summaryrefslogtreecommitdiffstats
path: root/kubernetes/common
AgeCommit message (Collapse)AuthorFilesLines
2020-05-20[COMMON] Security Context templatesSylvain Desbureaux1-0/+21
Create Security contexts templates for pod and containers. Issue-ID: OOM-1971 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Iab9a75627e1c5427ebe8dfb07c59ef1a17198c5e
2020-05-20[COMMON] Templates for readinessSylvain Desbureaux6-17/+158
Create a template in order to have same readiness check everywhere. Issue-ID: OOM-1971 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: If3297184564a8e763110a79ff89eb07dfbc9e630
2020-05-19[COMMON] Fix certInitializer to use proper global valuesKrzysztof Opasiak1-6/+6
One of reasons why certInitializer is a proper chart that you need to put in your requirements.yaml is to avoid copy-pasting the same global values among different charts. As it turned out in tests we've been not "mangling" global values properly while creating $subchartDot. This patch fixes the issue. Issue-ID: AAF-1134 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I630154c4eedd7192ebb1881e5899c8df495d988b
2020-05-18Merge "[COMMON] Use "" instead of {} as a default value to avoid warning"Sylvain Desbureaux1-1/+1
2020-05-16[COMMON] Use "" instead of {} as a default value to avoid warningKrzysztof Opasiak1-1/+1
After we upgraded our helm version we started getting below issues with emails: Warning: Merging destination map for chart 'curator'. Overwriting table item 'image', with non table value: onap/sdnc-image:1.8.2 To fix this let's just use "" instead of () for our daily operations. Issue-ID: OOM-2412 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I5f2c215c281036a7eb921d6a805527c807a4aca9
2020-05-15[COMMON] Enable password generation in postgresKrzysztof Opasiak1-3/+3
Issue-ID: OOM-2250 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ibad1e8d523d2a182d2f43e1ae2b46fff07c11e01
2020-05-14[COMMON] Fix certInitializerKrzysztof Opasiak1-5/+5
By mistage aaf-agent-certs volume was created only if aaf_add_config option was set. This is incorrect as it should be created always. Issue-ID: AAF-1134 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I6172d2cbb781db4a26e09b7c4c324e985978b31e
2020-05-12Merge "[Tree-wide] Make chart build process predictible"Morgan Richomme13-17/+16
2020-05-12Merge "[COMMON] Override truststore in aaf_agent image"Sylvain Desbureaux4-1/+2235
2020-05-08[Tree-wide] Make chart build process predictibleKrzysztof Opasiak13-17/+16
ONAP is built using plain makefile rules. List of targets is generated using wildcard function. Based on make changelog: http://git.savannah.gnu.org/cgit/make.git/tree/NEWS since version 3.82 wildcard is not going to sort its results which means that charts are being processed in an arbitrary order which may lead to build failure due to missing dependencies. Since version 4.3 make started sorting the wildcard results once again which may lead to build issues. To avoid that and make our builds predictible independently from Makefile version let's make sure that we always sort wildcard results. Addinally let's use 'file://' instead of '@local' for charts in common to resolve dependencies between them. Issue-ID: OOM-2399 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Iacb02dcdbd577ce0e9ca1078dd0586d296ec9375
2020-05-07Merge "[AAF] v1.16+ compatible templates"Krzysztof Opasiak1-0/+14
2020-05-07Merge "[COMMON] Add new template for obtaining certificate"Sylvain Desbureaux6-0/+272
2020-05-06[COMMON] Override truststore in aaf_agent imageKrzysztof Opasiak4-1/+2235
aaf_agent image currently contains hardcoded truststores in order to be able to connect to certman to retrieve certificate for given component. The goal is to remove hardcoded truststore from aaf_agent immage but first we need to be sure that all its users are able to provide the truststore to the pod as a configmap. Issue-ID: AAF-1134 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ibe9de6ad7264c05aeca2af858918fc2b4d3a772b
2020-05-06Use RC1 version of CCSDK artifactsDan Timoney1-1/+1
Update helm charts to use RC1 version of CCSDK dockers Issue-ID: CCSDK-2358 Signed-off-by: Dan Timoney <dtimoney@att.com> Change-Id: Id247bdf3442084d724b84ed752956d08868c7ddf
2020-05-06[COMMON] Add new template for obtaining certificateKrzysztof Opasiak6-0/+272
Add new template that can be used to obtain certificate by component. Make also a PoC with NBI. Strongly based on aaf-config template. Issue-ID: AAF-1134 Change-Id: I10cb2a7b36a8dc436be337518cc15431aabbbc5d Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-05-05MUSIC spring boot helm charts (music-sb)Tschaen, Brendan31-1159/+725
Removal of tomcat and zookeeper as per latest music version.. Replaced with cassandra only and spring boot version of music, adding support for https and running the music container under a non-root user Update oof-has music-api configuration, use https Switch to music-api-springboot for all the ready.py Issue-ID: MUSIC-572 Signed-off-by: Tschaen, Brendan <ctschaen@att.com> Change-Id: Idbfac29cb5e9808787b5994e2575f055c292a146 Signed-off-by: vrvarma <vikas.varma@att.com>
2020-05-05[COMMON] add missing ingress templateSylvain Desbureaux1-0/+15
ingress template is needed to create ingress. Issue-ID: OOM-2173 Issue-ID: OOM-2188 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ia957cb25f3f76658affabd148aaa4118b2d7ea0c
2020-05-04[AAF] v1.16+ compatible templatesSylvain Desbureaux1-0/+14
Use the different "common" templates in order to create consistent and v1.16+ compatible templates for the different resources of AAF Issue-ID: AAF-1122 Issue-ID: OOM-1971 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Iefc1391211a69b6584ea127066ce430d4f5eb389
2020-05-04[COMMON|APPC|SDNC] add Ingress to dgbuilderSylvain Desbureaux1-0/+6
Add Ingress for dgbuilder in common and update SDNC and APPC in order to use proper configuration. Issue-ID: OOM-2173 Issue-ID: OOM-2188 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ib810ce3f4b3ff2ff3297c39be352d246aef6d7f1
2020-04-30Merge "[COMMON] Switch dgbuilder chart to new API"Krzysztof Opasiak1-4/+2
2020-04-27[COMMON] Allow to use ' in mysql passwordsKrzysztof Opasiak3-1/+111
derivePassword which we use to generate our passwords includes ' in set of special characters that can be used in passwords. Current implementation of bitnami configure-mysql.sh simply concatenates password surrounded with '' rest of SQL query. This causes issues if password contains ' as it creates invalid SQL statement. To fix this issue we just patch the script and escape the special ' character in password. Issue-ID: OOM-2246 Reported-by: Mateusz Pilat <m.pilat@partner.samsung.com> Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I3d2150760755e55558e2045cbb7ca5693c8ab71f Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-04-24[COMMON] Switch dgbuilder chart to new APIKrzysztof Opasiak1-4/+2
While working on password removal we added a new configuration node (config.db) which should be used for passing db credentials. Now when all user are switched to use new config options we can remove backward compatibility layer and start using new options. Issue-ID: OOM-2247 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I77876fbfc0a4af18fa36f0e8c5813a5e393a7e09
2020-04-22Merge "[COMMON] templates for centralized logs"Krzysztof Opasiak1-0/+53
2020-04-22[COMMON] templates for centralized logsSylvain Desbureaux1-0/+53
Add three templates: * one for creating the sidecar * one for creating the configmap * one for creating the volumes Issue-ID: OOM-2370 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I34ac35a30b3ab892622431ee7c70277bc7b1f41d
2020-04-20Merge "[DMaaP DR Node] v1.16+ compatible templates"Krzysztof Opasiak1-0/+30
2020-04-20Merge "[COMMON] helm chart for elastic db"Krzysztof Opasiak36-4/+2255
2020-04-20[COMMON] helm chart for elastic dbAlexander Dehn36-4/+2255
Add elasticdb as common chart to oom Issue-ID: SDNC-1061 Signed-off-by: Alexander Dehn <alexander.dehn@highstreet-technologies.com> Change-Id: Id8c48113b8d4193d7f13991296f0307a29724c01 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-04-17Add repository for cassandra imageafenner1-1/+1
Change-Id: I287b830f86da0fe0adc440cf9e645f8d244aefe1 Issue-ID: OOM-2368 Signed-off-by: afenner <andrew.fenner@est.tech>
2020-04-16[DMaaP DR Node] v1.16+ compatible templatesSylvain Desbureaux1-0/+30
Use the different "common" templates in order to create consistent and v1.16+ compatible templates for the different resources of DMaaP DR Node. Issue-ID: OOM-1971 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I399b168882d09bd8f08148758a0f683e15ac141c
2020-04-15Merge "[COMMON] Remove hardcoded mariadb-galera password"Sylvain Desbureaux1-1/+1
2020-04-14[COMMON] Allow use of second Node Port PrefixSylvain Desbureaux1-1/+32
OOM uses two node port prefix. Templates were not able to use the second one. This patch allows templates to use the second node port prefix and also to override on a per chart basis the value of the node port prefix. Issue-ID: OOM-1971 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I05f43e3dad93d6f0fbf575657ea41082e7c91053
2020-04-14[COMMON] Remove hardcoded mariadb-galera passwordKrzysztof Opasiak1-1/+1
The time has come! All ONAP charts use now common secret template at least for the mariadb-galera root password (and most of them also for user part). This means that it should be now safe to remove hardcoded mariadb-galera root password and depend on common secret template to generate it for every deployment. No more secretpassword!:D Issue-ID: OOM-2342 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ib9d8bbcc45bfd85a4d762c716c03dba23d901009
2020-04-03Merge "[COMMON] Faster aafConfig template"Krzysztof Opasiak1-123/+45
2020-04-03Merge "[COMMON] More versatile templates for storage"Krzysztof Opasiak1-45/+199
2020-04-03[COMMON] Faster aafConfig templateSylvain Desbureaux1-123/+45
"index" function is bad in term of performance in Helm. Reworked the templates in order to avoid it. as certificates are retrieved at every boot (and as already present certs are deleted before), we don't need persistent storage Also set aafImage as a global variable in order to have a consistent use accross ONAP Issue-ID: EXTAPI-375 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ie3f5ae5c2a37d816afc42d2c67ebe8e40e749c79
2020-04-02Use released Frankfurt M4 images for SDNC and CCSDKDan Timoney1-1/+1
Update image versions for SDNC and CCSDK to use Frankfurt M4 versions Updated CDS versions to use repaired version 0.7.1 Reverted naming service to El Alto version (0.6.3) as workaround while startup issue is investigated. Issue-ID: SDNC-1110 Signed-off-by: Dan Timoney <dtimoney@att.com> Change-Id: Ie76466dd65a3a3dfb0df2aaa13f14c298bbc7c11
2020-04-02Bump chart versionSylvain Desbureaux25-27/+27
Use 6.0.0 in preparation for Frankfurt release Issue-ID: OOM-2320 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I8ad82dfdf48b56c38c0e85d640b18cc13c8d9e67
2020-04-01[COMMON] More versatile templates for storageSylvain Desbureaux1-45/+199
1. Add the possibility to specify a suffix and a specific persistence information path. This is useful when a deployment has several PVC 2. Create a template for Volume Claim Templates in Statefulset Issue-ID: OOM-1971 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I0ed47818e8f5a73b54f95cb82615adaa03bf8ce8
2020-04-01[SDC BE] Remove HTTP node port 30205gummar1-7/+12
Keep HTTP port reachable from inside the server. Issue-ID: OJSI-101 Change-Id: I0468697d8f3d0192a5d8e102501db0d14633fa86 Signed-off-by: gummar <raj.gumma@est.tech> Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-03-31[COMMON] Allow to include filePaths as a reference to variableKrzysztof Opasiak1-1/+13
filePaths comes as a list and we didn't "fully support" passing this variable as a reference to other variable like we do in all other cases. Let's fix that and allow both constructs: secrets: - name: construct 1 type: generic filePaths: - file1 - file2 - name: construct 2 type: generic filePaths: '{{ .Values.fpaths }}' fpaths: | - file1 - file2 - '{{ include "templateThatGeneratesFileName" . }} Please note the | after : in fpaths. It means that from yaml point of view this is is a string. We need to do it this way because we pass this to tpl function and then we need to collect a proper list from it. Issue-ID: SO-2730 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I5a6b475366bfea4cd0995a7e530bf88cb8ad639e
2020-03-26Merge "[COMMON] Handle generic secrets in secretFast"Krzysztof Opasiak1-1/+4
2020-03-26[COMMON] Handle generic secrets in secretFastSylvain Desbureaux1-1/+4
Generic secrets needs filePaths key in their dictionary which was not correctly handled by previous implementation of secretFast. Issue-ID: OOM-2051 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Idc1062db5867bd23d580fbe59c90c0ce410151ce
2020-03-26[COMMON] Add annotations to resource metadata tplSylvain Desbureaux1-1/+4
Resource Metadata template can now have an optional "annotation" field in dict, which can be useful for post install job for example. Issue-ID: OOM-1971 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ib25ce4e09a7a51a35cf878e1c1198370e6dd2b20
2020-03-25[COMMON] Optimize common secret templateKrzysztof Opasiak17-31/+263
It turned out that our current implementation of common secret template is really heavy which makes onap linitng extremely long. To improve the situation let's introduce some results caching instead of processing templates over and over. For now we cannot simply replace common secret template because in mariadb-init we generate list of secrets on the fly so we will need to revisit this fragment later. Whole series of patches managed to reduce ONAP linting time to 40 mins. Issue-ID: OOM-2051 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Id2e743147afa37290df19b73feee67621f13f67c
2020-03-18Enhancements for common templatesAlexander Dehn4-37/+329
_labels.tpl: - support of additional customized labels in common.labels, common.matchLabels, common.selectors common.templateMetadata - support of name suffix in common.resourceMetadata _name.tpl: - support of name suffix in common.name, common.fullname, common.fullnameExplicit _service.tpl - support of additional customized labels in common.serviceMetadata, common.*service - support of sessionAffinity in common.service New common template: _aafconfig - new common template to enable charts for AAF includes templates for init container, volumemounts, pvc and pv Issue-ID: SDNC-1088 Change-Id: Icbaa806608f9e1f36f0e47686668ae3632d3f2b0 Signed-off-by: Alexander Dehn <alexander.dehn@highstreet-technologies.com> Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-03-10[COMMON] Allow special characters in postgress passwordsKrzysztof Opasiak3-3/+80
Postgres image that we are currently using uses sed to replace passwords placeholders with their actual values at startup time. This apprach is very fragile and leads to issues if & happens to be a part of password as it has a special meaning in sed. To fix this issue let's just extract the setup.sql file from the container and process it on our own in init container using envsubst and then mount it to the main container to be used. Issue-ID: OOM-2317 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ifd51d8f0af0099958caa209185fb7a87a0480bd2
2020-03-09Merge "[COMMON] Add a template for PV"Krzysztof Opasiak1-1/+55
2020-03-06[COMMON] Add a template for PVSylvain Desbureaux1-1/+55
Issue-ID: OOM-1227 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ia885d54fbb9a9fe1ea8a0dec311f63b11cc028c6
2020-03-06[COMMON] Allow to attach annotations to secretsKrzysztof Opasiak1-1/+8
SO adds some annotations to one of its secres so let's extend the common secret template with the ability to add annotations. Issue-ID: OOM-2328 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I4c33d87724b2296852d62e2ddf9061ff4e235157
2020-03-06[COMMON] Handle TLS/Non-TLS for ServiceSylvain Desbureaux4-26/+728
Current service and headlessService templates doesn't handle the fact that out of cluster ports must be TLS encrypted only. With a new (backward compatible) DSL, this is now possible. In values.yaml, all ports in service part with port AND plain_port will have the ability to be HTTP or HTTPS depending on the context. Per default, they'll be HTTPS. TLS choice will be done according this table: | tlsOverride | global.tlsEnabled | global.serviceMesh.enabled | global.serviceMesh.tls | result | |-------------|-------------------|----------------------------|------------------------|--------| | not present | not present | not present | any | true | | not present | not present | false | any | true | | not present | not present | true | false | true | | not present | not present | true | true | false | | not present | true | any | any | true | | not present | false | any | any | false | | true | any | any | any | true | | false | any | any | any | false | Service template will create one or two service templates according to this table: | serviceType | both_tls_and_plain | result | |---------------|--------------------|--------------| | ClusterIP | any | one Service | | Not ClusterIP | not present | one Service | | Not ClusterIP | false | one Service | | Not ClusterIP | true | two Services | If two services are created, one is ClusterIP with both crypted and plain ports and the other one is NodePort (or LoadBalancer) with crypted port only. Issue-ID: OOM-1936 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: If766dd73132022d1a6e578fd36113c461bb91ea5