /var/lib/mysql-files
+ # see https://github.com/docker-library/mysql/issues/562
mkdir -p "$DATADIR"
- find "$DATADIR" \! -user mysql -exec chown mysql '{}' +
- exec gosu mysql "$BASH_SOURCE" "$@"
-fi
-if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then
- # still need to check config, container may have started with --user
- _check_config "$@"
+ if [ "$user" = "0" ]; then
+ # this will cause less disk access than `chown -R`
+ find "$DATADIR" \! -user mysql -exec chown mysql '{}' +
+ fi
+}
+
+# initializes the database directory
+docker_init_database_dir() {
+ mysql_note "Initializing database files"
+ installArgs=( --datadir="$DATADIR" --rpm )
+ if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then
+ # beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password
+ # see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3
+ # (this flag doesn't exist in 10.0 and below)
+ installArgs+=( --auth-root-authentication-method=normal )
+ fi
+ # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
+ mysql_install_db "${installArgs[@]}" "${@:2}"
+ mysql_note "Database files initialized"
+}
+
+# Loads various settings that are used elsewhere in the script
+# This should be called after mysql_check_config, but before any other functions
+docker_setup_env() {
# Get config
- DATADIR="$(_get_config 'datadir' "$@")"
-
- if [ ! -d "$DATADIR/mysql" ]; then
- file_env 'MYSQL_ROOT_PASSWORD'
- if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
- echo >&2 'error: database is uninitialized and password option is not specified '
- echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD'
- exit 1
- fi
+ declare -g DATADIR SOCKET
+ DATADIR="$(mysql_get_config 'datadir' "$@")"
+ SOCKET="$(mysql_get_config 'socket' "$@")"
- mkdir -p "$DATADIR"
+ # Initialize values that might be stored in a file
+ file_env 'MYSQL_ROOT_HOST' '%'
+ file_env 'MYSQL_DATABASE'
+ file_env 'MYSQL_USER'
+ file_env 'MYSQL_PASSWORD'
+ file_env 'MYSQL_ROOT_PASSWORD'
+ file_env 'PORTAL_DB_TABLES'
- echo 'Initializing database'
- installArgs=( --datadir="$DATADIR" --rpm )
- if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then
- # beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password
- # see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3
- # (this flag doesn't exist in 10.0 and below)
- installArgs+=( --auth-root-authentication-method=normal )
- fi
- # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
- mysql_install_db "${installArgs[@]}" "${@:2}"
- echo 'Database initialized'
-
- SOCKET="$(_get_config 'socket' "$@")"
- "$@" --skip-networking --socket="${SOCKET}" &
- pid="$!"
-
- mysql=( mysql --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" )
-
- for i in {60..0}; do
- if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then
- break
- fi
- echo 'MySQL init process in progress...'
- sleep 1
- done
- if [ "$i" = 0 ]; then
- echo >&2 'MySQL init process failed.'
- exit 1
- fi
+ declare -g DATABASE_ALREADY_EXISTS
+ if [ -d "$DATADIR/mysql" ]; then
+ DATABASE_ALREADY_EXISTS='true'
+ fi
+}
- if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
- # sed is for https://bugs.mysql.com/bug.php?id=20545
- mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql
- fi
+# Execute sql script, passed via stdin
+# usage: docker_process_sql [--dont-use-mysql-root-password] [mysql-cli-args]
+# ie: docker_process_sql --database=mydb <<<'INSERT ...'
+# ie: docker_process_sql --dont-use-mysql-root-password --database=mydb <my-file.sql
+docker_process_sql() {
+ passfileArgs=()
+ if [ '--dont-use-mysql-root-password' = "$1" ]; then
+ passfileArgs+=( "$1" )
+ shift
+ fi
+ # args sent in can override this db, since they will be later in the command
+ if [ -n "$MYSQL_DATABASE" ]; then
+ set -- --database="$MYSQL_DATABASE" "$@"
+ fi
- if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
- export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)"
- echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
- fi
+ mysql --defaults-extra-file=<( _mysql_passfile "${passfileArgs[@]}") --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" "$@"
+}
- rootCreate=
- # default root to listen for connections from anywhere
- file_env 'MYSQL_ROOT_HOST' '%'
- if [ ! -z "$MYSQL_ROOT_HOST" -a "$MYSQL_ROOT_HOST" != 'localhost' ]; then
- # no, we don't care if read finds a terminating character in this heredoc
- # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151
- read -r -d '' rootCreate <<-EOSQL || true
- CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
- GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ;
- EOSQL
- fi
+# Initializes database with timezone info and root password, plus optional extra db/user
+docker_setup_db() {
+ # Load timezone info into database
+ if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
+ {
+ # Aria in 10.4+ is slow due to "transactional" (crash safety)
+ # https://jira.mariadb.org/browse/MDEV-23326
+ # https://github.com/docker-library/mariadb/issues/262
+ local tztables=( time_zone time_zone_leap_second time_zone_name time_zone_transition time_zone_transition_type )
+ for table in "${tztables[@]}"; do
+ echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=0 */;"
+ done
- "${mysql[@]}" <<-EOSQL
- -- What's done in this file shouldn't be replicated
- -- or products like mysql-fabric won't work
- SET @@SESSION.SQL_LOG_BIN=0;
- DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ;
- SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
- GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ;
- ${rootCreate}
- DROP DATABASE IF EXISTS test ;
- FLUSH PRIVILEGES ;
+ # sed is for https://bugs.mysql.com/bug.php?id=20545
+ mysql_tzinfo_to_sql /usr/share/zoneinfo \
+ | sed 's/Local time zone must be set--see zic manual page/FCTY/'
+
+ for table in "${tztables[@]}"; do
+ echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=1 */;"
+ done
+ } | docker_process_sql --dont-use-mysql-root-password --database=mysql
+ # tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is not set yet
+ fi
+ # Generate random root password
+ if [ -n "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
+ export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)"
+ mysql_note "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
+ fi
+ # Sets root password and creates root users for non-localhost hosts
+ local rootCreate=
+ # default root to listen for connections from anywhere
+ if [ -n "$MYSQL_ROOT_HOST" ] && [ "$MYSQL_ROOT_HOST" != 'localhost' ]; then
+ # no, we don't care if read finds a terminating character in this heredoc
+ # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151
+ read -r -d '' rootCreate <<-EOSQL || true
+ CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
+ GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ;
EOSQL
+ fi
- if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then
- mysql+=( -p"${MYSQL_ROOT_PASSWORD}" )
- fi
+ # tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is just now being set
+ docker_process_sql --dont-use-mysql-root-password --database=mysql <<-EOSQL
+ -- What's done in this file shouldn't be replicated
+ -- or products like mysql-fabric won't work
+ SET @@SESSION.SQL_LOG_BIN=0;
- file_env 'MYSQL_DATABASE'
- if [ "$MYSQL_DATABASE" ]; then
- echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}"
- mysql+=( "$MYSQL_DATABASE" )
- fi
+ DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mariadb.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ;
+ SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
+ -- 10.1: https://github.com/MariaDB/server/blob/d925aec1c10cebf6c34825a7de50afe4e630aff4/scripts/mysql_secure_installation.sh#L347-L365
+ -- 10.5: https://github.com/MariaDB/server/blob/00c3a28820c67c37ebbca72691f4897b57f2eed5/scripts/mysql_secure_installation.sh#L351-L369
+ DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%' ;
- file_env 'MYSQL_USER'
- file_env 'MYSQL_PASSWORD'
- if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then
- echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}"
+ GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ;
+ FLUSH PRIVILEGES ;
+ ${rootCreate}
+ DROP DATABASE IF EXISTS test ;
+ EOSQL
- if [ "$MYSQL_DATABASE" ]; then
- echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
- fi
+ # Creates a custom database and user if specified
+ if [ -n "$MYSQL_DATABASE" ]; then
+ mysql_note "Creating database ${MYSQL_DATABASE}"
+ docker_process_sql --database=mysql <<<"CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;"
+ fi
+
+ if [ -n "$MYSQL_USER" ] && [ -n "$MYSQL_PASSWORD" ]; then
+ mysql_note "Creating user ${MYSQL_USER}"
+ docker_process_sql --database=mysql <<<"CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;"
+
+ if [ -n "$MYSQL_DATABASE" ]; then
+ mysql_note "Giving user ${MYSQL_USER} access to schema ${MYSQL_DATABASE}"
+ docker_process_sql --database=mysql <<<"GRANT ALL ON \`${MYSQL_DATABASE//_/\\_}\`.* TO '$MYSQL_USER'@'%' ;"
fi
- echo
- for f in /docker-entrypoint-initdb.d/*; do
- case "$f" in
- *.sh) echo "$0: running $f"; . "$f" ;;
- *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;;
- *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;;
- *) echo "$0: ignoring $f" ;;
- esac
- echo
- done
+ docker_process_sql --database=mysql <<<"FLUSH PRIVILEGES ;"
+ fi
+}
- if ! kill -s TERM "$pid" || ! wait "$pid"; then
- echo >&2 'MySQL init process failed.'
- exit 1
+_mysql_passfile() {
+ # echo the password to the "file" the client uses
+ # the client command will use process substitution to create a file on the fly
+ # ie: --defaults-extra-file=<( _mysql_passfile )
+ if [ '--dont-use-mysql-root-password' != "$1" ] && [ -n "$MYSQL_ROOT_PASSWORD" ]; then
+ cat <<-EOF
+ [client]
+ password="${MYSQL_ROOT_PASSWORD}"
+ EOF
+ fi
+}
+
+# check arguments for an option that would cause mysqld to stop
+# return true if there is one
+_mysql_want_help() {
+ local arg
+ for arg; do
+ case "$arg" in
+ -'?'|--help|--print-defaults|-V|--version)
+ return 0
+ ;;
+ esac
+ done
+ return 1
+}
+
+_main() {
+ # if command starts with an option, prepend mysqld
+ if [ "${1:0:1}" = '-' ]; then
+ set -- mysqld "$@"
+ fi
+
+ # skip setup if they aren't running mysqld or want an option that stops mysqld
+ if [ "$1" = 'mysqld' ] && ! _mysql_want_help "$@"; then
+ mysql_note "Entrypoint script for MySQL Server ${MARIADB_VERSION} started."
+
+ mysql_check_config "$@"
+ # Load various environment variables
+ docker_setup_env "$@"
+ docker_create_db_directories
+
+ # If container is started as root user, restart as dedicated mysql user
+ if [ "$(id -u)" = "0" ]; then
+ mysql_note "Switching to dedicated user 'mysql'"
+ exec gosu mysql "$BASH_SOURCE" "$@"
fi
- echo
- echo 'MySQL init process done. Ready for start up.'
- echo
+ # there's no database, so it needs to be initialized
+ if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
+ docker_verify_minimum_env
+
+ # check dir permissions to reduce likelihood of half-initialized database
+ ls /docker-entrypoint-initdb.d/ > /dev/null
+
+ docker_init_database_dir "$@"
+
+ mysql_note "Starting temporary server"
+ docker_temp_server_start "$@"
+ mysql_note "Temporary server started."
+
+ docker_setup_db
+ docker_process_init_files /docker-entrypoint-initdb.d/*
+
+ for i in $(echo $PORTAL_DB_TABLES | sed "s/,/ /g")
+ do
+ echo "Granting portal user ALL PRIVILEGES for table $i"
+ echo "GRANT ALL ON \`$i\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
+ done
+
+ mysql_note "Stopping temporary server"
+ docker_temp_server_stop
+ mysql_note "Temporary server stopped"
+
+ echo
+ mysql_note "MySQL init process done. Ready for start up."
+ echo
+ fi
fi
-fi
+ exec "$@"
+}
-exec "$@" \ No newline at end of file
+# If we are sourced from elsewhere, don't perform any further actions
+if ! _is_sourced; then
+ _main "$@"
+fi
diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql
index 7502e9322a..1e2806759f 100644
--- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql
+++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql
@@ -23,7 +23,7 @@ while the OOM K8s version has these service split up.
*/
-- app_url is the FE, app_rest_endpoint is the BE
--portal-sdk => TODO: doesn't open a node port yet
-update fn_app set app_url = 'https://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'https://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
+update fn_app set app_url = 'https://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'https://portal-sdk:8443/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
--dmaap-bc => the dmaap-bc doesn't open a node port..
update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl';
--sdc-be => 8443:30204
@@ -74,6 +74,9 @@ update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS
-- aai sparky
update fn_app set app_username='aaiui', app_password='4LK69amiIFtuzcl6Gsv97Tt7MLhzo03aoOx7dTvdjKQ=', ueb_key='ueb_key_7' where app_id = 7;
+-- Disabled Policy APP
+UPDATE fn_app fa SET fa.enabled = 'N' WHERE app_name = 'Policy';
+
/*
Replace spaces with underscores for role names to match AAF role names
diff --git a/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml b/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml
index ec6cc50634..196a2d1ad4 100644
--- a/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml
+++ b/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml
@@ -69,6 +69,18 @@ spec:
secretKeyRef:
name: {{ template "common.fullname" . }}
key: db-root-password
+ - name: MYSQL_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "common.fullname" . }}
+ key: backend-db-user
+ - name: MYSQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "common.fullname" . }}
+ key: backend-db-password
+ - name: PORTAL_DB_TABLES
+ value: {{ .Values.config.backend_portal_tables }}
volumeMounts:
- mountPath: /var/lib/mysql
name: mariadb-data
diff --git a/kubernetes/portal/components/portal-mariadb/templates/job.yaml b/kubernetes/portal/components/portal-mariadb/templates/job.yaml
index e8a6e0fb12..b05b9208cc 100644
--- a/kubernetes/portal/components/portal-mariadb/templates/job.yaml
+++ b/kubernetes/portal/components/portal-mariadb/templates/job.yaml
@@ -72,7 +72,9 @@ spec:
value: "{{ .Values.service.internalPort }}"
- name: DB_PASS
valueFrom:
- secretKeyRef: {name: {{ include "common.fullname" . }}, key: db-root-password}
+ secretKeyRef:
+ name: {{ include "common.fullname" . }}
+ key: db-root-password
command:
- /bin/sh
- -x
diff --git a/kubernetes/portal/components/portal-mariadb/templates/secrets.yaml b/kubernetes/portal/components/portal-mariadb/templates/secrets.yaml
index ad1db77298..4415c5ebd0 100644
--- a/kubernetes/portal/components/portal-mariadb/templates/secrets.yaml
+++ b/kubernetes/portal/components/portal-mariadb/templates/secrets.yaml
@@ -26,3 +26,6 @@ metadata:
type: Opaque
data:
db-root-password: {{ .Values.config.mariadbRootPassword | b64enc | quote }}
+stringData:
+ backend-db-user: {{ .Values.config.backendDbUser }}
+ backend-db-password: {{ .Values.config.backendDbPassword }}
diff --git a/kubernetes/portal/components/portal-mariadb/values.yaml b/kubernetes/portal/components/portal-mariadb/values.yaml
index 3435feb43e..5061593739 100644
--- a/kubernetes/portal/components/portal-mariadb/values.yaml
+++ b/kubernetes/portal/components/portal-mariadb/values.yaml
@@ -25,7 +25,7 @@ global: # global defaults
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-db:3.2.3
+image: onap/portal-db:3.4.1
pullPolicy: Always
@@ -35,6 +35,11 @@ mariadbInitImage: "oomk8s/mariadb-client-init:3.0.0"
config:
mariadbUser: root
mariadbRootPassword: Aa123456
+ backendDbUser: portal
+ backendDbPassword: portal
+ #backend_portal_tables is a comma delimited string listing back-end tables
+ #that backendDbUser needs access to, such as to portal and ecomp_sdk tables
+ backend_portal_tables: portal,ecomp_sdk
#The directory where sql files are found in the projects gerrit repo.
sqlSourceDirectory: portal/deliveries
# sdc frontend assignment for port 9443
diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/key.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/key.properties
new file mode 100644
index 0000000000..0025a58e46
--- /dev/null
+++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/key.properties
@@ -0,0 +1,40 @@
+###
+# ============LICENSE_START==========================================
+# ONAP Portal SDK
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+#
+###
+
+# Properties read by the ECOMP Framework library (epsdk-fw)
+cipher.enc.key = ${CIPHER_ENC_KEY}
diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml
index 85e1eed648..2c2cd00f1c 100644
--- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml
+++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml
@@ -41,6 +41,8 @@
<!--<jmxConfigurator /> -->
<!-- specify the component name -->
<property name="componentName" value="onapsdk"></property>
+ <!-- specify the application name -->
+ <property name="application_name" value="PortalSDK"></property>
<!-- specify the base path of the log directory -->
<property name="logDirPrefix" value="/var/log/onap"></property>
<!-- The directories where logs are written -->
@@ -60,7 +62,7 @@
<!-- 1610 Logging Fields Format Revisions -->
<property name="auditLoggerPattern" value="%X{AuditLogBeginTimestamp}|%X{AuditLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />
<property name="metricsLoggerPattern" value="%X{MetricsLogBeginTimestamp}|%X{MetricsLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVisualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />
- <property name="errorLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ClassName}|%X{AlertSeverity}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />
+ <property name="errorLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ErrorCategory}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />
<property name="defaultLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ClassName}| %msg%n" />
<!-- use %class so library logging calls yield their class name -->
<property name="applicationLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%class{36}| %msg%n" />
@@ -204,19 +206,20 @@
<logger name="org.onap.eelf" level="info" additivity="false">
<appender-ref ref="asyncEELF" />
</logger>
- <logger name="org.onap.eelf.audit" level="info" additivity="false">
+ <logger name="EELFAudit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
<logger name="org.onap.eelf.debug" level="debug" additivity="false">
<appender-ref ref="asyncEELFDebug" />
</logger>
- <logger name="org.onap.eelf.error" level="info" additivity="false">
+ <logger name="EELFError" level="info" additivity="false">
<appender-ref ref="asyncEELFError" />
</logger>
- <logger name="org.onap.eelf.metrics" level="info" additivity="false">
+ <logger name="EELFMetrics" level="info" additivity="false">
<appender-ref ref="asyncEELFMetrics" />
</logger>
<root level="DEBUG">
<appender-ref ref="asyncEELF" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties
index 83ce9ca983..a4c0acc9d0 100644
--- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties
+++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties
@@ -27,8 +27,8 @@ music.serialize.compress = true
#By default it's eventual
music.atomic.get = false
-music.atomic.put = true
+music.atomic.put = false
cassandra.host={{.Values.cassandra.service.name}}
-cassandra.user={{.Values.cassandra.config.cassandraUsername}}
-cassandra.password={{.Values.cassandra.config.cassandraPassword}}
+cassandra.user=${CASSA_USER}
+cassandra.password=${CASSA_PASSWORD}
diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties
index 2a2ec59d5c..1faed41b85 100755
--- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties
+++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties
@@ -40,8 +40,8 @@ decryption_key = AGLDdG4D04BKm2IxIWEr8o==
db.driver = org.mariadb.jdbc.Driver
db.connectionURL = jdbc:mariadb://portal-db:3306/ecomp_sdk
-db.userName = root
-db.password = Aa123456
+db.userName =${PORTAL_DB_USER}
+db.password =${PORTAL_DB_PASSWORD}
db.min_pool_size = 5
db.max_pool_size = 10
hb.dialect = org.hibernate.dialect.MySQLDialect
@@ -90,4 +90,4 @@ remote_centralized_system_access = {{.Values.global.aafEnabled}}
ext_central_access_user_name = aaf_admin@people.osaaf.org
ext_central_access_password = demo123456!
ext_central_access_url = {{.Values.aafURL}}
-ext_central_access_user_domain = @people.osaaf.org \ No newline at end of file
+ext_central_access_user_domain = @people.osaaf.org
diff --git a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml
index 104c2df34a..52bf49b972 100644
--- a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml
+++ b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml
@@ -49,6 +49,42 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-portalsdk-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ cd /config-input && \
+ for PFILE in `ls -1 *.xml`
+ do
+ cp ${PFILE} /config
+ chmod 0755 /config/${PFILE}
+ done
+ cd /config-input && \
+ for PFILE in `ls -1 *.properties`
+ do
+ envsubst <${PFILE} >/config/${PFILE}
+ chmod 0755 /config/${PFILE}
+ done
+ env:
+ - name: CASSA_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "login") | indent 12 }}
+ - name: CASSA_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }}
+ - name: CIPHER_ENC_KEY
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }}
+ - name: PORTAL_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }}
+ - name: PORTAL_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: properties-onapportalsdk-scrubbed
+ - mountPath: /config
+ name: properties-onapportalsdk
{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
@@ -100,6 +136,9 @@ spec:
mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/portal.properties"
subPath: portal.properties
- name: properties-onapportalsdk
+ mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/key.properties"
+ subPath: key.properties
+ - name: properties-onapportalsdk
mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/music.properties"
subPath: music.properties
- name: properties-onapportalsdk
@@ -135,6 +174,9 @@ spec:
hostPath:
path: /etc/localtime
- name: properties-onapportalsdk
+ emptyDir:
+ medium: Memory
+ - name: properties-onapportalsdk-scrubbed
configMap:
name: {{ include "common.fullname" . }}-onapportalsdk
defaultMode: 0755
diff --git a/kubernetes/portal/components/portal-sdk/values.yaml b/kubernetes/portal/components/portal-sdk/values.yaml
index ebe49e08c2..ae373a2f54 100644
--- a/kubernetes/portal/components/portal-sdk/values.yaml
+++ b/kubernetes/portal/components/portal-sdk/values.yaml
@@ -24,18 +24,48 @@ global:
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence: {}
+ envsubstImage: dibi/envsubst
#AAF service
aafEnabled: true
+################################################################
+# Secrets metaconfig
+#################################################################
+
+secrets:
+ - uid: portal-cass
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.cassandra.config.cassandraExternalSecret) . }}'
+ login: '{{ .Values.cassandra.config.cassandraUsername }}'
+ password: '{{ .Values.cassandra.config.cassandraPassword }}'
+ passwordPolicy: required
+ - uid: portal-backend-db
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}'
+ login: '{{ .Values.mariadb.config.backendUserName }}'
+ password: '{{ .Values.mariadb.config.backendPassword }}'
+ passwordPolicy: required
+ - uid: cipher-enc-key
+ type: password
+ externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}'
+ password: '{{ .Values.config.cipherEncKey }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-sdk:3.2.0
+image: onap/portal-sdk:3.4.1
pullPolicy: Always
+# application configuration
+config:
+ # cipherEncKeyExternalSecret: some secret
+ cipherEncKey: AGLDdG4D04BKm2IxIWEr8o==
+
+
#AAF local config
aafURL: https://aaf-service:8100/authz/
certInitializer:
@@ -91,6 +121,10 @@ service:
mariadb:
service:
name: portal-db
+ config:
+ # backendDbExternalSecret: some secret
+ backendUserName: portal
+ backendPassword: portal
widget:
service:
name: portal-widget
@@ -98,6 +132,7 @@ cassandra:
service:
name: portal-cassandra
config:
+ # cassandraExternalSecret: some secret
cassandraUsername: root
cassandraPassword: Aa123456
messageRouter:
diff --git a/kubernetes/portal/components/portal-widget/values.yaml b/kubernetes/portal/components/portal-widget/values.yaml
index 3afb4c6f60..94da33019c 100644
--- a/kubernetes/portal/components/portal-widget/values.yaml
+++ b/kubernetes/portal/components/portal-widget/values.yaml
@@ -28,7 +28,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-wms:3.2.3
+image: onap/portal-wms:3.4.1
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/portal/templates/secrets.yaml b/kubernetes/portal/templates/secrets.yaml
new file mode 100644
index 0000000000..34932b713d
--- /dev/null
+++ b/kubernetes/portal/templates/secrets.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/portal/values.yaml b/kubernetes/portal/values.yaml
index a7d1e09c5d..0d4b023b12 100644
--- a/kubernetes/portal/values.yaml
+++ b/kubernetes/portal/values.yaml
@@ -21,14 +21,42 @@ global:
portalFEPort: "30225"
# application's front end hostname. Must be resolvable on the client side environment
portalHostName: "portal.api.simpledemo.onap.org"
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: portal-cass
+ name: &dbSecretName '{{ include "common.release" . }}-portal-cass-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.casandraCredsExternalSecret) . }}'
+ login: '{{ .Values.config.cassandraUsername }}'
+ password: '{{ .Values.config.cassandraPassword }}'
+ - uid: portal-backend-db
+ name: &backendDbSecretName '{{ include "common.release" . }}-portal-backend-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}'
+ login: '{{ .Values.mariadb.config.backendUserName }}'
+ password: '{{ .Values.mariadb.config.backendPassword }}'
+ passwordPolicy: required
+
config:
logstashServiceName: log-ls
logstashPort: 5044
+ cassandraUsername: root
+ cassandraPassword: Aa123456
+# casandraCredsExternalSecret: some secret
+
portal-mariadb:
nameOverride: portal-db
mariadb:
service:
name: portal-db
+ config:
+# backendDbExternalSecret: some secret
+ backendUserName: portal
+ backendPassword: portal
+
widget:
service:
name: portal-widget
@@ -36,8 +64,21 @@ cassandra:
service:
name: portal-cassandra
config:
- cassandraUsername: root
- cassandraPassword: Aa123456
+ cassandraExternalSecret: *dbSecretName
+portal-app:
+ mariadb:
+ config:
+ backendDbExternalSecret: *backendDbSecretName
+ cassandra:
+ config:
+ cassandraExternalSecret: *dbSecretName
+portal-sdk:
+ mariadb:
+ config:
+ backendDbExternalSecret: *backendDbSecretName
+ cassandra:
+ config:
+ cassandraExternalSecret: *dbSecretName
messageRouter:
service:
name: message-router
diff --git a/kubernetes/robot b/kubernetes/robot
-Subproject b093c77b4faa2c4f0bfc67e481f724b6d67c722
+Subproject 34913f2223539640c81ae9e7a65744a09a95c9c
diff --git a/kubernetes/sdc/Makefile b/kubernetes/sdc/Makefile
index f2670c552d..3dab31fad0 100644
--- a/kubernetes/sdc/Makefile
+++ b/kubernetes/sdc/Makefile
@@ -20,6 +20,8 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES := dist resources templates charts docker
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
+
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
all: $(HELM_CHARTS)
@@ -39,7 +41,12 @@ lint-%: dep-%
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
+
@helm repo index $(PACKAGE_DIR)
clean:
diff --git a/kubernetes/sdc/components/Makefile b/kubernetes/sdc/components/Makefile
index 8d3bf2be4f..0d5b9e0c1f 100644
--- a/kubernetes/sdc/components/Makefile
+++ b/kubernetes/sdc/components/Makefile
@@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES :=
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@@ -39,7 +40,11 @@ lint-%: dep-%
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
@helm repo index $(PACKAGE_DIR)
clean:
diff --git a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml
index e2329d7ca5..d3a47de65b 100644
--- a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml
@@ -37,6 +37,13 @@ spec:
fieldPath: metadata.namespace
image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
- name: {{ include "common.name" . }}-job-completion
image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
@@ -51,6 +58,13 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
{{- if .Values.global.aafEnabled }}
- name: {{ include "common.name" . }}-update-config
image: "{{ .Values.global.envsubstImage }}"
@@ -72,6 +86,13 @@ spec:
envsubst <${PFILE} >/config-output/${PFILE}
chmod 0755 /config-output/${PFILE}
done
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-environments
mountPath: /config-input/
@@ -154,6 +175,13 @@ spec:
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-data-filebeat
mountPath: /usr/share/filebeat/data
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
diff --git a/kubernetes/sdc/components/sdc-be/templates/job.yaml b/kubernetes/sdc/components/sdc-be/templates/job.yaml
index d9c3e510eb..554b3c357e 100644
--- a/kubernetes/sdc/components/sdc-be/templates/job.yaml
+++ b/kubernetes/sdc/components/sdc-be/templates/job.yaml
@@ -39,19 +39,28 @@ spec:
args:
- --container-name
- sdc-be
+ - "-t"
+ - "35"
env:
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
containers:
- name: {{ include "common.name" . }}-job
image: "{{ include "common.repository" . }}/{{ .Values.backendInitImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /home/sdc/chef-solo/environments/
+ mountPath: /home/onap/chef-solo/environments/
- name: sdc-logs
mountPath: /var/lib/jetty/logs
env:
@@ -61,6 +70,13 @@ spec:
valueFrom:
fieldRef:
fieldPath: status.podIP
+ resources:
+ limits:
+ cpu: 800m
+ memory: 1024Mi
+ requests:
+ cpu: 200m
+ memory: 200Mi
volumes:
- name: {{ include "common.fullname" . }}-environments
configMap:
diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml
index 03894869e4..b825b703b4 100644
--- a/kubernetes/sdc/components/sdc-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-be/values.yaml
@@ -39,8 +39,8 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-backend:1.6.7
-backendInitImage: onap/sdc-backend-init:1.6.7
+image: onap/sdc-backend-all-plugins:1.7.1
+backendInitImage: onap/sdc-backend-init:1.7.1
pullPolicy: Always
# flag to enable debugging - application support required
@@ -140,15 +140,15 @@ resources:
small:
limits:
cpu: 1
- memory: 4Gi
+ memory: 2Gi
requests:
- cpu: 10m
+ cpu: 100m
memory: 1Gi
large:
limits:
cpu: 2
- memory: 8Gi
+ memory: 4Gi
requests:
- cpu: 20m
+ cpu: 200m
memory: 2Gi
unlimited: {}
diff --git a/kubernetes/sdc/components/sdc-cs/templates/job.yaml b/kubernetes/sdc/components/sdc-cs/templates/job.yaml
index 0c98d67be4..19dd11281f 100644
--- a/kubernetes/sdc/components/sdc-cs/templates/job.yaml
+++ b/kubernetes/sdc/components/sdc-cs/templates/job.yaml
@@ -45,12 +45,21 @@ spec:
{{- else }}
- cassandra
{{- end }}
+ - "-t"
+ - "15"
env:
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
containers:
- name: {{ include "common.name" . }}-job
image: "{{ include "common.repository" . }}/{{ .Values.cassandraInitImage }}"
@@ -78,6 +87,13 @@ spec:
valueFrom:
fieldRef:
fieldPath: status.podIP
+ resources:
+ limits:
+ cpu: 800m
+ memory: 1024Mi
+ requests:
+ cpu: 200m
+ memory: 300Mi
volumes:
- name: {{ include "common.fullname" . }}-environments
configMap:
diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml
index 0738ca755d..e80f64844e 100644
--- a/kubernetes/sdc/components/sdc-cs/values.yaml
+++ b/kubernetes/sdc/components/sdc-cs/values.yaml
@@ -38,8 +38,8 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.6.7
-cassandraInitImage: onap/sdc-cassandra-init:1.6.7
+image: onap/sdc-cassandra:1.7.1
+cassandraInitImage: onap/sdc-cassandra-init:1.7.1
pullPolicy: Always
@@ -104,23 +104,3 @@ persistence:
ingress:
enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
diff --git a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml
index 0571f4bb5d..bca3c477a1 100644
--- a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml
@@ -43,12 +43,21 @@ spec:
args:
- --job-name
- {{ include "common.release" . }}-sdc-be-config-backend
+ - "-t"
+ - "35"
env:
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
{{- if .Values.global.aafEnabled }}
- name: {{ include "common.name" . }}-update-config
image: "{{ .Values.global.envsubstImage }}"
@@ -75,6 +84,13 @@ spec:
mountPath: /config-input/
- name: sdc-environments-output
mountPath: /config-output/
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
{{- end }}
containers:
- name: {{ include "common.name" . }}
@@ -106,8 +122,7 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
env:
- name: ENVNAME
value: {{ .Values.env.name }}
@@ -153,6 +168,13 @@ spec:
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-data-filebeat
mountPath: /usr/share/filebeat/data
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml
index e9ff284ffe..1389d05c02 100644
--- a/kubernetes/sdc/components/sdc-fe/values.yaml
+++ b/kubernetes/sdc/components/sdc-fe/values.yaml
@@ -51,7 +51,7 @@ certInitializer:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-frontend:1.6.7
+image: onap/sdc-frontend:1.7.1
pullPolicy: Always
config:
@@ -123,16 +123,16 @@ flavor: small
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: 500m
+ memory: 2Gi
requests:
- cpu: 10m
+ cpu: 40m
memory: 1Gi
large:
limits:
- cpu: 2
- memory: 8Gi
+ cpu: 1
+ memory: 4Gi
requests:
- cpu: 20m
+ cpu: 80m
memory: 2Gi
unlimited: {}
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml
index 6f1e2a9b61..527dddef89 100644
--- a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml
@@ -49,6 +49,13 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
{{- if .Values.global.aafEnabled }}
- name: {{ include "common.name" . }}-update-config
image: "{{ .Values.global.envsubstImage }}"
@@ -75,6 +82,13 @@ spec:
mountPath: /config-input/
- name: sdc-environments-output
mountPath: /config-output/
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
{{- end }}
containers:
- name: {{ include "common.name" . }}
@@ -99,8 +113,7 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
env:
- name: ENVNAME
value: {{ .Values.env.name }}
@@ -155,6 +168,13 @@ spec:
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-data-filebeat
mountPath: /usr/share/filebeat/data
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml
index 936c7c41b5..c3003e2d1d 100644
--- a/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml
@@ -41,12 +41,21 @@ spec:
args:
- --job-name
- {{ include "common.release" . }}-sdc-cs-config-cassandra
+ - "-t"
+ - "20"
env:
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
containers:
- name: {{ include "common.name" . }}-job
image: "{{ include "common.repository" . }}/{{ .Values.onboardingInitImage }}"
@@ -72,6 +81,13 @@ spec:
secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: cs_password}
- name: CS_HOST_IP
value: "{{ .Values.global.cassandra.serviceName }}"
+ resources:
+ limits:
+ cpu: 800m
+ memory: 1024Mi
+ requests:
+ cpu: 200m
+ memory: 200Mi
volumes:
- name: {{ include "common.fullname" . }}-environments
configMap:
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
index 2e5d91e76b..6ec08db43a 100644
--- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
@@ -63,8 +63,8 @@ certInitializer:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-onboard-backend:1.6.7
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.7
+image: onap/sdc-onboard-backend:1.7.1
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.7.1
pullPolicy: Always
# flag to enable debugging - application support required
@@ -155,16 +155,16 @@ flavor: small
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: 500m
+ memory: 2Gi
requests:
- cpu: 10m
+ cpu: 40m
memory: 1Gi
large:
limits:
- cpu: 2
- memory: 8Gi
+ cpu: 1
+ memory: 4Gi
requests:
- cpu: 20m
+ cpu: 80m
memory: 2Gi
unlimited: {}
diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml
index b188cdae98..c61c41fc85 100644
--- a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml
@@ -50,6 +50,13 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
{{ end }}
containers:
- name: {{ include "common.name" . }}
@@ -123,6 +130,7 @@ spec:
- name: SERVER_SSL_TRUSTSTORE_TYPE
value: "{{ .Values.config.serverSSLTrustStoreType }}"
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml
index 9235cb441c..be7d519924 100644
--- a/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml
@@ -34,37 +34,47 @@ spec:
spec:
restartPolicy: Never
initContainers:
- - name: {{ include "common.name" . }}-init-readiness
- image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-sdc-cs-config-cassandra
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-init-readiness
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-sdc-cs-config-cassandra
+ - "-t"
+ - "20"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
containers:
- - name: {{ include "common.name" . }}-job
- image: "{{ include "common.repository" . }}/{{ .Values.configInitImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CS_HOST
- value: "{{ .Values.global.cassandra.serviceName }}"
- - name: CS_PORT
- value: "{{ .Values.config.cassandraClientPort }}"
- - name: CS_AUTHENTICATE
- value: "{{ .Values.config.cassandraAuthenticationEnabled }}"
- - name: CS_USER
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user}
- - name: CS_PASSWORD
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}
+ - name: {{ include "common.name" . }}-job
+ image: "{{ include "common.repository" . }}/{{ .Values.configInitImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: CS_HOST
+ value: "{{ .Values.global.cassandra.serviceName }}"
+ - name: CS_PORT
+ value: "{{ .Values.config.cassandraClientPort }}"
+ - name: CS_AUTHENTICATE
+ value: "{{ .Values.config.cassandraAuthenticationEnabled }}"
+ - name: CS_USER
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user}
+ - name: CS_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}
+ resources: {{ include "common.resources" . | nindent 12 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
{{ end }}
diff --git a/kubernetes/sdc/components/sdc-wfd-be/values.yaml b/kubernetes/sdc/components/sdc-wfd-be/values.yaml
index da5ae38ad5..893a1b9f31 100644
--- a/kubernetes/sdc/components/sdc-wfd-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/values.yaml
@@ -62,8 +62,8 @@ certInitializer:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-backend:1.6.4
-configInitImage: onap/workflow-init:1.6.4
+image: onap/sdc-workflow-backend:1.7.0
+configInitImage: onap/sdc-workflow-init:1.7.0
pullPolicy: Always
initJob:
@@ -123,21 +123,22 @@ ingress:
config:
ssl: "redirect"
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
+# Resource Limit flavor -By Default using small
+# Segregation for Different environment (Small and Large)
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 500m
+ memory: 2Gi
+ requests:
+ cpu: 40m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 80m
+ memory: 2Gi
+ unlimited: {}
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml
index ad10480a3f..a5d312f308 100644
--- a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml
@@ -48,6 +48,13 @@ spec:
fieldPath: metadata.namespace
image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
{{- if .Values.global.aafEnabled }}
- name: {{ include "common.fullname" . }}-move-cert
command:
@@ -63,6 +70,13 @@ spec:
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: sdc-certs
mountPath: /sdc-certs
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
{{- end }}
containers:
- name: {{ include "common.name" . }}
@@ -114,8 +128,8 @@ spec:
readOnly: true
{{- if .Values.global.aafEnabled }}
- name: sdc-certs
- mountPath: /sdc-certs
- subpath: mycreds.prop
+ mountPath: /sdc-certs/mycreds.prop
+ subPath: mycreds.prop
- name: sdc-certs
mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.keystoreFile }}
subPath: {{ .Values.certInitializer.keystoreFile }}
@@ -123,8 +137,7 @@ spec:
mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.truststoreFile }}
subPath: {{ .Values.certInitializer.truststoreFile }}
{{ end }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
@@ -145,6 +158,13 @@ spec:
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-data-filebeat
mountPath: /usr/share/filebeat/data
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml
index 7bb1b24ad6..e88139832f 100644
--- a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml
@@ -51,7 +51,7 @@ certInitializer:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-frontend:1.6.4
+image: onap/sdc-workflow-frontend:1.7.0
pullPolicy: Always
# flag to enable debugging - application support required
@@ -114,21 +114,22 @@ ingress:
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
nginx.ingress.kubernetes.io/rewrite-target: "/workflows/"
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
+# Resource Limit flavor -By Default using small
+# Segregation for Different environment (Small and Large)
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 500m
+ memory: 2Gi
+ requests:
+ cpu: 40m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 80m
+ memory: 2Gi
+ unlimited: {}
diff --git a/kubernetes/sdnc/Makefile b/kubernetes/sdnc/Makefile
index e4b5dda95d..1518f3c3c6 100644
--- a/kubernetes/sdnc/Makefile
+++ b/kubernetes/sdnc/Makefile
@@ -20,6 +20,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES := dist resources templates charts
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@@ -40,7 +41,11 @@ lint-%: dep-%
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
@helm repo index $(PACKAGE_DIR)
clean:
diff --git a/kubernetes/sdnc/components/Makefile b/kubernetes/sdnc/components/Makefile
index 4e737638a6..c38171c1e5 100644
--- a/kubernetes/sdnc/components/Makefile
+++ b/kubernetes/sdnc/components/Makefile
@@ -20,6 +20,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES :=
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@@ -40,7 +41,11 @@ lint-%: dep-%
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
@if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
@helm repo index $(PACKAGE_DIR)
clean:
diff --git a/kubernetes/sdnc/components/dmaap-listener/values.yaml b/kubernetes/sdnc/components/dmaap-listener/values.yaml
index 1a70926f4f..f3a2b98397 100644
--- a/kubernetes/sdnc/components/dmaap-listener/values.yaml
+++ b/kubernetes/sdnc/components/dmaap-listener/values.yaml
@@ -55,7 +55,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-dmaap-listener-image:1.8.4
+image: onap/sdnc-dmaap-listener-image:2.0.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml
index 7eb32b10e5..e4024c7d77 100644
--- a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml
+++ b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml
@@ -55,7 +55,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ansible-server-image:1.8.4
+image: onap/sdnc-ansible-server-image:2.0.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/components/sdnc-web/values.yaml b/kubernetes/sdnc/components/sdnc-web/values.yaml
index bcf3cff752..2c0b3eabe2 100644
--- a/kubernetes/sdnc/components/sdnc-web/values.yaml
+++ b/kubernetes/sdnc/components/sdnc-web/values.yaml
@@ -27,7 +27,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: "onap/sdnc-web-image:1.8.3"
+image: "onap/sdnc-web-image:2.0.2"
pullPolicy: Always
config:
diff --git a/kubernetes/sdnc/components/ueb-listener/values.yaml b/kubernetes/sdnc/components/ueb-listener/values.yaml
index a8b7c13550..a32628df6f 100644
--- a/kubernetes/sdnc/components/ueb-listener/values.yaml
+++ b/kubernetes/sdnc/components/ueb-listener/values.yaml
@@ -61,7 +61,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ueb-listener-image:1.8.4
+image: onap/sdnc-ueb-listener-image:2.0.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/resources/config/bin/startODL.sh b/kubernetes/sdnc/resources/config/bin/startODL.sh
index 6aa796a163..a83fc92890 100755
--- a/kubernetes/sdnc/resources/config/bin/startODL.sh
+++ b/kubernetes/sdnc/resources/config/bin/startODL.sh
@@ -162,6 +162,7 @@ then
fi
cp /opt/opendaylight/current/certs/* /tmp
+cp /var/custom-certs/* /tmp
nohup python ${SDNC_BIN}/installCerts.py &
diff --git a/kubernetes/sdnc/resources/config/conf/setenv b/kubernetes/sdnc/resources/config/conf/setenv
index 7476e6849a..52c9ff76b4 100644
--- a/kubernetes/sdnc/resources/config/conf/setenv
+++ b/kubernetes/sdnc/resources/config/conf/setenv
@@ -54,8 +54,8 @@ if [ "x$JAVA_MAX_MEM" = "x" ]; then
export JAVA_MAX_MEM="2048m"
fi
-EXTRA_JAVA_OPTS: "-XX:+UseG1GC -XX:MaxGCPauseMillis={{.Values.config.odl.javaOptions.maxGCPauseMillis}} \
- -XX:ParallelGCThreads={{.Values.config.odl.javaOptions.parallelGCThreads}} -XX:+ParallelRefProcEnabled \
- -XX:+UseStringDeduplication -XX:+PrintGC -XX:+PrintGCDateStamps -XX:+PrintGCDetails \
- -XX:+PrintGCTimeStamps -XX:+UseGCLogFileRotation \
- -XX:NumberOfGCLogFiles={{.Values.config.odl.javaOptions.numberGGLogFiles}} -Xloggc:/var/log/onap/sdnc/gc-%t.log"
+EXTRA_JAVA_OPTS=${EXTRA_JAVA_OPTS:-"-XX:+UseG1GC \
+ -XX:MaxGCPauseMillis={{.Values.config.odl.javaOptions.maxGCPauseMillis}} \
+ -XX:ParallelGCThreads={{.Values.config.odl.javaOptions.parallelGCThreads}} \
+ -XX:+ParallelRefProcEnabled \
+ -XX:+UseStringDeduplication {{.Values.config.odl.javaOptions.gcLogOptions}}"}
diff --git a/kubernetes/sdnc/templates/sdnrdb-init-job.yaml b/kubernetes/sdnc/templates/sdnrdb-init-job.yaml
index aa156b598f..42b3f25483 100755
--- a/kubernetes/sdnc/templates/sdnrdb-init-job.yaml
+++ b/kubernetes/sdnc/templates/sdnrdb-init-job.yaml
@@ -51,7 +51,7 @@ spec:
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/bin/bash"]
- args: ["-c", "{{ .Values.config.binDir }}/startODL.oom.sh"]
+ args: ["-c", "{{ .Values.config.binDir }}/startODL.sh"]
env:
- name: SDNC_AAF_ENABLED
value: "{{ .Values.global.aafEnabled}}"
diff --git a/kubernetes/sdnc/templates/service.yaml b/kubernetes/sdnc/templates/service.yaml
index b434c4025f..e3be4bc46a 100644
--- a/kubernetes/sdnc/templates/service.yaml
+++ b/kubernetes/sdnc/templates/service.yaml
@@ -49,9 +49,9 @@ spec:
targetPort: {{ .Values.service.internalPort4 }}
{{ end }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
- {{ if .Values.config.sdnr.enabled }}
- Session Affinity: ClientIP
- {{ end }}
+ {{ if .Values.config.sdnr.enabled }}
+ sessionAffinity: ClientIP
+ {{ end }}
selector:
app.kubernetes.io/name: {{ include "common.name" . }}
app.kubernetes.io/instance: {{ include "common.release" . }}
diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml
index b1da64a748..488c050bfb 100644
--- a/kubernetes/sdnc/templates/statefulset.yaml
+++ b/kubernetes/sdnc/templates/statefulset.yaml
@@ -1,5 +1,5 @@
{{/*
-# Copyright © 2020 Samsung Electronics, highstreet technologies GmbH
+# Copyright © 2020 Samsung Electronics
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -94,6 +94,48 @@ spec:
{{ end -}}
{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ {{ if .Values.global.cmpv2Enabled }}
+ - name: certs-init
+ image: "{{ .Values.global.repository }}/{{ .Values.global.platform.certServiceClient.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: REQUEST_URL
+ value: {{ .Values.global.platform.certServiceClient.envVariables.requestURL }}
+ - name: REQUEST_TIMEOUT
+ value: "30000"
+ - name: OUTPUT_PATH
+ value: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }}
+ - name: CA_NAME
+ value: {{ .Values.global.platform.certServiceClient.envVariables.caName }}
+ - name: COMMON_NAME
+ value: {{ .Values.global.platform.certServiceClient.envVariables.common_name }}
+ - name: ORGANIZATION
+ value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Organization }}
+ - name: ORGANIZATION_UNIT
+ value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2OrganizationalUnit }}
+ - name: LOCATION
+ value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Location }}
+ - name: STATE
+ value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2State }}
+ - name: COUNTRY
+ value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Country }}
+ - name: KEYSTORE_PATH
+ value: {{ .Values.global.platform.certServiceClient.envVariables.keystorePath }}
+ - name: KEYSTORE_PASSWORD
+ value: {{ .Values.global.platform.certServiceClient.envVariables.keystorePassword }}
+ - name: TRUSTSTORE_PATH
+ value: {{ .Values.global.platform.certServiceClient.envVariables.truststorePath }}
+ - name: TRUSTSTORE_PASSWORD
+ value: {{ .Values.global.platform.certServiceClient.envVariables.truststorePassword }}
+ terminationMessagePath: /dev/termination-log
+ terminationMessagePolicy: File
+ volumeMounts:
+ - mountPath: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }}
+ name: certs
+ - mountPath: {{ .Values.global.platform.certServiceClient.secret.mountPath }}
+ name: certservice-tls-volume
+ {{ end }}
+
- name: {{ include "common.name" . }}-chown
image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
command:
@@ -160,6 +202,8 @@ spec:
value: {{ include "common.mariadbService" . }}
- name: JAVA_HOME
value: "{{ .Values.config.javaHome}}"
+ - name: JAVA_OPTS
+ value: "-Xms{{.Values.config.odl.javaOptions.minMemory}} -Xmx{{.Values.config.odl.javaOptions.maxMemory}}"
- name: KARAF_CONSOLE_LOG_LEVEL
value: "{{ include "common.log.level" . }}"
- name: SDNRWT
@@ -238,6 +282,10 @@ spec:
- mountPath: {{ .Values.config.odl.etcDir }}/mountpoint-state-provider.properties
name: properties
subPath: mountpoint-state-provider.properties
+ {{ if .Values.global.cmpv2Enabled }}
+ - mountPath: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }}
+ name: certs
+ {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -288,6 +336,14 @@ spec:
- name: properties
emptyDir:
medium: Memory
+ {{ if .Values.global.cmpv2Enabled }}
+ - name: certs
+ emptyDir:
+ medium: Memory
+ - name: certservice-tls-volume
+ secret:
+ secretName: {{ .Values.global.platform.certServiceClient.secret.name }}
+ {{- end }}
{{ if not .Values.persistence.enabled }}
- name: {{ include "common.fullname" . }}-data
emptyDir: {}
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index 244a7d5d9a..c41f5eadbf 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -35,6 +35,31 @@ global:
service: mariadb-galera
internalPort: 3306
nameOverride: mariadb-galera
+ # Enabling CMPv2
+ cmpv2Enabled: true
+ platform:
+ certServiceClient:
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.0.0
+ secret:
+ name: oom-cert-service-client-tls-secret
+ mountPath: /etc/onap/oom/certservice/certs/
+ envVariables:
+ # Certificate related
+ cert_path: /var/custom-certs
+ cmpv2Organization: "Linux-Foundation"
+ cmpv2OrganizationalUnit: "ONAP"
+ cmpv2Location: "San-Francisco"
+ cmpv2Country: "US"
+ # Client configuration related
+ caName: "RA"
+ common_name: "sdnc.simpledemo.onap.org"
+ requestURL: "https://oom-cert-service:8443/v1/certificate/"
+ requestTimeout: "30000"
+ keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks"
+ outputType: "P12"
+ keystorePassword: "secret"
+ truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks"
+ truststorePassword: "secret"
#################################################################
# Secrets metaconfig
@@ -110,7 +135,7 @@ secrets:
# application images
repository: nexus3.onap.org:10001
pullPolicy: Always
-image: onap/sdnc-image:1.8.4
+image: onap/sdnc-image:2.0.2
busyboxRepository: docker.io
busyboxImage: busybox:1.30
@@ -160,11 +185,12 @@ config:
logstashPort: 5044
ansibleServiceName: sdnc-ansible-server
ansiblePort: 8000
- javaHome: /usr/lib/jvm/java-1.8-openjdk
+ javaHome: /opt/java/openjdk
odl:
etcDir: /opt/opendaylight/etc
binDir: /opt/opendaylight/bin
+ gcLogDir: /opt/opendaylight/data/log
salConfigDir: /opt/opendaylight/system/org/opendaylight/controller/sal-clustering-config
salConfigVersion: 1.9.1
akka:
@@ -184,7 +210,12 @@ config:
javaOptions:
maxGCPauseMillis: 100
parallelGCThreads : 3
- numberGGLogFiles: 10
+ numberGCLogFiles: 10
+ minMemory: 512m
+ maxMemory: 2048m
+ gcLogOptions: ""
+ # Next line enables gc logging
+ # gcLogOptions: "-Xlog:gc=trace:file={{.Values.config.odl.gcLogDir}}/gc-%t.log}:time,level,tags:filecount={{.Values.config.odl.javaOptions.numberGCLogFiles}}"
# enables sdnr functionality
sdnr:
enabled: true
@@ -406,6 +437,22 @@ persistence:
mountSubPath: sdnc/mdsal
mdsalPath: /opt/opendaylight/current/daexim
+certpersistence:
+ enabled: true
+
+ ## A manually managed Persistent Volume and Claim
+ ## Requires persistence.enabled: true
+ ## If defined, PVC must be created manually before volume will be bound
+ # existingClaim:
+
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ size: 50Mi
+ mountPath: /dockerdata-nfs
+ mountSubPath: sdnc/certs
+ certPath: /opt/app/osaaf
+ ##storageClass: "manual"
+
ingress:
enabled: false
service:
diff --git a/kubernetes/sniro-emulator/templates/deployment.yaml b/kubernetes/sniro-emulator/templates/deployment.yaml
index 2e76895278..0a1525c280 100644
--- a/kubernetes/sniro-emulator/templates/deployment.yaml
+++ b/kubernetes/sniro-emulator/templates/deployment.yaml
@@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
@@ -24,6 +24,10 @@ metadata:
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
template:
metadata:
labels:
diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml
index 2dbfa4ea4a..ee84d60905 100755
--- a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml
@@ -72,7 +72,7 @@ spec:
readOnly: true
- name: {{ include "common.fullname" . }}-truststore
mountPath: /app/client
- readonly: true
+ readOnly: true
livenessProbe:
tcpSocket:
port: {{ index .Values.livenessProbe.port }}
diff --git a/kubernetes/uui/charts/uui-server/values.yaml b/kubernetes/uui/charts/uui-server/values.yaml
index e8acab2350..a43ae6eff0 100644
--- a/kubernetes/uui/charts/uui-server/values.yaml
+++ b/kubernetes/uui/charts/uui-server/values.yaml
@@ -25,7 +25,7 @@ flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/usecase-ui-server:3.0.4
+image: onap/usecase-ui-server:3.0.6
pullPolicy: Always
# application configuration
diff --git a/kubernetes/uui/values.yaml b/kubernetes/uui/values.yaml
index 758200eede..77351f9f3e 100644
--- a/kubernetes/uui/values.yaml
+++ b/kubernetes/uui/values.yaml
@@ -26,7 +26,7 @@ flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/usecase-ui:3.0.4
+image: onap/usecase-ui:3.0.6
pullPolicy: Always
# application configuration
diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/resources/config/logging/log.yml b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/resources/config/logging/log.yml
index 123bb298ab..844f993df1 100644
--- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/resources/config/logging/log.yml
+++ b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/resources/config/logging/log.yml
@@ -11,6 +11,9 @@ loggers:
level: "DEBUG"
propagate: False
handlers:
+ console:
+ class: "logging.StreamHandler"
+ formatter: "standard"
gvnfmdriverlocal_handler:
level: "DEBUG"
class:
diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml
index c6987f14ee..a9c92ef7b3 100644
--- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml
@@ -56,12 +56,10 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
+ - name: MSB_HOST
+ value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml
index 21118603f5..96736f6c66 100644
--- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml
+++ b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml
@@ -28,7 +28,7 @@ global:
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/gvnfmdriver:1.3.9
+image: onap/vfc/gvnfmdriver:1.4.0
pullPolicy: Always
#Istio sidecar injection policy
diff --git a/kubernetes/vfc/charts/vfc-nslcm/resources/config/logging/log.yml b/kubernetes/vfc/charts/vfc-nslcm/resources/config/logging/log.yml
index 4ae7ab16a8..c88606239e 100644
--- a/kubernetes/vfc/charts/vfc-nslcm/resources/config/logging/log.yml
+++ b/kubernetes/vfc/charts/vfc-nslcm/resources/config/logging/log.yml
@@ -11,6 +11,9 @@ loggers:
level: "DEBUG"
propagate: False
handlers:
+ console:
+ class: "logging.StreamHandler"
+ formatter: "standard"
nslcmlocal_handler:
level: "DEBUG"
class:
diff --git a/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml
index 9b085f8a36..544834d199 100644
--- a/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml
@@ -76,12 +76,10 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
+ - name: MSB_HOST
+ value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
- name: MYSQL_ROOT_USER
diff --git a/kubernetes/vfc/charts/vfc-nslcm/values.yaml b/kubernetes/vfc/charts/vfc-nslcm/values.yaml
index 547874145f..7d37810020 100644
--- a/kubernetes/vfc/charts/vfc-nslcm/values.yaml
+++ b/kubernetes/vfc/charts/vfc-nslcm/values.yaml
@@ -38,7 +38,7 @@ secrets:
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/nslcm:1.3.9
+image: onap/vfc/nslcm:1.4.0
pullPolicy: Always
#Istio sidecar injection policy
diff --git a/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml
index 9eee5c7f81..8b32fa4e6e 100644
--- a/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml
@@ -53,11 +53,6 @@ spec:
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- - name: REG_TO_MSB_WHEN_START
- value: "{{ .Values.global.config.reg_to_msb_when_start }}"
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
diff --git a/kubernetes/vfc/charts/vfc-redis/values.yaml b/kubernetes/vfc/charts/vfc-redis/values.yaml
index 80924a897a..2761d05999 100644
--- a/kubernetes/vfc/charts/vfc-redis/values.yaml
+++ b/kubernetes/vfc/charts/vfc-redis/values.yaml
@@ -28,7 +28,7 @@ global:
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/db:1.3.3
+image: onap/vfc/db:1.3.4
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/vfc/charts/vfc-vnflcm/resources/config/logging/log.yml b/kubernetes/vfc/charts/vfc-vnflcm/resources/config/logging/log.yml
index 4af8faa40f..9dbf475beb 100644
--- a/kubernetes/vfc/charts/vfc-vnflcm/resources/config/logging/log.yml
+++ b/kubernetes/vfc/charts/vfc-vnflcm/resources/config/logging/log.yml
@@ -11,6 +11,9 @@ loggers:
level: "DEBUG"
propagate: False
handlers:
+ console:
+ class: "logging.StreamHandler"
+ formatter: "standard"
vnfmgrlocal_handler:
level: "DEBUG"
class:
diff --git a/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml
index d61dc9ddfa..7fd74b93f0 100644
--- a/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml
@@ -76,12 +76,10 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
+ - name: MSB_HOST
+ value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
- name: MYSQL_ROOT_USER
diff --git a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml b/kubernetes/vfc/charts/vfc-vnflcm/values.yaml
index 89847ca158..fafef0c5f0 100644
--- a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml
+++ b/kubernetes/vfc/charts/vfc-vnflcm/values.yaml
@@ -38,7 +38,7 @@ secrets:
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/vnflcm:1.3.9
+image: onap/vfc/vnflcm:1.4.0
pullPolicy: Always
#Istio sidecar injection policy
diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/resources/config/logging/log.yml b/kubernetes/vfc/charts/vfc-vnfmgr/resources/config/logging/log.yml
index 4af8faa40f..9dbf475beb 100644
--- a/kubernetes/vfc/charts/vfc-vnfmgr/resources/config/logging/log.yml
+++ b/kubernetes/vfc/charts/vfc-vnfmgr/resources/config/logging/log.yml
@@ -11,6 +11,9 @@ loggers:
level: "DEBUG"
propagate: False
handlers:
+ console:
+ class: "logging.StreamHandler"
+ formatter: "standard"
vnfmgrlocal_handler:
level: "DEBUG"
class:
diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml
index 3eede1904d..bd0b377f79 100644
--- a/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml
@@ -76,12 +76,10 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
+ - name: MSB_HOST
+ value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
- name: REDIS_HOST
diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml b/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml
index 6fbc0338e5..67b087fcd0 100644
--- a/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml
+++ b/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml
@@ -38,7 +38,7 @@ secrets:
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/vnfmgr:1.3.8
+image: onap/vfc/vnfmgr:1.3.9
pullPolicy: Always
#Istio sidecar injection policy
diff --git a/kubernetes/vfc/charts/vfc-vnfres/resources/config/logging/log.yml b/kubernetes/vfc/charts/vfc-vnfres/resources/config/logging/log.yml
index c4cc1e3072..7644af1e1b 100644
--- a/kubernetes/vfc/charts/vfc-vnfres/resources/config/logging/log.yml
+++ b/kubernetes/vfc/charts/vfc-vnfres/resources/config/logging/log.yml
@@ -11,6 +11,9 @@ loggers:
level: "DEBUG"
propagate: False
handlers:
+ console:
+ class: "logging.StreamHandler"
+ formatter: "standard"
vnflcmlocal_handler:
level: "DEBUG"
class:
diff --git a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml
index 32c7cd2348..9f2a4c739b 100644
--- a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml
@@ -76,12 +76,10 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
+ - name: MSB_HOST
+ value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
- name: REDIS_HOST
diff --git a/kubernetes/vfc/charts/vfc-vnfres/values.yaml b/kubernetes/vfc/charts/vfc-vnfres/values.yaml
index 82b74e08f6..1b6fc792a1 100644
--- a/kubernetes/vfc/charts/vfc-vnfres/values.yaml
+++ b/kubernetes/vfc/charts/vfc-vnfres/values.yaml
@@ -38,7 +38,7 @@ secrets:
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/vnfres:1.3.7
+image: onap/vfc/vnfres:1.3.8
pullPolicy: Always
#Istio sidecar injection policy
diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/resources/config/logging/log.yml b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/resources/config/logging/log.yml
index a0bf170fe6..6c00048ff7 100644
--- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/resources/config/logging/log.yml
+++ b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/resources/config/logging/log.yml
@@ -11,6 +11,9 @@ loggers:
level: "DEBUG"
propagate: False
handlers:
+ console:
+ class: "logging.StreamHandler"
+ formatter: "standard"
ztevnfmdriverlocal_handler:
level: "DEBUG"
class:
diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml
index bcae4acf52..32e4133a16 100644
--- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml
@@ -72,12 +72,10 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
+ - name: MSB_HOST
+ value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml
index 18cd207051..8c349e0098 100644
--- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml
+++ b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml
@@ -28,7 +28,7 @@ global:
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/ztevnfmdriver:1.3.6
+image: onap/vfc/ztevnfmdriver:1.3.8
pullPolicy: Always
#Istio sidecar injection policy
diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml
index 4cd3321b7d..3c9b8ceb63 100644
--- a/kubernetes/vid/values.yaml
+++ b/kubernetes/vid/values.yaml
@@ -38,7 +38,7 @@ subChartsOnly:
# application image
repository: nexus3.onap.org:10001
-image: onap/vid:6.0.4
+image: onap/vid:7.0.0
pullPolicy: Always
# mariadb image for initializing
diff --git a/kubernetes/vnfsdk/resources/config/configuration.xml b/kubernetes/vnfsdk/resources/config/configuration.xml
index 6bd4e1c8eb..09b6551c00 100644
--- a/kubernetes/vnfsdk/resources/config/configuration.xml
+++ b/kubernetes/vnfsdk/resources/config/configuration.xml
@@ -23,7 +23,7 @@ PUBLIC "//mybatis.org//DTD Config 3.0//EN"
<transactionManager type="JDBC" />
<dataSource type="UNPOOLED">
<property name="driver" value="org.postgresql.Driver" />
- <property name="url" value="jdbc:postgresql://{{ .Values.postgres.service.name }}:{{ .Values.postgres.service.externalPort }}/marketplaceDB" />
+ <property name="url" value="jdbc:postgresql://{{.Values.postgres.service.name2}}:{{.Values.postgres.service.externalPort}}/marketplaceDB" />
<property name="username" value="${PG_USER}" />
<property name="password" value="${PG_PASSWORD}" />
</dataSource>
diff --git a/kubernetes/vnfsdk/templates/deployment.yaml b/kubernetes/vnfsdk/templates/deployment.yaml
index 06ce21274e..60edcffbbf 100644
--- a/kubernetes/vnfsdk/templates/deployment.yaml
+++ b/kubernetes/vnfsdk/templates/deployment.yaml
@@ -73,7 +73,7 @@ spec:
name: {{ include "common.name" . }}
resources:
{{ include "common.resources" . | indent 12 }}
- volumes:
+ volumeMounts:
- mountPath: /service/webapps/ROOT/WEB-INF/classes/mybatis/configuration/configuration.xml
name: init-data
subPath: configuration.xml
diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml
index b72f39652c..3e0e235717 100644
--- a/kubernetes/vnfsdk/values.yaml
+++ b/kubernetes/vnfsdk/values.yaml
@@ -43,7 +43,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/vnfsdk/refrepo:1.5.2
+image: onap/vnfsdk/refrepo:1.6.0
postgresRepository: crunchydata
postgresImage: crunchy-postgres:centos7-10.3-1.8.2
pullPolicy: Always