From 9e98004ff314ad43fc50a598172f27091a86a1d3 Mon Sep 17 00:00:00 2001 From: Milan Verespej Date: Tue, 26 Feb 2019 13:06:56 +0100 Subject: Rename casablanca patch file Since there is no difference in patching between 3.0.0 and 3.0.1 release there name of patchfile that includes this tag is unnecessary and confusing. Issue-ID: OOM-1687 Change-Id: I751398f15c38dab83e36ed0b8f555533497291f8 Signed-off-by: Milan Verespej --- patches/casablanca.patch | 428 +++++++++++++++++++++++++++++++++++++++++ patches/casablanca_3.0.0.patch | 428 ----------------------------------------- 2 files changed, 428 insertions(+), 428 deletions(-) create mode 100644 patches/casablanca.patch delete mode 100644 patches/casablanca_3.0.0.patch (limited to 'patches') diff --git a/patches/casablanca.patch b/patches/casablanca.patch new file mode 100644 index 00000000..e0ea0ec5 --- /dev/null +++ b/patches/casablanca.patch @@ -0,0 +1,428 @@ +From 10656e7f8089e3c3a718a947fd10b1a728eeb8c6 Mon Sep 17 00:00:00 2001 +From: Milan Verespej +Date: Wed, 6 Feb 2019 10:24:09 +0100 +Subject: [PATCH] Casablanca 3.0.0 offline patch + +--- + .../templates/deployment.yaml | 12 ++- + .../common/common/templates/_cacert.tpl | 80 +++++++++++++++++++ + .../dgbuilder/templates/deployment.yaml | 10 ++- + .../templates/deployment.yaml | 7 ++ + kubernetes/onap/templates/configmap.yaml | 33 ++++++++ + .../charts/brmsgw/templates/deployment.yaml | 5 ++ + .../charts/drools/templates/statefulset.yaml | 8 ++ + .../charts/pdp/templates/statefulset.yaml | 5 ++ + .../policy-common/templates/_keystore.tpl | 61 ++++++++++++++ + .../templates/deployment.yaml | 12 ++- + .../sdnc-portal/templates/deployment.yaml | 9 ++- + 11 files changed, 234 insertions(+), 8 deletions(-) + create mode 100644 kubernetes/common/common/templates/_cacert.tpl + create mode 100644 kubernetes/onap/templates/configmap.yaml + create mode 100644 kubernetes/policy/charts/policy-common/templates/_keystore.tpl + +diff --git a/kubernetes/appc/charts/appc-ansible-server/templates/deployment.yaml b/kubernetes/appc/charts/appc-ansible-server/templates/deployment.yaml +index a7daa051..b7cdd9e6 100644 +--- a/kubernetes/appc/charts/appc-ansible-server/templates/deployment.yaml ++++ b/kubernetes/appc/charts/appc-ansible-server/templates/deployment.yaml +@@ -47,8 +47,16 @@ spec: + name: {{ include "common.name" . }}-readiness + containers: + - name: {{ include "common.name" . }} +- command: ["/bin/bash"] +- args: ["-c", "cd /opt/onap/ccsdk && ./startAnsibleServer.sh"] ++ command: ++ - /bin/bash ++ - -c ++ - > ++ pip install -i http://nexus3.onap.org/repository/pypi-private/simple/ ++ --trusted-host nexus3.onap.org ++ PyMySQL cherrypy requests; ++ curl -s repo.infra-server/ubuntu/xenial/onap.list > /etc/apt/sources.list; ++ apt-get update; ++ cd /opt/onap/ccsdk && ./startAnsibleServer.sh + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: +diff --git a/kubernetes/common/common/templates/_cacert.tpl b/kubernetes/common/common/templates/_cacert.tpl +new file mode 100644 +index 00000000..4fb80964 +--- /dev/null ++++ b/kubernetes/common/common/templates/_cacert.tpl +@@ -0,0 +1,80 @@ ++# COPYRIGHT NOTICE STARTS HERE ++# ++# Copyright 2018 © Samsung Electronics Co., Ltd. ++# ++# Licensed under the Apache License, Version 2.0 (the "License"); ++# you may not use this file except in compliance with the License. ++# You may obtain a copy of the License at ++# ++# http://www.apache.org/licenses/LICENSE-2.0 ++# ++# Unless required by applicable law or agreed to in writing, software ++# distributed under the License is distributed on an "AS IS" BASIS, ++# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++# See the License for the specific language governing permissions and ++# limitations under the License. ++# ++# COPYRIGHT NOTICE ENDS HERE ++ ++#This template adds volume for access to ca certificate. ++#Template is ignored when cacert not set. ++{{- define "common.cacert-volume" }} ++{{- if .Values.global.cacert }} ++- name: cacert ++ configMap: ++ name: {{ include "common.namespace" . }}-root-ca-cert ++{{- end }} ++{{- end }} ++ ++#This template mounts the CA certificate in an ubuntu compatible way. ++#It is mounted to /usr/local/share/ca-certificates/cacert.crt. ++#Template is ignored if cacert not set. ++{{- define "common.cacert-mount-ubuntu" }} ++{{- if .Values.global.cacert }} ++- mountPath: "/usr/local/share/ca-certificates/cacert.crt" ++ name: cacert ++ subPath: certificate ++{{- end }} ++{{- end }} ++ ++#This template creates an empty volume used to store system certificates (includes java keystore). ++{{- define "common.system-ca-store-volume" }} ++{{- if .Values.global.cacert }} ++- name: system-ca-store ++ emptyDir: ++{{- end }} ++{{- end }} ++ ++#This template mounts system ca store volume to /etc/ssl/certs (ubuntu specific). ++#Template is ignored in case cacert is not given. ++{{- define "common.system-ca-store-mount-ubuntu" }} ++{{- if .Values.global.cacert }} ++- mountPath: "/etc/ssl/certs" ++ name: system-ca-store ++{{- end }} ++{{- end }} ++ ++#This template is a template for an init container. ++#This init container can be declared to update system's ca store for ubuntu containers. ++#It runs as root using the same image as the main one. ++#It expects /etc/ssl/certs to be mounted as a volume. ++#It has to be shared with the main container. ++#This template is ignored if cacert is not given as helm value. ++{{- define "common.update-system-ca-store-ubuntu" }} ++{{- if .Values.global.cacert }} ++- command: ++ - "/bin/bash" ++ - "-c" ++ - | ++ mkdir -p /etc/ssl/certs/java ++ update-ca-certificates ++ name: update-system-ca-store ++ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ++ image: {{ include "common.repository" . }}/{{ .Values.image }} ++ securityContext: ++ runAsUser: 0 ++ volumeMounts: ++{{ include "common.cacert-mount-ubuntu" . | indent 2 }} ++{{ include "common.system-ca-store-mount-ubuntu" . | indent 2 }} ++{{- end }} ++{{- end }} +diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml +index 353c2314..2cb02d62 100644 +--- a/kubernetes/common/dgbuilder/templates/deployment.yaml ++++ b/kubernetes/common/dgbuilder/templates/deployment.yaml +@@ -49,8 +49,14 @@ spec: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +- command: ["/bin/bash"] +- args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && ./start.sh sdnc1.0 && wait"] ++ command: ++ - /bin/bash ++ - -c ++ - > ++ HOSTS_FILE_RECORD >> /etc/hosts; ++ NPM_REGISTRY_RECORD; ++ cd /opt/onap/ccsdk/dgbuilder/; ++ ./start.sh sdnc1.0 && wait + ports: + - containerPort: {{ .Values.service.internalPort }} + readinessProbe: +diff --git a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml +index 79bd8962..8e807a9b 100644 +--- a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml ++++ b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml +@@ -70,6 +70,8 @@ spec: + - mountPath: /etc/localtime + name: localtime + readOnly: true ++ - mountPath: /etc/pki/ca-trust/source/anchors ++ name: root-ca + securityContext: + privileged: True + lifecycle: +@@ -82,6 +84,8 @@ spec: + set -ex + mkdir -p /var/run/secrets/kubernetes.io/ + ln -s /secret /var/run/secrets/kubernetes.io/serviceaccount ++ echo -e '\nREQUESTS_CA_BUNDLE="/etc/ssl/certs/ca-bundle.crt"' >> /etc/sysconfig/cloudify-restservice ++ update-ca-trust extract + volumes: + - name: {{ include "common.fullname" . }}-config + configMap: +@@ -95,5 +99,8 @@ spec: + - name: localtime + hostPath: + path: /etc/localtime ++ - name: root-ca ++ hostPath: ++ path: /etc/pki/ca-trust/source/anchors + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" +diff --git a/kubernetes/onap/templates/configmap.yaml b/kubernetes/onap/templates/configmap.yaml +new file mode 100644 +index 00000000..b1804a36 +--- /dev/null ++++ b/kubernetes/onap/templates/configmap.yaml +@@ -0,0 +1,33 @@ ++# COPYRIGHT NOTICE STARTS HERE ++# ++# Copyright 2018 © Samsung Electronics Co., Ltd. ++# ++# Licensed under the Apache License, Version 2.0 (the "License"); ++# you may not use this file except in compliance with the License. ++# You may obtain a copy of the License at ++# ++# http://www.apache.org/licenses/LICENSE-2.0 ++# ++# Unless required by applicable law or agreed to in writing, software ++# distributed under the License is distributed on an "AS IS" BASIS, ++# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++# See the License for the specific language governing permissions and ++# limitations under the License. ++# ++# COPYRIGHT NOTICE ENDS HERE ++ ++{{ if .Values.global.cacert -}} ++apiVersion: v1 ++kind: ConfigMap ++metadata: ++ name: {{ include "common.namespace" . }}-root-ca-cert ++ namespace: {{ include "common.namespace" . }} ++ labels: ++ app: {{ include "common.name" . }} ++ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} ++ release: {{ .Release.Name }} ++ heritage: {{ .Release.Service }} ++data: ++ certificate: | ++{{ .Values.global.cacert | indent 4 }} ++{{- end }} +diff --git a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml +index 7535d541..bbd63c13 100644 +--- a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml ++++ b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml +@@ -46,6 +46,7 @@ spec: + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness ++{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }} + containers: + - command: + - /bin/bash +@@ -69,6 +70,8 @@ spec: + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: ++{{ include "common.cacert-mount-ubuntu" . | indent 8 }} ++{{ include "common.system-ca-store-mount-ubuntu" . | indent 8 }} + - mountPath: /etc/localtime + name: localtime + readOnly: true +@@ -95,6 +98,8 @@ spec: + {{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: ++{{ include "common.cacert-volume" . | indent 8 }} ++{{ include "common.system-ca-store-volume" . | indent 8 }} + - name: localtime + hostPath: + path: /etc/localtime +diff --git a/kubernetes/policy/charts/drools/templates/statefulset.yaml b/kubernetes/policy/charts/drools/templates/statefulset.yaml +index 6564e798..53c8b600 100644 +--- a/kubernetes/policy/charts/drools/templates/statefulset.yaml ++++ b/kubernetes/policy/charts/drools/templates/statefulset.yaml +@@ -52,6 +52,8 @@ spec: + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness ++{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }} ++{{ include "policy.update-policy-keystore" . | indent 6 }} + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" +@@ -79,6 +81,9 @@ spec: + - name: REPLICAS + value: "{{ .Values.replicaCount }}" + volumeMounts: ++{{ include "common.cacert-mount-ubuntu" . | indent 10 }} ++{{ include "common.system-ca-store-mount-ubuntu" . | indent 10 }} ++{{ include "policy.keystore-mount" . | indent 10 }} + - mountPath: /etc/localtime + name: localtime + readOnly: true +@@ -137,6 +142,9 @@ spec: + {{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: ++{{ include "common.cacert-volume" . | indent 8 }} ++{{ include "common.system-ca-store-volume" . | indent 8 }} ++{{ include "policy.keystore-storage-volume" . | indent 8 }} + - name: localtime + hostPath: + path: /etc/localtime +diff --git a/kubernetes/policy/charts/pdp/templates/statefulset.yaml b/kubernetes/policy/charts/pdp/templates/statefulset.yaml +index a3a8f6a9..4ae0ead5 100644 +--- a/kubernetes/policy/charts/pdp/templates/statefulset.yaml ++++ b/kubernetes/policy/charts/pdp/templates/statefulset.yaml +@@ -50,6 +50,7 @@ spec: + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness ++{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }} + containers: + - command: + - /bin/bash +@@ -75,6 +76,8 @@ spec: + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: ++{{ include "common.cacert-mount-ubuntu" . | indent 8 }} ++{{ include "common.system-ca-store-mount-ubuntu" . | indent 8 }} + - mountPath: /etc/localtime + name: localtime + readOnly: true +@@ -114,6 +117,8 @@ spec: + - mountPath: /usr/share/filebeat/data + name: policy-data-filebeat + volumes: ++{{ include "common.cacert-volume" . | indent 6 }} ++{{ include "common.system-ca-store-volume" . | indent 6 }} + - name: localtime + hostPath: + path: /etc/localtime +diff --git a/kubernetes/policy/charts/policy-common/templates/_keystore.tpl b/kubernetes/policy/charts/policy-common/templates/_keystore.tpl +new file mode 100644 +index 00000000..81ba09bc +--- /dev/null ++++ b/kubernetes/policy/charts/policy-common/templates/_keystore.tpl +@@ -0,0 +1,61 @@ ++# COPYRIGHT NOTICE STARTS HERE ++# ++# Copyright 2018 © Samsung Electronics Co., Ltd. ++# ++# Licensed under the Apache License, Version 2.0 (the "License"); ++# you may not use this file except in compliance with the License. ++# You may obtain a copy of the License at ++# ++# http://www.apache.org/licenses/LICENSE-2.0 ++# ++# Unless required by applicable law or agreed to in writing, software ++# distributed under the License is distributed on an "AS IS" BASIS, ++# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++# See the License for the specific language governing permissions and ++# limitations under the License. ++# ++# COPYRIGHT NOTICE ENDS HERE ++ ++#This template creates a volume for storing policy-keystore with imported ca. ++#It is ignored if cacert was not given. ++{{- define "policy.keystore-storage-volume" }} ++{{- if .Values.global.cacert }} ++- name: keystore-storage ++ emptyDir: ++{{- end }} ++{{- end }} ++ ++#This template mounts policy-keystore in appropriate place for policy components to take it. ++#It is ignored if cacert is not given. ++{{- define "policy.keystore-mount" }} ++{{- if .Values.global.cacert }} ++- mountPath: "/tmp/policy-install/config/policy-keystore" ++ name: keystore-storage ++ subPath: policy-keystore ++{{- end }} ++{{- end }} ++ ++#This will extract a policy keystore and then import ++#the root cacert of offline nexus into it. ++#This template expects a volume named keystore-storage where policy-keystore will be put. ++#It also expects volume named cacert where the file "certificate" will contain the cert to import. ++#Template is ignored if ca certificate not given. ++{{- define "policy.update-policy-keystore" }} ++{{- if .Values.global.cacert }} ++- command: ++ - "/bin/bash" ++ - "-c" ++ - | ++ set -e ++ tar -xzf base-*.tar.gz etc/ssl/policy-keystore ++ cp etc/ssl/policy-keystore keystore-storage/ ++ keytool -import -keystore keystore-storage/policy-keystore -storepass "Pol1cy_0nap" -noprompt -file /usr/local/share/ca-certificates/cacert.crt ++ name: update-policy-keystore ++ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ++ image: {{ include "common.repository" . }}/{{ .Values.image }} ++ volumeMounts: ++ - mountPath: "/tmp/policy-install/keystore-storage" ++ name: keystore-storage ++{{ include "common.cacert-mount-ubuntu" . | indent 2 }} ++{{- end }} ++{{- end }} +diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml +index 1f14dd31..18b579dd 100644 +--- a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml ++++ b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml +@@ -47,8 +47,16 @@ spec: + name: {{ include "common.name" . }}-readiness + containers: + - name: {{ include "common.name" . }} +- command: ["/bin/bash"] +- args: ["-c", "cd /opt/onap/ccsdk && ./startAnsibleServer.sh"] ++ command: ++ - /bin/bash ++ - -c ++ - > ++ pip install -i http://nexus3.onap.org/repository/pypi-private/simple/ ++ --trusted-host nexus3.onap.org ++ PyMySQL cherrypy requests; ++ curl -s repo.infra-server/ubuntu/xenial/onap.list > /etc/apt/sources.list; ++ apt-get update; ++ cd /opt/onap/ccsdk && ./startAnsibleServer.sh + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: +diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml b/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml +index 35dffee5..18dd7cd4 100644 +--- a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml ++++ b/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml +@@ -49,8 +49,13 @@ spec: + name: {{ include "common.name" . }}-readiness + containers: + - name: {{ include "common.name" . }} +- command: ["/bin/bash"] +- args: ["-c", "cd /opt/onap/sdnc/admportal/shell && ./start_portal.sh"] ++ command: ++ - /bin/bash ++ - -c ++ - > ++ HOSTS_FILE_RECORD >> /etc/hosts; ++ NPM_REGISTRY_RECORD; ++ cd /opt/onap/sdnc/admportal/shell && ./start_portal.sh + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: +-- +2.20.1 + diff --git a/patches/casablanca_3.0.0.patch b/patches/casablanca_3.0.0.patch deleted file mode 100644 index e0ea0ec5..00000000 --- a/patches/casablanca_3.0.0.patch +++ /dev/null @@ -1,428 +0,0 @@ -From 10656e7f8089e3c3a718a947fd10b1a728eeb8c6 Mon Sep 17 00:00:00 2001 -From: Milan Verespej -Date: Wed, 6 Feb 2019 10:24:09 +0100 -Subject: [PATCH] Casablanca 3.0.0 offline patch - ---- - .../templates/deployment.yaml | 12 ++- - .../common/common/templates/_cacert.tpl | 80 +++++++++++++++++++ - .../dgbuilder/templates/deployment.yaml | 10 ++- - .../templates/deployment.yaml | 7 ++ - kubernetes/onap/templates/configmap.yaml | 33 ++++++++ - .../charts/brmsgw/templates/deployment.yaml | 5 ++ - .../charts/drools/templates/statefulset.yaml | 8 ++ - .../charts/pdp/templates/statefulset.yaml | 5 ++ - .../policy-common/templates/_keystore.tpl | 61 ++++++++++++++ - .../templates/deployment.yaml | 12 ++- - .../sdnc-portal/templates/deployment.yaml | 9 ++- - 11 files changed, 234 insertions(+), 8 deletions(-) - create mode 100644 kubernetes/common/common/templates/_cacert.tpl - create mode 100644 kubernetes/onap/templates/configmap.yaml - create mode 100644 kubernetes/policy/charts/policy-common/templates/_keystore.tpl - -diff --git a/kubernetes/appc/charts/appc-ansible-server/templates/deployment.yaml b/kubernetes/appc/charts/appc-ansible-server/templates/deployment.yaml -index a7daa051..b7cdd9e6 100644 ---- a/kubernetes/appc/charts/appc-ansible-server/templates/deployment.yaml -+++ b/kubernetes/appc/charts/appc-ansible-server/templates/deployment.yaml -@@ -47,8 +47,16 @@ spec: - name: {{ include "common.name" . }}-readiness - containers: - - name: {{ include "common.name" . }} -- command: ["/bin/bash"] -- args: ["-c", "cd /opt/onap/ccsdk && ./startAnsibleServer.sh"] -+ command: -+ - /bin/bash -+ - -c -+ - > -+ pip install -i http://nexus3.onap.org/repository/pypi-private/simple/ -+ --trusted-host nexus3.onap.org -+ PyMySQL cherrypy requests; -+ curl -s repo.infra-server/ubuntu/xenial/onap.list > /etc/apt/sources.list; -+ apt-get update; -+ cd /opt/onap/ccsdk && ./startAnsibleServer.sh - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: -diff --git a/kubernetes/common/common/templates/_cacert.tpl b/kubernetes/common/common/templates/_cacert.tpl -new file mode 100644 -index 00000000..4fb80964 ---- /dev/null -+++ b/kubernetes/common/common/templates/_cacert.tpl -@@ -0,0 +1,80 @@ -+# COPYRIGHT NOTICE STARTS HERE -+# -+# Copyright 2018 © Samsung Electronics Co., Ltd. -+# -+# Licensed under the Apache License, Version 2.0 (the "License"); -+# you may not use this file except in compliance with the License. -+# You may obtain a copy of the License at -+# -+# http://www.apache.org/licenses/LICENSE-2.0 -+# -+# Unless required by applicable law or agreed to in writing, software -+# distributed under the License is distributed on an "AS IS" BASIS, -+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+# See the License for the specific language governing permissions and -+# limitations under the License. -+# -+# COPYRIGHT NOTICE ENDS HERE -+ -+#This template adds volume for access to ca certificate. -+#Template is ignored when cacert not set. -+{{- define "common.cacert-volume" }} -+{{- if .Values.global.cacert }} -+- name: cacert -+ configMap: -+ name: {{ include "common.namespace" . }}-root-ca-cert -+{{- end }} -+{{- end }} -+ -+#This template mounts the CA certificate in an ubuntu compatible way. -+#It is mounted to /usr/local/share/ca-certificates/cacert.crt. -+#Template is ignored if cacert not set. -+{{- define "common.cacert-mount-ubuntu" }} -+{{- if .Values.global.cacert }} -+- mountPath: "/usr/local/share/ca-certificates/cacert.crt" -+ name: cacert -+ subPath: certificate -+{{- end }} -+{{- end }} -+ -+#This template creates an empty volume used to store system certificates (includes java keystore). -+{{- define "common.system-ca-store-volume" }} -+{{- if .Values.global.cacert }} -+- name: system-ca-store -+ emptyDir: -+{{- end }} -+{{- end }} -+ -+#This template mounts system ca store volume to /etc/ssl/certs (ubuntu specific). -+#Template is ignored in case cacert is not given. -+{{- define "common.system-ca-store-mount-ubuntu" }} -+{{- if .Values.global.cacert }} -+- mountPath: "/etc/ssl/certs" -+ name: system-ca-store -+{{- end }} -+{{- end }} -+ -+#This template is a template for an init container. -+#This init container can be declared to update system's ca store for ubuntu containers. -+#It runs as root using the same image as the main one. -+#It expects /etc/ssl/certs to be mounted as a volume. -+#It has to be shared with the main container. -+#This template is ignored if cacert is not given as helm value. -+{{- define "common.update-system-ca-store-ubuntu" }} -+{{- if .Values.global.cacert }} -+- command: -+ - "/bin/bash" -+ - "-c" -+ - | -+ mkdir -p /etc/ssl/certs/java -+ update-ca-certificates -+ name: update-system-ca-store -+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -+ image: {{ include "common.repository" . }}/{{ .Values.image }} -+ securityContext: -+ runAsUser: 0 -+ volumeMounts: -+{{ include "common.cacert-mount-ubuntu" . | indent 2 }} -+{{ include "common.system-ca-store-mount-ubuntu" . | indent 2 }} -+{{- end }} -+{{- end }} -diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml -index 353c2314..2cb02d62 100644 ---- a/kubernetes/common/dgbuilder/templates/deployment.yaml -+++ b/kubernetes/common/dgbuilder/templates/deployment.yaml -@@ -49,8 +49,14 @@ spec: - - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -- command: ["/bin/bash"] -- args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && ./start.sh sdnc1.0 && wait"] -+ command: -+ - /bin/bash -+ - -c -+ - > -+ HOSTS_FILE_RECORD >> /etc/hosts; -+ NPM_REGISTRY_RECORD; -+ cd /opt/onap/ccsdk/dgbuilder/; -+ ./start.sh sdnc1.0 && wait - ports: - - containerPort: {{ .Values.service.internalPort }} - readinessProbe: -diff --git a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml -index 79bd8962..8e807a9b 100644 ---- a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml -+++ b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml -@@ -70,6 +70,8 @@ spec: - - mountPath: /etc/localtime - name: localtime - readOnly: true -+ - mountPath: /etc/pki/ca-trust/source/anchors -+ name: root-ca - securityContext: - privileged: True - lifecycle: -@@ -82,6 +84,8 @@ spec: - set -ex - mkdir -p /var/run/secrets/kubernetes.io/ - ln -s /secret /var/run/secrets/kubernetes.io/serviceaccount -+ echo -e '\nREQUESTS_CA_BUNDLE="/etc/ssl/certs/ca-bundle.crt"' >> /etc/sysconfig/cloudify-restservice -+ update-ca-trust extract - volumes: - - name: {{ include "common.fullname" . }}-config - configMap: -@@ -95,5 +99,8 @@ spec: - - name: localtime - hostPath: - path: /etc/localtime -+ - name: root-ca -+ hostPath: -+ path: /etc/pki/ca-trust/source/anchors - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" -diff --git a/kubernetes/onap/templates/configmap.yaml b/kubernetes/onap/templates/configmap.yaml -new file mode 100644 -index 00000000..b1804a36 ---- /dev/null -+++ b/kubernetes/onap/templates/configmap.yaml -@@ -0,0 +1,33 @@ -+# COPYRIGHT NOTICE STARTS HERE -+# -+# Copyright 2018 © Samsung Electronics Co., Ltd. -+# -+# Licensed under the Apache License, Version 2.0 (the "License"); -+# you may not use this file except in compliance with the License. -+# You may obtain a copy of the License at -+# -+# http://www.apache.org/licenses/LICENSE-2.0 -+# -+# Unless required by applicable law or agreed to in writing, software -+# distributed under the License is distributed on an "AS IS" BASIS, -+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+# See the License for the specific language governing permissions and -+# limitations under the License. -+# -+# COPYRIGHT NOTICE ENDS HERE -+ -+{{ if .Values.global.cacert -}} -+apiVersion: v1 -+kind: ConfigMap -+metadata: -+ name: {{ include "common.namespace" . }}-root-ca-cert -+ namespace: {{ include "common.namespace" . }} -+ labels: -+ app: {{ include "common.name" . }} -+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -+ release: {{ .Release.Name }} -+ heritage: {{ .Release.Service }} -+data: -+ certificate: | -+{{ .Values.global.cacert | indent 4 }} -+{{- end }} -diff --git a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml -index 7535d541..bbd63c13 100644 ---- a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml -+++ b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml -@@ -46,6 +46,7 @@ spec: - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness -+{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }} - containers: - - command: - - /bin/bash -@@ -69,6 +70,8 @@ spec: - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: -+{{ include "common.cacert-mount-ubuntu" . | indent 8 }} -+{{ include "common.system-ca-store-mount-ubuntu" . | indent 8 }} - - mountPath: /etc/localtime - name: localtime - readOnly: true -@@ -95,6 +98,8 @@ spec: - {{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: -+{{ include "common.cacert-volume" . | indent 8 }} -+{{ include "common.system-ca-store-volume" . | indent 8 }} - - name: localtime - hostPath: - path: /etc/localtime -diff --git a/kubernetes/policy/charts/drools/templates/statefulset.yaml b/kubernetes/policy/charts/drools/templates/statefulset.yaml -index 6564e798..53c8b600 100644 ---- a/kubernetes/policy/charts/drools/templates/statefulset.yaml -+++ b/kubernetes/policy/charts/drools/templates/statefulset.yaml -@@ -52,6 +52,8 @@ spec: - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness -+{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }} -+{{ include "policy.update-policy-keystore" . | indent 6 }} - containers: - - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" -@@ -79,6 +81,9 @@ spec: - - name: REPLICAS - value: "{{ .Values.replicaCount }}" - volumeMounts: -+{{ include "common.cacert-mount-ubuntu" . | indent 10 }} -+{{ include "common.system-ca-store-mount-ubuntu" . | indent 10 }} -+{{ include "policy.keystore-mount" . | indent 10 }} - - mountPath: /etc/localtime - name: localtime - readOnly: true -@@ -137,6 +142,9 @@ spec: - {{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: -+{{ include "common.cacert-volume" . | indent 8 }} -+{{ include "common.system-ca-store-volume" . | indent 8 }} -+{{ include "policy.keystore-storage-volume" . | indent 8 }} - - name: localtime - hostPath: - path: /etc/localtime -diff --git a/kubernetes/policy/charts/pdp/templates/statefulset.yaml b/kubernetes/policy/charts/pdp/templates/statefulset.yaml -index a3a8f6a9..4ae0ead5 100644 ---- a/kubernetes/policy/charts/pdp/templates/statefulset.yaml -+++ b/kubernetes/policy/charts/pdp/templates/statefulset.yaml -@@ -50,6 +50,7 @@ spec: - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness -+{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }} - containers: - - command: - - /bin/bash -@@ -75,6 +76,8 @@ spec: - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: -+{{ include "common.cacert-mount-ubuntu" . | indent 8 }} -+{{ include "common.system-ca-store-mount-ubuntu" . | indent 8 }} - - mountPath: /etc/localtime - name: localtime - readOnly: true -@@ -114,6 +117,8 @@ spec: - - mountPath: /usr/share/filebeat/data - name: policy-data-filebeat - volumes: -+{{ include "common.cacert-volume" . | indent 6 }} -+{{ include "common.system-ca-store-volume" . | indent 6 }} - - name: localtime - hostPath: - path: /etc/localtime -diff --git a/kubernetes/policy/charts/policy-common/templates/_keystore.tpl b/kubernetes/policy/charts/policy-common/templates/_keystore.tpl -new file mode 100644 -index 00000000..81ba09bc ---- /dev/null -+++ b/kubernetes/policy/charts/policy-common/templates/_keystore.tpl -@@ -0,0 +1,61 @@ -+# COPYRIGHT NOTICE STARTS HERE -+# -+# Copyright 2018 © Samsung Electronics Co., Ltd. -+# -+# Licensed under the Apache License, Version 2.0 (the "License"); -+# you may not use this file except in compliance with the License. -+# You may obtain a copy of the License at -+# -+# http://www.apache.org/licenses/LICENSE-2.0 -+# -+# Unless required by applicable law or agreed to in writing, software -+# distributed under the License is distributed on an "AS IS" BASIS, -+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+# See the License for the specific language governing permissions and -+# limitations under the License. -+# -+# COPYRIGHT NOTICE ENDS HERE -+ -+#This template creates a volume for storing policy-keystore with imported ca. -+#It is ignored if cacert was not given. -+{{- define "policy.keystore-storage-volume" }} -+{{- if .Values.global.cacert }} -+- name: keystore-storage -+ emptyDir: -+{{- end }} -+{{- end }} -+ -+#This template mounts policy-keystore in appropriate place for policy components to take it. -+#It is ignored if cacert is not given. -+{{- define "policy.keystore-mount" }} -+{{- if .Values.global.cacert }} -+- mountPath: "/tmp/policy-install/config/policy-keystore" -+ name: keystore-storage -+ subPath: policy-keystore -+{{- end }} -+{{- end }} -+ -+#This will extract a policy keystore and then import -+#the root cacert of offline nexus into it. -+#This template expects a volume named keystore-storage where policy-keystore will be put. -+#It also expects volume named cacert where the file "certificate" will contain the cert to import. -+#Template is ignored if ca certificate not given. -+{{- define "policy.update-policy-keystore" }} -+{{- if .Values.global.cacert }} -+- command: -+ - "/bin/bash" -+ - "-c" -+ - | -+ set -e -+ tar -xzf base-*.tar.gz etc/ssl/policy-keystore -+ cp etc/ssl/policy-keystore keystore-storage/ -+ keytool -import -keystore keystore-storage/policy-keystore -storepass "Pol1cy_0nap" -noprompt -file /usr/local/share/ca-certificates/cacert.crt -+ name: update-policy-keystore -+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -+ image: {{ include "common.repository" . }}/{{ .Values.image }} -+ volumeMounts: -+ - mountPath: "/tmp/policy-install/keystore-storage" -+ name: keystore-storage -+{{ include "common.cacert-mount-ubuntu" . | indent 2 }} -+{{- end }} -+{{- end }} -diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml -index 1f14dd31..18b579dd 100644 ---- a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml -+++ b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml -@@ -47,8 +47,16 @@ spec: - name: {{ include "common.name" . }}-readiness - containers: - - name: {{ include "common.name" . }} -- command: ["/bin/bash"] -- args: ["-c", "cd /opt/onap/ccsdk && ./startAnsibleServer.sh"] -+ command: -+ - /bin/bash -+ - -c -+ - > -+ pip install -i http://nexus3.onap.org/repository/pypi-private/simple/ -+ --trusted-host nexus3.onap.org -+ PyMySQL cherrypy requests; -+ curl -s repo.infra-server/ubuntu/xenial/onap.list > /etc/apt/sources.list; -+ apt-get update; -+ cd /opt/onap/ccsdk && ./startAnsibleServer.sh - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: -diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml b/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml -index 35dffee5..18dd7cd4 100644 ---- a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml -+++ b/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml -@@ -49,8 +49,13 @@ spec: - name: {{ include "common.name" . }}-readiness - containers: - - name: {{ include "common.name" . }} -- command: ["/bin/bash"] -- args: ["-c", "cd /opt/onap/sdnc/admportal/shell && ./start_portal.sh"] -+ command: -+ - /bin/bash -+ - -c -+ - > -+ HOSTS_FILE_RECORD >> /etc/hosts; -+ NPM_REGISTRY_RECORD; -+ cd /opt/onap/sdnc/admportal/shell && ./start_portal.sh - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: --- -2.20.1 - -- cgit 1.2.3-korg