summaryrefslogtreecommitdiffstats
path: root/kubernetes/common
AgeCommit message (Collapse)AuthorFilesLines
2020-05-08[Tree-wide] Make chart build process predictibleKrzysztof Opasiak13-17/+16
ONAP is built using plain makefile rules. List of targets is generated using wildcard function. Based on make changelog: http://git.savannah.gnu.org/cgit/make.git/tree/NEWS since version 3.82 wildcard is not going to sort its results which means that charts are being processed in an arbitrary order which may lead to build failure due to missing dependencies. Since version 4.3 make started sorting the wildcard results once again which may lead to build issues. To avoid that and make our builds predictible independently from Makefile version let's make sure that we always sort wildcard results. Addinally let's use 'file://' instead of '@local' for charts in common to resolve dependencies between them. Issue-ID: OOM-2399 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Iacb02dcdbd577ce0e9ca1078dd0586d296ec9375
2020-05-07Merge "[AAF] v1.16+ compatible templates"Krzysztof Opasiak1-0/+14
2020-05-07Merge "[COMMON] Add new template for obtaining certificate"Sylvain Desbureaux6-0/+272
2020-05-06Use RC1 version of CCSDK artifactsDan Timoney1-1/+1
Update helm charts to use RC1 version of CCSDK dockers Issue-ID: CCSDK-2358 Signed-off-by: Dan Timoney <dtimoney@att.com> Change-Id: Id247bdf3442084d724b84ed752956d08868c7ddf
2020-05-06[COMMON] Add new template for obtaining certificateKrzysztof Opasiak6-0/+272
Add new template that can be used to obtain certificate by component. Make also a PoC with NBI. Strongly based on aaf-config template. Issue-ID: AAF-1134 Change-Id: I10cb2a7b36a8dc436be337518cc15431aabbbc5d Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-05-05MUSIC spring boot helm charts (music-sb)Tschaen, Brendan31-1159/+725
Removal of tomcat and zookeeper as per latest music version.. Replaced with cassandra only and spring boot version of music, adding support for https and running the music container under a non-root user Update oof-has music-api configuration, use https Switch to music-api-springboot for all the ready.py Issue-ID: MUSIC-572 Signed-off-by: Tschaen, Brendan <ctschaen@att.com> Change-Id: Idbfac29cb5e9808787b5994e2575f055c292a146 Signed-off-by: vrvarma <vikas.varma@att.com>
2020-05-05[COMMON] add missing ingress templateSylvain Desbureaux1-0/+15
ingress template is needed to create ingress. Issue-ID: OOM-2173 Issue-ID: OOM-2188 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ia957cb25f3f76658affabd148aaa4118b2d7ea0c
2020-05-04[AAF] v1.16+ compatible templatesSylvain Desbureaux1-0/+14
Use the different "common" templates in order to create consistent and v1.16+ compatible templates for the different resources of AAF Issue-ID: AAF-1122 Issue-ID: OOM-1971 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Iefc1391211a69b6584ea127066ce430d4f5eb389
2020-05-04[COMMON|APPC|SDNC] add Ingress to dgbuilderSylvain Desbureaux1-0/+6
Add Ingress for dgbuilder in common and update SDNC and APPC in order to use proper configuration. Issue-ID: OOM-2173 Issue-ID: OOM-2188 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ib810ce3f4b3ff2ff3297c39be352d246aef6d7f1
2020-04-30Merge "[COMMON] Switch dgbuilder chart to new API"Krzysztof Opasiak1-4/+2
2020-04-27[COMMON] Allow to use ' in mysql passwordsKrzysztof Opasiak3-1/+111
derivePassword which we use to generate our passwords includes ' in set of special characters that can be used in passwords. Current implementation of bitnami configure-mysql.sh simply concatenates password surrounded with '' rest of SQL query. This causes issues if password contains ' as it creates invalid SQL statement. To fix this issue we just patch the script and escape the special ' character in password. Issue-ID: OOM-2246 Reported-by: Mateusz Pilat <m.pilat@partner.samsung.com> Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I3d2150760755e55558e2045cbb7ca5693c8ab71f Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-04-24[COMMON] Switch dgbuilder chart to new APIKrzysztof Opasiak1-4/+2
While working on password removal we added a new configuration node (config.db) which should be used for passing db credentials. Now when all user are switched to use new config options we can remove backward compatibility layer and start using new options. Issue-ID: OOM-2247 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I77876fbfc0a4af18fa36f0e8c5813a5e393a7e09
2020-04-22Merge "[COMMON] templates for centralized logs"Krzysztof Opasiak1-0/+53
2020-04-22[COMMON] templates for centralized logsSylvain Desbureaux1-0/+53
Add three templates: * one for creating the sidecar * one for creating the configmap * one for creating the volumes Issue-ID: OOM-2370 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I34ac35a30b3ab892622431ee7c70277bc7b1f41d
2020-04-20Merge "[DMaaP DR Node] v1.16+ compatible templates"Krzysztof Opasiak1-0/+30
2020-04-20Merge "[COMMON] helm chart for elastic db"Krzysztof Opasiak36-4/+2255
2020-04-20[COMMON] helm chart for elastic dbAlexander Dehn36-4/+2255
Add elasticdb as common chart to oom Issue-ID: SDNC-1061 Signed-off-by: Alexander Dehn <alexander.dehn@highstreet-technologies.com> Change-Id: Id8c48113b8d4193d7f13991296f0307a29724c01 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-04-17Add repository for cassandra imageafenner1-1/+1
Change-Id: I287b830f86da0fe0adc440cf9e645f8d244aefe1 Issue-ID: OOM-2368 Signed-off-by: afenner <andrew.fenner@est.tech>
2020-04-16[DMaaP DR Node] v1.16+ compatible templatesSylvain Desbureaux1-0/+30
Use the different "common" templates in order to create consistent and v1.16+ compatible templates for the different resources of DMaaP DR Node. Issue-ID: OOM-1971 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I399b168882d09bd8f08148758a0f683e15ac141c
2020-04-15Merge "[COMMON] Remove hardcoded mariadb-galera password"Sylvain Desbureaux1-1/+1
2020-04-14[COMMON] Allow use of second Node Port PrefixSylvain Desbureaux1-1/+32
OOM uses two node port prefix. Templates were not able to use the second one. This patch allows templates to use the second node port prefix and also to override on a per chart basis the value of the node port prefix. Issue-ID: OOM-1971 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I05f43e3dad93d6f0fbf575657ea41082e7c91053
2020-04-14[COMMON] Remove hardcoded mariadb-galera passwordKrzysztof Opasiak1-1/+1
The time has come! All ONAP charts use now common secret template at least for the mariadb-galera root password (and most of them also for user part). This means that it should be now safe to remove hardcoded mariadb-galera root password and depend on common secret template to generate it for every deployment. No more secretpassword!:D Issue-ID: OOM-2342 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ib9d8bbcc45bfd85a4d762c716c03dba23d901009
2020-04-03Merge "[COMMON] Faster aafConfig template"Krzysztof Opasiak1-123/+45
2020-04-03Merge "[COMMON] More versatile templates for storage"Krzysztof Opasiak1-45/+199
2020-04-03[COMMON] Faster aafConfig templateSylvain Desbureaux1-123/+45
"index" function is bad in term of performance in Helm. Reworked the templates in order to avoid it. as certificates are retrieved at every boot (and as already present certs are deleted before), we don't need persistent storage Also set aafImage as a global variable in order to have a consistent use accross ONAP Issue-ID: EXTAPI-375 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ie3f5ae5c2a37d816afc42d2c67ebe8e40e749c79
2020-04-02Use released Frankfurt M4 images for SDNC and CCSDKDan Timoney1-1/+1
Update image versions for SDNC and CCSDK to use Frankfurt M4 versions Updated CDS versions to use repaired version 0.7.1 Reverted naming service to El Alto version (0.6.3) as workaround while startup issue is investigated. Issue-ID: SDNC-1110 Signed-off-by: Dan Timoney <dtimoney@att.com> Change-Id: Ie76466dd65a3a3dfb0df2aaa13f14c298bbc7c11
2020-04-02Bump chart versionSylvain Desbureaux25-27/+27
Use 6.0.0 in preparation for Frankfurt release Issue-ID: OOM-2320 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I8ad82dfdf48b56c38c0e85d640b18cc13c8d9e67
2020-04-01[COMMON] More versatile templates for storageSylvain Desbureaux1-45/+199
1. Add the possibility to specify a suffix and a specific persistence information path. This is useful when a deployment has several PVC 2. Create a template for Volume Claim Templates in Statefulset Issue-ID: OOM-1971 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I0ed47818e8f5a73b54f95cb82615adaa03bf8ce8
2020-04-01[SDC BE] Remove HTTP node port 30205gummar1-7/+12
Keep HTTP port reachable from inside the server. Issue-ID: OJSI-101 Change-Id: I0468697d8f3d0192a5d8e102501db0d14633fa86 Signed-off-by: gummar <raj.gumma@est.tech> Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-03-31[COMMON] Allow to include filePaths as a reference to variableKrzysztof Opasiak1-1/+13
filePaths comes as a list and we didn't "fully support" passing this variable as a reference to other variable like we do in all other cases. Let's fix that and allow both constructs: secrets: - name: construct 1 type: generic filePaths: - file1 - file2 - name: construct 2 type: generic filePaths: '{{ .Values.fpaths }}' fpaths: | - file1 - file2 - '{{ include "templateThatGeneratesFileName" . }} Please note the | after : in fpaths. It means that from yaml point of view this is is a string. We need to do it this way because we pass this to tpl function and then we need to collect a proper list from it. Issue-ID: SO-2730 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I5a6b475366bfea4cd0995a7e530bf88cb8ad639e
2020-03-26Merge "[COMMON] Handle generic secrets in secretFast"Krzysztof Opasiak1-1/+4
2020-03-26[COMMON] Handle generic secrets in secretFastSylvain Desbureaux1-1/+4
Generic secrets needs filePaths key in their dictionary which was not correctly handled by previous implementation of secretFast. Issue-ID: OOM-2051 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Idc1062db5867bd23d580fbe59c90c0ce410151ce
2020-03-26[COMMON] Add annotations to resource metadata tplSylvain Desbureaux1-1/+4
Resource Metadata template can now have an optional "annotation" field in dict, which can be useful for post install job for example. Issue-ID: OOM-1971 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ib25ce4e09a7a51a35cf878e1c1198370e6dd2b20
2020-03-25[COMMON] Optimize common secret templateKrzysztof Opasiak17-31/+263
It turned out that our current implementation of common secret template is really heavy which makes onap linitng extremely long. To improve the situation let's introduce some results caching instead of processing templates over and over. For now we cannot simply replace common secret template because in mariadb-init we generate list of secrets on the fly so we will need to revisit this fragment later. Whole series of patches managed to reduce ONAP linting time to 40 mins. Issue-ID: OOM-2051 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Id2e743147afa37290df19b73feee67621f13f67c
2020-03-18Enhancements for common templatesAlexander Dehn4-37/+329
_labels.tpl: - support of additional customized labels in common.labels, common.matchLabels, common.selectors common.templateMetadata - support of name suffix in common.resourceMetadata _name.tpl: - support of name suffix in common.name, common.fullname, common.fullnameExplicit _service.tpl - support of additional customized labels in common.serviceMetadata, common.*service - support of sessionAffinity in common.service New common template: _aafconfig - new common template to enable charts for AAF includes templates for init container, volumemounts, pvc and pv Issue-ID: SDNC-1088 Change-Id: Icbaa806608f9e1f36f0e47686668ae3632d3f2b0 Signed-off-by: Alexander Dehn <alexander.dehn@highstreet-technologies.com> Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-03-10[COMMON] Allow special characters in postgress passwordsKrzysztof Opasiak3-3/+80
Postgres image that we are currently using uses sed to replace passwords placeholders with their actual values at startup time. This apprach is very fragile and leads to issues if & happens to be a part of password as it has a special meaning in sed. To fix this issue let's just extract the setup.sql file from the container and process it on our own in init container using envsubst and then mount it to the main container to be used. Issue-ID: OOM-2317 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ifd51d8f0af0099958caa209185fb7a87a0480bd2
2020-03-09Merge "[COMMON] Add a template for PV"Krzysztof Opasiak1-1/+55
2020-03-06[COMMON] Add a template for PVSylvain Desbureaux1-1/+55
Issue-ID: OOM-1227 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ia885d54fbb9a9fe1ea8a0dec311f63b11cc028c6
2020-03-06[COMMON] Allow to attach annotations to secretsKrzysztof Opasiak1-1/+8
SO adds some annotations to one of its secres so let's extend the common secret template with the ability to add annotations. Issue-ID: OOM-2328 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I4c33d87724b2296852d62e2ddf9061ff4e235157
2020-03-06[COMMON] Handle TLS/Non-TLS for ServiceSylvain Desbureaux4-26/+728
Current service and headlessService templates doesn't handle the fact that out of cluster ports must be TLS encrypted only. With a new (backward compatible) DSL, this is now possible. In values.yaml, all ports in service part with port AND plain_port will have the ability to be HTTP or HTTPS depending on the context. Per default, they'll be HTTPS. TLS choice will be done according this table: | tlsOverride | global.tlsEnabled | global.serviceMesh.enabled | global.serviceMesh.tls | result | |-------------|-------------------|----------------------------|------------------------|--------| | not present | not present | not present | any | true | | not present | not present | false | any | true | | not present | not present | true | false | true | | not present | not present | true | true | false | | not present | true | any | any | true | | not present | false | any | any | false | | true | any | any | any | true | | false | any | any | any | false | Service template will create one or two service templates according to this table: | serviceType | both_tls_and_plain | result | |---------------|--------------------|--------------| | ClusterIP | any | one Service | | Not ClusterIP | not present | one Service | | Not ClusterIP | false | one Service | | Not ClusterIP | true | two Services | If two services are created, one is ClusterIP with both crypted and plain ports and the other one is NodePort (or LoadBalancer) with crypted port only. Issue-ID: OOM-1936 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: If766dd73132022d1a6e578fd36113c461bb91ea5
2020-02-27Merge "Cassandra 3 Upgrade"Krzysztof Opasiak1-1/+2
2020-02-26Merge "[COMMON] Allow to choose between nodePortPrefix and nodePortPrefixExt"Borislav Glozman1-1/+4
2020-02-26Cassandra 3 Upgradeshrek20001-1/+2
Move OOM to use SDC cassandra 3 Issue-ID: SDC-2595 Signed-off-by: shrek2000 <oren.kleks@amdocs.com> Change-Id: Ie58f3420cad70fbed7931656a98951e69a4b7b4b Signed-off-by: shrek2000 <oren.kleks@amdocs.com>
2020-02-24[COMMON] Allow to choose between nodePortPrefix and nodePortPrefixExtKrzysztof Opasiak1-1/+4
Add the ability to specify whether a nodePortPrefix or nodePortPrefixExt should be used while defining a port using common service template. Now you can specify: ports: - name: http port: 9098 nodePort: "09" prefix: nodePortPrefixExt Issue-ID: OOM-1971 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ied78584e5b1c8f479ca180890df67ad4dee3501a
2020-02-22Drop support for postgres-legacy common chartKrzysztof Opasiak17-1456/+0
There is no need to maintain two postgres charts if all components can work with the newest version so let's remove the legacy one. Issue-ID: OOM-2310 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I8b399902e37fdec7e55552e7972daaf1c0c74cfe
2020-02-19[COMMON] Use common mariadb-galera instance in network-name-genKrzysztof Opasiak3-15/+39
Improve usage of common secret template by removing all hardcoded values and use common mariadb-galera instance. Issue-ID: OOM-2249 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ia126a0b66d9e61c90114ff688cc52cc5fa4f5d58
2020-02-19Merge "[COMMON] Use common secret template in dgbuilder"Sylvain Desbureaux7-204/+119
2020-02-18[OOM] Bump postgresql versionSylvain Desbureaux1-1/+1
Use version 10.11 deployed by crunchydata scripts version 4.2.1. this will: * remove some CVEs (in particular CVE-2019-10164) * use UTF-8 as default encoding Issue-ID: OOM-2290 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I6f6ca18b48c435f55f5ffcb88e4f2dc83b758b84
2020-02-18[COMMON] Use common secret template in dgbuilderKrzysztof Opasiak7-204/+119
Taken into account how "easy" it would be to modify the dgbuilder which is written in JavaScript (which is not my mother tongue to say the least) let's try to remove hardcoded passwords from config files without modifying the application container itself. In order to achieve this: 1) Remove createReleaseDir.sh script from the container as it is never used and contains a ton of passwords 2) Replace all sensitive values in config files with references to respective environment variables 3) Introduce init container that will run envsubst command on config files and copy them from ConfigMap value to the new volume which is backed by tmpfs so that the plain text passwords are never written to the disk For now all the hardcoded values are still there to minimize the risk of breaking the deployment but step by step they will be removed in next commits. Issue-ID: OOM-2247 Change-Id: I5a428e3415713857084ba6aaa6be9b04a8eb8c0f Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-14[COMMON] fix primary PVC for postgres templateSylvain Desbureaux1-1/+0
The last line of the template rewrites PVC storage class and thus the behavior is not the expected one. This patch removes the faulty (and unecessary) line. Issue-ID: OOM-1227 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ia0e2f6fbd7d40bbf0de719bbf35f0f0424e1a076