aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/common
AgeCommit message (Collapse)AuthorFilesLines
2020-02-02[COMMON] Make cassandra service mesh compliantSylvain Desbureaux1-0/+8
When service mesh is enabled, cassandra needs to listen to `127.0.0.1` instead of POD_IP but must broadcast using POD_IP. Change-Id: If96acd56a092a893f524a69ee83406c9cb70b3e7 Issue-ID: OOM-2252 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-02-01[COMMON] Don't create dummy mysql DB by default in a shared instanceKrzysztof Opasiak1-2/+2
When deploying a shared mariadb-galera instance using common chart a dummy database is created based on the default values n the chart. This is obviously unnecessary and creates an obviousl security issue. That's why let's make sure that when we deploy a shared mariadb instance no dummy databases are created. Issue-ID: OOM-2053 Change-Id: I1130cb8eb555b15a2d8b365102d69e32259233eb Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-01[COMMON] Allow to lint chart without master passwordKrzysztof Opasiak1-0/+3
When you type make in kubernetes directory all charts are linted. If one of them try to generate password whole linting process ends with an error because masterPassword has not been provided and there is no default value for it. To avoid this issue but still don't provide any default value whcih would be obviously insecure in this context, let's just test current release name. If it matches "testRelease" we treat whis as a special case and use predefined master key. Security implication: You should never, ever name your productional deployment "testRelease" nor use it as a master password. Issue-ID: OOM-2052 Change-Id: I7a2132e81f6910dfea562e8930c7eacd7aa7a00b Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-01[COMMON] Make network-name-gen use common secrets templateKrzysztof Opasiak3-19/+15
For now we use it only for DB secret but in a future also other secrets should be replaced. Issue-ID: OOM-2249 Change-Id: Ie6515806c39c6a2cd94be378b5210156b78f4afb Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-01[COMMON] Provide convenience templates for mariadb secretsKrzysztof Opasiak5-8/+45
Usage of plain strings is very fragile especially when you try to change them. That's why instead of depending on strings let's just define a few convenience templates to be used in projects that use mariadb-galera chart. Issue-ID: OOM-2249 Change-Id: Ib867d34090b06a15ea3898a9524f5e3d04a656c0 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-01[COMMON] Expose common.secret.genName templateKrzysztof Opasiak1-9/+10
This template used to be for internal use only but it turned out to be very useful in number of places so let's just expose it. Issue-ID: OOM-2249 Change-Id: I57cd31681fb5edb4ac95b0b7b2446a364ce826d2 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-01[COMMON] Allow to generate fullname based on passed chart nameKrzysztof Opasiak1-1/+11
By default common.fullname uses .Chart.Name or .Values.nameOverride to generate a "full name" used in many places. In some cases it may be convenient to be able to generate this full name for a specific, well known chart name. Issue-ID: OOM-2249 Change-Id: I68034c1c5df81ae9533f5f4bc6fab58f2416623a Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-01[COMMON] Allow to search secret by uid even if name is OverriddenKrzysztof Opasiak1-3/+6
In some cases it is useful to bypass default policy for secret name generation and provide a custom name for a secret. In this case current search implementation got confused and couln't find a secret based on uid. This patch fixes the issue by comaring not only name but also uid. Issue-ID: OOM-2246 Change-Id: Iaea7a23fee09aa388968aad792ba7f7e1fbf2f21 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-02-01[COMMON] Use common secret template in mariadb-initKrzysztof Opasiak5-44/+54
Use common secret template for all passwords that are used inside this chart. Issue-ID: OOM-2248 Change-Id: Ia94b87a4d0316a3d334fd492521be5a255c14b4e Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-02-01[ONAP-wide] Replace .Release.Name with common.releaseKrzysztof Opasiak68-134/+134
ONAP is too big to be deployed using helm install so we need to use a custom helm plugin helm deploy. This script deloys onap component by component instead of deploying evrything at once. Unfortunately this script also modifies the helm release by appending component name to it. As a result of this behavior our objects are called for example: onap-mariadb-galera-mariadb-galera-0 instead of just being called onap-mariadb-galera-0. This patch simplifies this naming convention by replacing all direct usages of .Release.Name with common.release macro which strips the component specific part from the release name. Issue-ID: OOM-2275 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ia8cead50d305adb00eef666d0a1ace74479b5183
2020-02-01Remove additional _helpers filesKrzysztof Opasiak1-32/+0
Helm by default creates some useful templates in _helpers.tpl file. This is fine for stand alone charts but when they become part of ONAP those helpers are no longer needed as our common components already provides all required functions Issue-ID: OOM-2278 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I659e4b45b031e87cc87f7bbbb22bf9e23cd74e61
2020-01-26Merge "[COMMON] Fix PV/PVC for postgres"Borislav Glozman4-0/+13
2020-01-23[COMMON] Fix PV/PVC for postgresSylvain Desbureaux4-0/+13
When creating https://gerrit.onap.org/r/c/oom/+/99478, forgot to backport storage class part of https://gerrit.onap.org/r/c/oom/+/98962. Issue-ID: OOM-2234 Issue-ID: OOM-1227 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I3c42b28ad5bea67eda004b0209c8a21783b539f1
2020-01-22[COMMON] Add missing ! in db_init.sh scriptKrzysztof Opasiak1-2/+2
For some reason unknown to me I was stupid enough to forget to put ! in a front of variable name in the final vesion of script. Let's just quickly fix that so that not too many people notice;) Issue-ID: OOM-2248 Change-Id: I0b8891b94856b21f4b1fad1d6731c461bae2c1aa Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-01-21Merge "[COMMON] Improve mariadb-init job script"Sylvain Desbureaux2-17/+26
2020-01-20Merge "[COMMON] Use deployment for postgresql"Mike Elliott34-7/+1890
2020-01-13[COMMON] Improve mariadb-init job scriptKrzysztof Opasiak2-17/+26
Replace two sets of commands with a simple loop. Issue-ID: OOM-2248 Change-Id: I83a748cdad256e7206310d45a987530b4acc621b Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2019-12-21Use common secret template in mariadb-galeraKrzysztof Opasiak7-38/+31
Instead of defining the secret in some custom way let's use the common template (common.secret). To avoid some issues in ONAP components that depend on this chart let's do not remove for now the default username and password. We will do this when all services properly utylize secrets to store mariadb credentials. Issue-ID: OOM-2053 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I78e224299cccd9632192ee03a45cd077e6f0906f
2019-12-17[COMMON] Use deployment for postgresqlSylvain Desbureaux34-7/+1890
Instead of statefulset + inner work in the container, use deployments in order to be more reliable Change-Id: Icf4fe1303ae3489c822558e28bb08b69af2d4970 Issue-ID: OOM-2234 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2019-12-16Improve common secret templateKrzysztof Opasiak1-15/+248
Improve common secret template by adding: - ability to generate secrets if they are not provided - ability to fail the deployment if marked secret is not provided - support for using already existing secret instead of creating a new one Issue-ID: OOM-2053 Change-Id: Ic101f384f7c767702f646eb0e879ec80bf9a6334 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2019-12-16Add secret template to common templatesKajur, Harish (vk250x)1-0/+43
Separated from change: I65f9891f1d3586c0633b252a47b461c887d5b8ad to allow the template to be easily merged to master. Issue-ID: OOM-1971 Change-Id: I8dd4128bfa6e614ba5ddd084c45ca008e4da87ad Signed-off-by: Kajur, Harish (vk250x) <vk250x@att.com> [Separate from other changes, add license header, update commit message] Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2019-12-11Merge "[Common] Use global storage templates for PVC"Borislav Glozman47-1656/+317
2019-12-06Merge "Vhosts support to the common ingress template"Sylvain Desbureaux1-7/+36
2019-12-05[Common] Use global storage templates for PVCSylvain Desbureaux47-1656/+317
OOM has now templates in order to create the needed PVC, using: * a PV with a specific class when using a common nfs mount path between nodes (sames as today use) --> is the default behavior today * or a storage class if we want to use dynamic PV. On this case, we use (in order of priority): - persistence.storageClassOverride if set on the chart - global.persistence.storageClass if set globally - persistence.storageClass if set on the chart I've also aligned the PV creation of the different charts. I've also aligned the PVC creation of the different charts. I've removed unused mysql chart and (badly) used nfs-provisioner chart. I've also make cassandra backup work with dynamic PV (but RWX only for now). Change-Id: I0ea3f8c7514ca648d94b6c682684c06b822bbe0a Issue-ID: OOM-2229 Issue-ID: OOM-2228 Issue-ID: OOM-2227 Issue-ID: OOM-1227 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2019-12-04Merge "Add password generation template"Mike Elliott1-0/+62
2019-12-04Merge "[NBI] Use the common galera cluster of ONAP"Mike Elliott15-1/+932
2019-12-03Vhosts support to the common ingress templateLucjan Bryndza1-7/+36
Add virtual hosting support to the ingress common template Added support for global configuration path or virtual host based Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com> Change-Id: I6b1a0c9cfd0eb5c90a090058d5db70f8ee33731e Issue-ID: OOM-2125 Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
2019-12-02[NBI] Use the common galera cluster of ONAPSylvain Desbureaux15-1/+932
Instead of having our "own" galera cluster, use the common one already proposed by OOM. If a local cluster is needed, you just need to set global.mariadbGalera.localCluster to True. Also create a common chart that create the needed values for the database. Change-Id: I9ad551b76a40732b4ab3fc34ba7cde6ca90fe432 Issue-ID: EXTAPI-348 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2019-11-21Add password generation templateKrzysztof Opasiak1-0/+62
Currently there is a number of hardcoded passwords in OOM helm charts that are reused for almost all ONAP deployments in different labs. One possible solution for this issue could be to generate a random password for every deployment but this may cause number of issues while doing helm upgrade. That's why instead of generating a random password we generate a password for particular use case, based on chart name, master password provided by the deployer and additional UID. This is done using derivePassword function so check its documentation for more details how this password is derived. From a user perspective, the most important fact is that he or she can achieve reproductible deployment. Every time when ONAP is deployed with the same masterPassword all derived passwords are going to be also the same. Issue-ID: OOM-2052 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I666d597e6daab8b79e630917ad75f17cc70f897b
2019-11-20Create templates for global storage useSylvain Desbureaux9-25/+181
Two helper functions are defined: - common.storageClass: will print the right storage class according to properties set or not: * if no storage class set --> use previous behavior (storage class named `common.fullname-data`. * if a "persistence.storageClassOverride" is set for this specific chart, we use it (if it's "-", we set to default one) * if a "global.persistence.storageClass" has been set (and no storageClassOverride for this chart), we use it (same specificity than storageClassOverride) * if a "persistence.storageClass) has been set (and no storageClassOverride nor global one), we use it (same specificity than storageClassOverride) - common.needPV: will print "True" if we need a PV (no storageClass and storageClassOverride being set). an implementation example with mariadb-galera is provided. Issue-ID: OOM-1500 Change-Id: I20a667e17b00c255c4b828e3c66f9c0df7c8755c Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2019-10-29[Music] Adjust Pods Requests/LimitsSylvain Desbureaux5-25/+48
I've adjusted the Requests / Limits of portal pods according to real usage of "Orange Openlab" and "Onap daily master". Calculation is the following: per deployment: * CPU/Mem requests is max of average from the two deployments * CPU/Mem limits is (max of max from the two deployments) * 1.2 Change-Id: I3fce54e6be495a7014bf346d66721976fa2dab8b Issue-ID: MUSIC-533 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2019-10-29Merge "Remove unused PVC from mariadb-galera chart"Borislav Glozman1-48/+0
2019-10-29Fixing missing apiVersion in etcd chartTomáš Levora1-1/+2
Missing apiVersion causes linting failure and therefore make common fails Issue-ID: OOM-2156 Signed-off-by: Tomáš Levora <t.levora@partner.samsung.com> Change-Id: Idb0aeb998fc99cc8e409247c6b5e20d140297a3e
2019-10-28Remove unused PVC from mariadb-galera chartSylvain Desbureaux1-48/+0
Used PVC(s) are actually created in the statefulset Change-Id: I24f2c3ff0934178c9af06bfee60b4b6e35cfe953 Issue-ID: OOM-2155 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2019-10-04Increasing Max Heap size to 2GBAkansha Dua1-1/+1
Issue-ID: OOM-2059 Signed-off-by: Akansha Dua <akansha.dua@amdocs.com> Change-Id: I9b8db6ff689c0928ac497b523290e586c0f6f1f8
2019-09-27Update dgbuilder for httpsTimoney, Dan (dt5972)3-2/+14
Update dgbuilder to use latest release (0.6.3) with https support and update configuration to enable https Change-Id: Ia04a3cde6b0f18655301e25dcf125ffcdf1ec120 Issue-ID: OJSI-100 Signed-off-by: Timoney, Dan (dt5972) <dtimoney@att.com>
2019-09-23Update CCSDK/SDNC versions for RC0Timoney, Dan (dt5972)1-1/+1
Update CCSDK version to RCO (0.6.3) and update SDNC version to RC0 (1.7.3) Change-Id: I4af5684ecacd2cf8134a4db51684fb95b488d536 Issue-ID: SDNC-917 Signed-off-by: Timoney, Dan (dt5972) <dtimoney@att.com>
2019-09-13Update SDNC/CCSDK versions to 1.7.2/0.6.2Timoney, Dan (dt5972)1-1/+1
Update versions of CCSDK and SDNC dockers to 0.6.2 / 1.7.2 Change-Id: Ib8294b292122c924fcbe29a02806dffd5ce935ec Issue-ID: SDNC-905 Signed-off-by: Timoney, Dan (dt5972) <dtimoney@att.com>
2019-09-06Merge "backup charts for cassandra"Mike Elliott7-1/+668
2019-09-04backup charts for cassandraAkansha Dua7-1/+668
Issue-ID: OOM-2089 Signed-off-by: Akansha Dua <akansha.dua@amdocs.com> Change-Id: Ia1086deda37ba6e613afcc6bd064e7bf4ee692b9
2019-09-04Backup Charts for mariadb clusterAkansha Dua4-1/+334
Issue-ID: OOM-2088 Signed-off-by: Akansha Dua <akansha.dua@amdocs.com> Change-Id: Ie7f25c812984abc8631a86b2385dd14a365a8ea5
2019-09-02Merge "Move Storage access to RWO"Alexis de Talhouët1-1/+1
2019-09-02Merge "Fix syntax and indentation in ingress common template."Alexis de Talhouët1-6/+6
2019-09-02Merge "Move Storage access to RWO"Alexis de Talhouët1-1/+1
2019-08-31Update SDNC helm charts to use Neon versionTimoney, Dan (dt5972)1-1/+1
Update SDNC helm charts to use Neon-based El Alto images Change-Id: If91320bc663992355f665b3f57f77214e96985cd Issue-ID: SDNC-874 Signed-off-by: Timoney, Dan (dt5972) <dtimoney@att.com>
2019-08-29Move Storage access to RWOSylvain Desbureaux1-1/+1
Mariadb PVC are created in 1 to 1 mapping with galera replicas thus we don't need RWX. Change-Id: I438855b2d4b2f90932387e056c168b0a995975a5 Issue-ID: OOM-2081 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2019-08-29Move Storage access to RWOSylvain Desbureaux1-1/+1
Today when deploying NBI with OOM, the PersistentVolumeClaim needs the "ReadWriteMany" (or "RWX") capability. According to Kubernetes Documentation (https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes), ReadWriteMany stands for "the volume can be mounted as read-write by many nodes". That means that a particular PVC needs to be read and written from many pods. That also means that your code takes that into account and do the work to avoid write at the same place at the same time. An issue on RWX mode is that most "official" storage driver from Kubernetes doesn't support it (13 over the 19 drivers doesn't support it, espacially OpenStack, Amazon and Google storage classes). MongoDb PVC is used only for one Mongo instance and it's the same for maria. Thus we don't need RWX Change-Id: I4d54cd7853778d8ba6c83551a211abe34d383382 Issue-ID: EXTAPI-305 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2019-08-29Fix syntax and indentation in ingress common template.Ondřej Šmalec1-6/+6
Issue-ID: OOM-2050 Signed-off-by: Ondřej Šmalec <o.smalec@partner.samsung.com> Change-Id: I7d54c4c8adc192d0c27249dde2fad4af2ed0a52a
2019-08-14Merge "Fix identation in the ingress common template"Borislav Glozman1-2/+2
2019-08-13Merge "Update SDNC/CDS image versions for El Alto early drop"Alexis de Talhouët1-1/+1