summaryrefslogtreecommitdiffstats
path: root/kubernetes/common
AgeCommit message (Collapse)AuthorFilesLines
2021-03-09Merge "[COMMON] Fix postgres data persistence"Krzysztof Opasiak2-0/+5
2021-03-08[COMMON] Fix postgres data persistenceBruno Sakoto2-0/+5
This changes fixes postgres data lost that occurs when postgres pods are restarting. When crunchy data postgres image starts, it runs /opt/cpm/bin/setenv.sh script to set PGDATA folder. This script contains: -- export PGDATA=/pgdata/$HOSTNAME if [[ -v PGDATA_PATH_OVERRIDE ]]; then export PGDATA=/pgdata/$PGDATA_PATH_OVERRIDE fi -- Since postgres is now a deployment (commit 0b243b600), its pod name is different on each startup, hence HOSTNAME and PGDATA are also different each time. This change is leveraging crunchy data PGDATA_PATH_OVERRIDE environment variable to set PGDATA to a fixed path. By default, this path is set to /pgdata/data. Issue-ID: CPS-271 Change-Id: Icc0f05d64230a98bc21d8f2a74c12c6661e05482 Signed-off-by: Bruno Sakoto <bruno.sakoto@bell.ca>
2021-03-08Merge "[COMMON] Get rid of a few bashisms"Sylvain Desbureaux2-3/+2
2021-03-03[CPS] Configuration Persistence Service Chartsputhuparambil.aditya1-0/+3
CPS Helm charts added Issue-ID: CPS-7 Co-authored-by: puthuparambil.aditya <aditya.puthuparambil@bell.ca> Co-authored-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Co-authored-by: Bruno Sakoto <bruno.sakoto@bell.ca> Signed-off-by: Claudio David Gasparini <claudio.gasparini@pantheon.tech> Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Signed-off-by: puthuparambil.aditya <aditya.puthuparambil@bell.ca> Signed-off-by: Bruno Sakoto <bruno.sakoto@bell.ca> Change-Id: I027e5e4b3eec78ce889168f8796d55e6f9fd9be6 Signed-off-by: puthuparambil.aditya <aditya.puthuparambil@bell.ca>
2021-03-03[COMMON][READINESS] Fix user and groupSylvain Desbureaux2-0/+6
readiness check can be launched in a lot of various situation. Especially, it can be runned on deployments / statefulsets where the user and group are fixed. But python code underneath can work only when user is set to "onap" as requirements are installed only for this specific user. This patch forces the user and group to the desired one. Issue-ID: OOM-2694 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ie70f8e851c30f530fd7a0d6e34ee5bda9274e874
2021-03-03Merge "[GENERAL] Allow different port for svc and pod"Krzysztof Opasiak1-4/+3
2021-03-03[COMMON] Get rid of a few bashismsGuillaume Lambert2-3/+2
The built-in command source is a bashism. Profiles script must be dotted and not sourced when possible. Issue-ID: OOM-2688 OOM-2158 Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com> Change-Id: Id7cad0d499129fa3b7ea020e906748243b1b3ace
2021-03-02Merge "[COMMON][CERTINIT] Fail if cert retrieval fails"Krzysztof Opasiak4-4/+33
2021-03-02[GENERAL] Allow different port for svc and podSylvain Desbureaux1-4/+3
Instead of having the exact same port number for service and container, let's allow to use an internal port (usually > 1024) and a service port (usually 80 or 443). Issue-ID: OOM-2674 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ib90073fc8b069fceed7666778ae0c7b8a8ffcdca
2021-02-27[COMMON][CERTINIT] Fail if cert retrieval failsSylvain Desbureaux4-4/+33
Current script that retrieve certificates can fail but exit code will be 0. We then add a check in the script in order to avoid such issue Issue-ID: OOM-2688 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ib41c66a4de46db8752f68ef35a2bfb67ca575246
2021-02-24[CASSANDRA] Loosen probe check timeSylvain Desbureaux2-2/+14
As for main cassandra chart, with Azure and also some internal deployments, `nodepool status` takes more than 3 seconds and so cassandra is not coming up or quite randomly. This patch gives more room to `nodepool status` to answer. Issue-ID: OOM-2687 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: If6a148a432ed3d83a1e89d38f20fe87e89ab0f57
2021-02-22[GENERIC][CASSANDRA] Loosen probe check timeSylvain Desbureaux1-4/+4
With Azure and also some internal deployments, `nodepool status` takes more than 3 seconds (it can go up to 6 seconds) and so cassandra is not coming up or quite randomly. This patch gives more room to `nodepool status` to answer. Issue-ID: OOM-2687 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I98b0adc751e3cd4fa8710f88567cd8896db548eb
2021-02-19[SDNC] Fix issue with certs from CMPv2 by Netconf (TLS)Piotr Marcinkiewicz2-4/+28
- correct cmpv2Certificate to take outputType from 'certificates' - add postStart hook for CertManagerIntegration to make cert dir writable - add setting ODL_CERT_DIR env Issue-ID: SDNC-1477 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I4531392cc4f113b173d10a27b98b1fe97d6faa4d
2021-02-16Merge "[COMMON][CASSANDRA] Service mesh compatible deploy"Krzysztof Opasiak1-0/+8
2021-02-15[COMMON] Fix problem with useNodePortExtJack Lucas1-1/+1
Fix so that the useNodePortExt flag is honored when creating a k8s Service with the service template. Issue-ID: OOM-2679 Signed-off-by: Jack Lucas <jflos@sonoris.net> Change-Id: I40ff3ab6df28ee1f9c582dff35a5360f632accbd
2021-02-10[COMMON][CASSANDRA] Service mesh compatible deploySylvain Desbureaux1-0/+8
In order to make cassandra behaving smoothly on service mesh, we must make it listen to 127.0.0.1 but broadcasting the real IP address. This patch does it. Issue-ID: OOM-2252 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I2c494a987a7d2d72ddce84ac7fab15bcadbc8cf4
2021-02-10Merge "[COMMON] Create certManagerCertificate chart"Sylvain Desbureaux5-192/+284
2021-02-07[MUSIC] Make MUSIC to use cert managerkrishnaa966-25/+28
Make music to use cert manager to generate and load the certificates Issue-ID: OOM-2673 Signed-off-by: Krishna Moorthy <krishna.moorthy6@wipro.com> Change-Id: I3c655107bebb969f317bcbe87cfc6a55a1821533
2021-02-05[COMMON] Create certManagerCertificate chartPiotr Marcinkiewicz5-192/+284
- Create certManagerCertificate chart for Certificate template - Change default values for duration and renewBefore - Add creation Secret with keystore password - Use template in SDNC (add volumes and volumesMounts) Issue-ID: OOM-2568 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: Ib70d91b599fa6813ed0a6d5b96206508f2fdafcf
2021-02-04Merge "[COMMON] Fix Ingress templating"Krzysztof Opasiak1-7/+13
2021-02-02Merge "[COMMON][ETCD] Skip startup self-discovery for etcd nodes"Krzysztof Opasiak1-0/+4
2021-01-27[PLATFORM] Update cert service images to 2.3.3Joanna Jeremicz2-4/+4
Enhance CertServiceAPI response (include CMP server error messages) Fix KeyUsage extension sent to CMPv2 server Issue-ID: OOM-2658 Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com> Change-Id: Ic2c68b85fce08d20e423b316a3234e6f00799a42
2021-01-27Merge "[COMMON] Add template for CertServiceClient"Sylvain Desbureaux6-0/+268
2021-01-26[COMMON] Fix Ingress templatingSylvain Desbureaux1-7/+13
New TLS part of Ingress templating was broken. This commit fixes it. Issue-ID: OOM-2609 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I0b9b41e052911ef0064696ac7cf6ca8a274ae1dd
2021-01-25Merge "[COMMON][MARIADB] Force Galera Node address"Krzysztof Opasiak1-0/+6
2021-01-25[COMMON][ETCD] Skip startup self-discovery for etcd nodesKonrad Bańka1-0/+4
Current startup script of etcd checks whether all assumed other nodes are already running, before proceeding. This check, however, also includes checking localhost, but due to using headless service statefulset pod DNS discovery, it doesnt succeed immediately. In some deployments k8s DNS server may be laggy, thus failing startup script to finish before liveness check. This patch fixes such failures of 1 pod etcd clusters, and improves startup time for any size ones. Signed-off-by: Konrad Bańka <k.banka@samsung.com> Issue-ID: OOM-2668 Change-Id: I2f9263a0f4964b0a495631775d0cbbceef25e85b
2021-01-21Merge "[COMMON][CERTS] Use sh to onboard custom certs"Krzysztof Opasiak2-7/+13
2021-01-20[COMMON] Add template for CertServiceClientRemigiusz Janeczek6-0/+268
Create generic template to simplify CertServiceClient use Issue-ID: OOM-2568 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> Change-Id: I4fb9829b27b1dd13a9e7a098f807710cc5648438
2021-01-19[COMMON][CERTS] Use sh to onboard custom certsSylvain Desbureaux2-7/+13
Today, onboarding custom certificates relies on `bash`. But image used for that doesn't have bash. Therefore, we need to use `sh` in order to onboard the certs. Issue-ID: OOM-2666 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ia8087bd9484a013ac76044681059f634a4e45eb8
2021-01-18[COMMON][MARIADB] Force Galera Node addressSylvain Desbureaux1-0/+6
Bitnami init script can automatically choose the node address (which is the IP address of the container). Unfortunately, this doesn't work when on dual stack as both IP addresses with a space are given (see https://github.com/bitnami/charts/issues/4077). This patch force the IP address so we can get rid of this issue Issue-ID: OOM-2661 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I5dd2147df1932b1f0fdde7c2b55585cff45bab68
2021-01-18[COMMON] Uses new generator for repos and imagesSylvain Desbureaux3-2/+3
This commit makes common template to use the new generator for repositories and images. Issue-ID: OOM-2364 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I35123faf99ae3bffea68bc39776f320c4168b45f
2021-01-13Merge "[CMPV2] Generate certificate name"Krzysztof Opasiak1-9/+9
2021-01-13[CMPV2] Generate certificate nameJan Malkiewicz1-9/+9
Genereate names of certificate and secret Issue-ID: OOM-2568 Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com> Change-Id: I014df059f348e974f6d222b5d6d1c2416bea0440
2021-01-12Merge "[COMMON][Readiness] Uses new tpls for repos / images"Krzysztof Opasiak4-3/+5
2021-01-08Merge "[CMPV2] Add a template for Certificate (cert-manager)"Sylvain Desbureaux1-0/+192
2021-01-08[COMMON][Readiness] Uses new tpls for repos / imagesSylvain Desbureaux4-3/+5
This commit makes Readiness Check template to use the new generator for repositories and images. Issue-ID: OOM-2364 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I6d115a071e11f9e992f04ec2a14595a5aed5401b
2021-01-06[PLATFORM] Update cert service images to 2.3.2Remigiusz Janeczek1-2/+2
Align Cert Service Api to RFC4210. Fix Cert Service Client CA_NAME validation. Fix Cert Service External Provider logging. Issue-ID: OOM-2656 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> Change-Id: I644946b139bd4879e44cdf705eadcc4c2c81a0e2
2021-01-06[CMPV2] Add a template for Certificate (cert-manager)Jan Malkiewicz1-0/+192
This commit introduces a template for requesting a cert-manager certificate. See: https://cert-manager.io. It consist of the following parts: - a template for creating certificate in commons component - a definition of a certifcate object in sdnc component Issue-ID: OOM-2568 Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com> Change-Id: If58b8f12eff075d058db5a0fee3b2db5c2c93a17
2021-01-04[COMMON][MARIADB] Set init wait right variableSylvain Desbureaux1-1/+1
Bitnami mariadb-galera image has a special environment variable that allows to wait few seconds for mariadb to be fully initialized. This is especially important when a lot of pods are created in parallel, like in OOM. Unfortunately, the variable name used wasn't the good one. This patch rectifies that Issue-ID: OOM-1720 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I2f41ec734a45197c40d5adfa9e214ba5e335f44d
2020-12-17[COMMON][CertInit] Uses new tpls for repos / imagesSylvain Desbureaux5-4/+11
This commit makes CertInitializer template to use the new generator for repositories and images. Issue-ID: OOM-2364 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I5efa37225bfe05e2c7be7b8d2420ccaeb10afe62
2020-12-17Merge "[COMMON][MARIADB] Upgrade Mariadb DB galera version"Krzysztof Opasiak28-1078/+1087
2020-12-17Merge "[COMMON] Add job support for readinessCheck"Krzysztof Opasiak1-1/+14
2020-12-14[COMMON][MARIADB] Upgrade Mariadb DB galera versionSylvain Desbureaux28-1078/+1087
Mariadb DB Galera containers version is outdated and unmaintained. We need them to move to a new image provider. As new image provider is not compatible with our old templates, we also update the templates (by reworking bitnami mariadb-galera chart). An update of global mariadb image is also done in order to match mariadb galera version. Issue-ID: OOM-1720 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ib9976227759e90022183d4f37fc655143be4d6ac
2020-12-14[COMMON] Add job support for readinessCheckSylvain Desbureaux1-1/+14
readinessCheck was only supporting "container" readiness and not "job" readiness. This patch adds the ability to wait for job readiness also. for that, we need to use the "extended" version and set type to `job` as we can see it the example: ```yaml wait_for: name: myname jobs: - '{{ include "common.release" . }}-the-job' ``` Issue-ID: OOM-2647 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Iee5426995de63ec8fe2f8c61ff9384a314c86db4
2020-12-14Merge "[COMMON] Configure paths for Ingress"Krzysztof Opasiak1-31/+7
2020-12-09[COMMON] Enhancements on common templatesSylvain Desbureaux2-8/+16
It's a collection of small enhancements for common templates. Issue-ID: OOM-1720 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I426f7aed05ea7e94899b9e4888f4e4c66b69cb53
2020-12-08[COMMON] Configure paths for IngressSylvain Desbureaux1-31/+7
Instead of globally choosing between virtualhosts and path based ingress, it's better to allow to choose it per component. Issue-ID: OOM-2641 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I952826d03722693ebae7c95a083b95bf83752d68
2020-12-07[COMMON] New affinities templatesSylvain Desbureaux1-0/+109
Pod/Node affinity may be important to set, especially in the context of statefulset. These templates helps in order to make it work. Issue-ID: OOM-1720 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ic2ce2fc1188c4181bd8042b8410c1b810f50bff7
2020-12-04Merge "[COMMON][MUSIC] Uses new tpls for repos / images"Krzysztof Opasiak33-346/+272
2020-12-02[PLATFORM] Update cert service images to 2.3.1Remigiusz Janeczek1-2/+2
Update cert service and cert service client to allow IPAddresses, E-mails and URIs as SANs. Update ejbca configuration with IPAddresses, E-mail and URIs. Fix dcae bp inputs to use comma as SANs delimiter (from to allow use of IPv6) Issue-ID: OOM-2559 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> Change-Id: I71bea7f63540eb5d345bce6867fa25e098353d6d