From 0dfa387b0e86d79822335ffeb652d81ca8b60564 Mon Sep 17 00:00:00 2001 From: Sylvain Desbureaux Date: Sat, 21 Nov 2020 21:29:17 +0100 Subject: [AAF] Uses new tpls for repos / images This commit makes aaf chart to use the new generator for repositories and images. As new templates doesn't work well with "sub charts", we move also subcharts to components folder. Issue-ID: OOM-2364 Signed-off-by: Sylvain Desbureaux Change-Id: Idcb67c5c96438efd7cee4b0fa3238d5762339b3e --- .../aaf/components/aaf-cass/requirements.yaml | 5 +- .../components/aaf-cass/templates/deployment.yaml | 4 +- kubernetes/aaf/components/aaf-cass/values.yaml | 12 -- kubernetes/aaf/components/aaf-cm/requirements.yaml | 5 +- kubernetes/aaf/components/aaf-cm/values.yaml | 13 +-- kubernetes/aaf/components/aaf-fs/requirements.yaml | 7 +- kubernetes/aaf/components/aaf-fs/values.yaml | 13 +-- .../aaf/components/aaf-gui/requirements.yaml | 5 +- kubernetes/aaf/components/aaf-gui/values.yaml | 13 +-- .../aaf/components/aaf-hello/requirements.yaml | 5 +- .../components/aaf-hello/templates/deployment.yaml | 2 +- .../aaf/components/aaf-locate/requirements.yaml | 5 +- kubernetes/aaf/components/aaf-locate/values.yaml | 13 +-- .../aaf/components/aaf-oauth/requirements.yaml | 5 +- kubernetes/aaf/components/aaf-oauth/values.yaml | 13 +-- .../aaf/components/aaf-service/requirements.yaml | 5 +- kubernetes/aaf/components/aaf-service/values.yaml | 13 +-- kubernetes/aaf/components/aaf-sms/Makefile | 51 ++++++++ .../aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml | 18 --- .../resources/config/config.json | 7 -- .../aaf-sms-quorumclient/templates/configmap.yaml | 28 ----- .../charts/aaf-sms-quorumclient/templates/pv.yaml | 45 ------- .../templates/statefulset.yaml | 112 ------------------ .../charts/aaf-sms-quorumclient/values.yaml | 71 ----------- .../aaf-sms/charts/aaf-sms-vault/Chart.yaml | 19 --- .../charts/aaf-sms-vault/templates/configmap.yaml | 43 ------- .../aaf-sms/charts/aaf-sms-vault/templates/pv.yaml | 45 ------- .../charts/aaf-sms-vault/templates/service.yaml | 41 ------- .../aaf-sms-vault/templates/statefulset.yaml | 120 ------------------- .../aaf-sms/charts/aaf-sms-vault/values.yaml | 111 ------------------ .../aaf/components/aaf-sms/components/Makefile | 51 ++++++++ .../components/aaf-sms-quorumclient/Chart.yaml | 18 +++ .../aaf-sms-quorumclient/requirements.yaml | 21 ++++ .../resources/config/config.json | 7 ++ .../aaf-sms-quorumclient/templates/configmap.yaml | 28 +++++ .../aaf-sms-quorumclient/templates/pv.yaml | 45 +++++++ .../templates/statefulset.yaml | 112 ++++++++++++++++++ .../components/aaf-sms-quorumclient/values.yaml | 73 ++++++++++++ .../aaf-sms/components/aaf-sms-vault/Chart.yaml | 19 +++ .../components/aaf-sms-vault/requirements.yaml | 21 ++++ .../aaf-sms-vault/templates/configmap.yaml | 43 +++++++ .../components/aaf-sms-vault/templates/pv.yaml | 45 +++++++ .../aaf-sms-vault/templates/service.yaml | 41 +++++++ .../aaf-sms-vault/templates/statefulset.yaml | 120 +++++++++++++++++++ .../aaf-sms/components/aaf-sms-vault/values.yaml | 110 +++++++++++++++++ .../aaf/components/aaf-sms/requirements.yaml | 11 +- .../components/aaf-sms/templates/deployment.yaml | 8 +- .../aaf/components/aaf-sms/templates/job.yaml | 6 +- kubernetes/aaf/components/aaf-sms/values.yaml | 4 - kubernetes/aaf/components/aaf-sshsm/Makefile | 51 ++++++++ .../aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml | 18 --- .../aaf-sshsm-abrmd/templates/configmap.yaml | 25 ---- .../aaf-sshsm-abrmd/templates/deployment.yaml | 89 -------------- .../charts/aaf-sshsm-abrmd/templates/job.yaml | 74 ------------ .../aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml | 60 ---------- .../charts/aaf-sshsm-distcenter/Chart.yaml | 18 --- .../aaf-sshsm-distcenter/templates/configmap.yaml | 25 ---- .../charts/aaf-sshsm-distcenter/templates/job.yaml | 105 ----------------- .../charts/aaf-sshsm-distcenter/templates/pv.yaml | 19 --- .../charts/aaf-sshsm-distcenter/templates/pvc.yaml | 19 --- .../charts/aaf-sshsm-distcenter/values.yaml | 69 ----------- .../aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml | 18 --- .../charts/aaf-sshsm-testca/templates/job.yaml | 130 --------------------- .../aaf-sshsm/charts/aaf-sshsm-testca/values.yaml | 61 ---------- .../aaf/components/aaf-sshsm/components/Makefile | 51 ++++++++ .../components/aaf-sshsm-abrmd/Chart.yaml | 18 +++ .../components/aaf-sshsm-abrmd/requirements.yaml | 21 ++++ .../aaf-sshsm-abrmd/templates/configmap.yaml | 25 ++++ .../aaf-sshsm-abrmd/templates/deployment.yaml | 89 ++++++++++++++ .../components/aaf-sshsm-abrmd/templates/job.yaml | 74 ++++++++++++ .../components/aaf-sshsm-abrmd/values.yaml | 66 +++++++++++ .../components/aaf-sshsm-distcenter/Chart.yaml | 18 +++ .../aaf-sshsm-distcenter/requirements.yaml | 21 ++++ .../aaf-sshsm-distcenter/templates/configmap.yaml | 21 ++++ .../aaf-sshsm-distcenter/templates/job.yaml | 101 ++++++++++++++++ .../aaf-sshsm-distcenter/templates/pv.yaml | 17 +++ .../aaf-sshsm-distcenter/templates/pvc.yaml | 17 +++ .../components/aaf-sshsm-distcenter/values.yaml | 70 +++++++++++ .../components/aaf-sshsm-testca/Chart.yaml | 18 +++ .../components/aaf-sshsm-testca/requirements.yaml | 21 ++++ .../components/aaf-sshsm-testca/templates/job.yaml | 126 ++++++++++++++++++++ .../components/aaf-sshsm-testca/values.yaml | 66 +++++++++++ .../aaf/components/aaf-sshsm/requirements.yaml | 15 +++ kubernetes/aaf/components/aaf-sshsm/values.yaml | 25 ++-- .../aaf-templates/templates/_deployment.tpl | 2 +- .../aaf-templates/templates/_initContainers.tpl | 6 +- kubernetes/aaf/values.yaml | 16 --- 87 files changed, 1781 insertions(+), 1536 deletions(-) create mode 100644 kubernetes/aaf/components/aaf-sms/Makefile delete mode 100644 kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml delete mode 100644 kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json delete mode 100644 kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml delete mode 100644 kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml delete mode 100644 kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml delete mode 100644 kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/values.yaml delete mode 100644 kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/Chart.yaml delete mode 100644 kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml delete mode 100644 kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml delete mode 100644 kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/service.yaml delete mode 100644 kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml delete mode 100644 kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/values.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/components/Makefile create mode 100644 kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/Chart.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/requirements.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/resources/config/config.json create mode 100644 kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/templates/configmap.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/templates/pv.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/templates/statefulset.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/values.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/Chart.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/requirements.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/configmap.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/pv.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/service.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/statefulset.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/values.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/Makefile delete mode 100644 kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml delete mode 100644 kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml delete mode 100644 kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/deployment.yaml delete mode 100644 kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml delete mode 100644 kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml delete mode 100644 kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml delete mode 100644 kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml delete mode 100644 kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml delete mode 100644 kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml delete mode 100644 kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml delete mode 100644 kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml delete mode 100644 kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml delete mode 100644 kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml delete mode 100644 kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/components/Makefile create mode 100644 kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/Chart.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/requirements.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/templates/configmap.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/templates/deployment.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/templates/job.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/values.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/Chart.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/requirements.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/configmap.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/job.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/pv.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/pvc.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/values.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/Chart.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/requirements.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/templates/job.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/values.yaml diff --git a/kubernetes/aaf/components/aaf-cass/requirements.yaml b/kubernetes/aaf/components/aaf-cass/requirements.yaml index 6afaa06e8a..26bc7a64d8 100644 --- a/kubernetes/aaf/components/aaf-cass/requirements.yaml +++ b/kubernetes/aaf/components/aaf-cass/requirements.yaml @@ -12,7 +12,10 @@ # See the License for the specific language governing permissions and # limitations under the License. - dependencies: +dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml b/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml index 50889561cf..461553c469 100644 --- a/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml @@ -33,7 +33,7 @@ spec: - | chown -R 1000:1000 /opt/app/aaf/status chown -R 1000:1000 /var/lib/cassandra - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /var/lib/cassandra @@ -47,7 +47,7 @@ spec: memory: 100Mi containers: - name: {{ include "common.name" . }} - image: {{ include "common.repository" . }}/{{ .Values.image }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} # installing with cmd "onap" will not only initialize the DB, but add ONAP bootstrap data as well command: ["/bin/bash","/opt/app/aaf/cass_init/cmd.sh","onap"] diff --git a/kubernetes/aaf/components/aaf-cass/values.yaml b/kubernetes/aaf/components/aaf-cass/values.yaml index f4d1d2eef0..525674434e 100644 --- a/kubernetes/aaf/components/aaf-cass/values.yaml +++ b/kubernetes/aaf/components/aaf-cass/values.yaml @@ -14,22 +14,10 @@ # limitations under the License. global: nodePortPrefix: 302 - # Readiness image - readinessImage: onap/oom/readiness:3.0.1 - # Ubuntu Init image - ubuntuInitRepository: docker.io - ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 - # Logging image - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - # BusyBox image - busyboxRepository: docker.io - busyboxImage: library/busybox:1.31 persistence: enabled: true # Standard OOM pullPolicy: "Always" - repository: "nexus3.onap.org:10001" flavor: small diff --git a/kubernetes/aaf/components/aaf-cm/requirements.yaml b/kubernetes/aaf/components/aaf-cm/requirements.yaml index 08ef7fe836..4ed52faa0a 100644 --- a/kubernetes/aaf/components/aaf-cm/requirements.yaml +++ b/kubernetes/aaf/components/aaf-cm/requirements.yaml @@ -12,10 +12,13 @@ # See the License for the specific language governing permissions and # limitations under the License. - dependencies: +dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' - name: aaf-templates version: ~6.x-0 repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/components/aaf-cm/values.yaml b/kubernetes/aaf/components/aaf-cm/values.yaml index e75abafb0e..964b5c1002 100644 --- a/kubernetes/aaf/components/aaf-cm/values.yaml +++ b/kubernetes/aaf/components/aaf-cm/values.yaml @@ -15,24 +15,13 @@ global: nodePortPrefix: 302 - # Readiness image - readinessImage: onap/oom/readiness:3.0.1 - # Ubuntu Init image - ubuntuInitRepository: docker.io - ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 - # Logging image - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - # BusyBox image - busyboxRepository: docker.io - busyboxImage: library/busybox:1.31 persistence: enabled: true # Standard OOM pullPolicy: "Always" - repository: "nexus3.onap.org:10001" aaf: + image: onap/aaf/aaf_core:2.1.23 config: image: onap/aaf/aaf_config:2.1.23 diff --git a/kubernetes/aaf/components/aaf-fs/requirements.yaml b/kubernetes/aaf/components/aaf-fs/requirements.yaml index 08ef7fe836..5ed361f48f 100644 --- a/kubernetes/aaf/components/aaf-fs/requirements.yaml +++ b/kubernetes/aaf/components/aaf-fs/requirements.yaml @@ -12,10 +12,13 @@ # See the License for the specific language governing permissions and # limitations under the License. - dependencies: +dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' - name: aaf-templates version: ~6.x-0 - repository: 'file://../aaf-templates' + repository: 'file://../aaf-templates' \ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-fs/values.yaml b/kubernetes/aaf/components/aaf-fs/values.yaml index c3750d4449..e911a10828 100644 --- a/kubernetes/aaf/components/aaf-fs/values.yaml +++ b/kubernetes/aaf/components/aaf-fs/values.yaml @@ -15,24 +15,13 @@ global: nodePortPrefix: 302 - # Readiness image - readinessImage: onap/oom/readiness:3.0.1 - # Ubuntu Init image - ubuntuInitRepository: docker.io - ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 - # Logging image - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - # BusyBox image - busyboxRepository: docker.io - busyboxImage: library/busybox:1.31 persistence: enabled: true # Standard OOM pullPolicy: "Always" - repository: "nexus3.onap.org:10001" aaf: + image: onap/aaf/aaf_core:2.1.23 config: image: onap/aaf/aaf_config:2.1.23 diff --git a/kubernetes/aaf/components/aaf-gui/requirements.yaml b/kubernetes/aaf/components/aaf-gui/requirements.yaml index 08ef7fe836..4ed52faa0a 100644 --- a/kubernetes/aaf/components/aaf-gui/requirements.yaml +++ b/kubernetes/aaf/components/aaf-gui/requirements.yaml @@ -12,10 +12,13 @@ # See the License for the specific language governing permissions and # limitations under the License. - dependencies: +dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' - name: aaf-templates version: ~6.x-0 repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/components/aaf-gui/values.yaml b/kubernetes/aaf/components/aaf-gui/values.yaml index 247b1b5042..e239e615ed 100644 --- a/kubernetes/aaf/components/aaf-gui/values.yaml +++ b/kubernetes/aaf/components/aaf-gui/values.yaml @@ -15,24 +15,13 @@ global: nodePortPrefix: 302 - # Readiness image - readinessImage: onap/oom/readiness:3.0.1 - # Ubuntu Init image - ubuntuInitRepository: docker.io - ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 - # Logging image - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - # BusyBox image - busyboxRepository: docker.io - busyboxImage: library/busybox:1.31 persistence: enabled: true # Standard OOM pullPolicy: "Always" - repository: "nexus3.onap.org:10001" aaf: + image: onap/aaf/aaf_core:2.1.23 config: image: onap/aaf/aaf_config:2.1.23 diff --git a/kubernetes/aaf/components/aaf-hello/requirements.yaml b/kubernetes/aaf/components/aaf-hello/requirements.yaml index 08ef7fe836..4ed52faa0a 100644 --- a/kubernetes/aaf/components/aaf-hello/requirements.yaml +++ b/kubernetes/aaf/components/aaf-hello/requirements.yaml @@ -12,10 +12,13 @@ # See the License for the specific language governing permissions and # limitations under the License. - dependencies: +dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' - name: aaf-templates version: ~6.x-0 repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/components/aaf-hello/templates/deployment.yaml b/kubernetes/aaf/components/aaf-hello/templates/deployment.yaml index c25cc0b0b0..60e7c6bcc8 100644 --- a/kubernetes/aaf/components/aaf-hello/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-hello/templates/deployment.yaml @@ -28,7 +28,7 @@ spec: containers: - name: {{ include "common.name" . }} command: ["bash","-c","cd /opt/app/aaf && if [ ! -d /opt/app/osaaf/etc ]; then cp -Rf etc logs /opt/app/osaaf; fi && exec bin/hello"] - image: {{ .Values.global.repository }}/{{.Values.image }} + image: {{ include "repositoryGenerator.repository" . }}/{{.Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: {{ include "common.containerPorts" . | nindent 10 }} volumeMounts: {{ include "common.aaf-config-volume-mountpath" . | nindent 8 }} diff --git a/kubernetes/aaf/components/aaf-locate/requirements.yaml b/kubernetes/aaf/components/aaf-locate/requirements.yaml index 08ef7fe836..4ed52faa0a 100644 --- a/kubernetes/aaf/components/aaf-locate/requirements.yaml +++ b/kubernetes/aaf/components/aaf-locate/requirements.yaml @@ -12,10 +12,13 @@ # See the License for the specific language governing permissions and # limitations under the License. - dependencies: +dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' - name: aaf-templates version: ~6.x-0 repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/components/aaf-locate/values.yaml b/kubernetes/aaf/components/aaf-locate/values.yaml index e74893cd49..0a3e4d432b 100644 --- a/kubernetes/aaf/components/aaf-locate/values.yaml +++ b/kubernetes/aaf/components/aaf-locate/values.yaml @@ -15,24 +15,13 @@ global: nodePortPrefix: 302 - # Readiness image - readinessImage: onap/oom/readiness:3.0.1 - # Ubuntu Init image - ubuntuInitRepository: docker.io - ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 - # Logging image - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - # BusyBox image - busyboxRepository: docker.io - busyboxImage: library/busybox:1.31 persistence: enabled: true # Standard OOM pullPolicy: "Always" - repository: "nexus3.onap.org:10001" aaf: + image: onap/aaf/aaf_core:2.1.23 config: image: onap/aaf/aaf_config:2.1.23 diff --git a/kubernetes/aaf/components/aaf-oauth/requirements.yaml b/kubernetes/aaf/components/aaf-oauth/requirements.yaml index 08ef7fe836..4ed52faa0a 100644 --- a/kubernetes/aaf/components/aaf-oauth/requirements.yaml +++ b/kubernetes/aaf/components/aaf-oauth/requirements.yaml @@ -12,10 +12,13 @@ # See the License for the specific language governing permissions and # limitations under the License. - dependencies: +dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' - name: aaf-templates version: ~6.x-0 repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/components/aaf-oauth/values.yaml b/kubernetes/aaf/components/aaf-oauth/values.yaml index aad63df68a..2e9b6d42fa 100644 --- a/kubernetes/aaf/components/aaf-oauth/values.yaml +++ b/kubernetes/aaf/components/aaf-oauth/values.yaml @@ -15,24 +15,13 @@ global: nodePortPrefix: 302 - # Readiness image - readinessImage: onap/oom/readiness:3.0.1 - # Ubuntu Init image - ubuntuInitRepository: docker.io - ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 - # Logging image - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - # BusyBox image - busyboxRepository: docker.io - busyboxImage: library/busybox:1.31 persistence: enabled: true # Standard OOM pullPolicy: "Always" - repository: "nexus3.onap.org:10001" aaf: + image: onap/aaf/aaf_core:2.1.23 config: image: onap/aaf/aaf_config:2.1.23 diff --git a/kubernetes/aaf/components/aaf-service/requirements.yaml b/kubernetes/aaf/components/aaf-service/requirements.yaml index 08ef7fe836..4ed52faa0a 100644 --- a/kubernetes/aaf/components/aaf-service/requirements.yaml +++ b/kubernetes/aaf/components/aaf-service/requirements.yaml @@ -12,10 +12,13 @@ # See the License for the specific language governing permissions and # limitations under the License. - dependencies: +dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' - name: aaf-templates version: ~6.x-0 repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/components/aaf-service/values.yaml b/kubernetes/aaf/components/aaf-service/values.yaml index 2fd8a3bcd5..8d8da0db4a 100644 --- a/kubernetes/aaf/components/aaf-service/values.yaml +++ b/kubernetes/aaf/components/aaf-service/values.yaml @@ -15,24 +15,13 @@ global: nodePortPrefix: 302 - # Readiness image - readinessImage: onap/oom/readiness:3.0.1 - # Ubuntu Init image - ubuntuInitRepository: docker.io - ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 - # Logging image - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - # BusyBox image - busyboxRepository: docker.io - busyboxImage: library/busybox:1.31 persistence: enabled: true # Standard OOM pullPolicy: "Always" - repository: "nexus3.onap.org:10001" aaf: + image: onap/aaf/aaf_core:2.1.23 config: image: onap/aaf/aaf_config:2.1.23 diff --git a/kubernetes/aaf/components/aaf-sms/Makefile b/kubernetes/aaf/components/aaf-sms/Makefile new file mode 100644 index 0000000000..4c79718d02 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml deleted file mode 100644 index 2dc3d49b66..0000000000 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Secret Management Service Quorum Client -name: aaf-sms-quorumclient -version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json deleted file mode 100644 index 3a43f00019..0000000000 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "url":"https://aaf-sms.{{ include "common.namespace" . }}:10443", - "cafile": "/quorumclient/certs/aaf_root_ca.cer", - "clientcert":"client.cert", - "clientkey":"client.key", - "timeout":"10s" -} \ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml deleted file mode 100644 index 471c9094aa..0000000000 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} \ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml deleted file mode 100644 index d855ae6fdf..0000000000 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{- $global := . }} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} -{{- if eq "True" (include "common.needPV" .) }} -{{- range $i := until (int $global.Values.replicaCount)}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" $global }}-data-{{ $i }} - namespace: {{ include "common.namespace" $global }} - labels: - app: {{ include "common.name" $global }} - chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" $global }}" - heritage: "{{ $global.Release.Service }}" - name: {{ include "common.fullname" $global }} -spec: - capacity: - storage: {{ $global.Values.persistence.size}} - accessModes: - - {{ $global.Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" $global }}-data" - hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} -{{if ne $i (int $global.Values.replicaCount) }} ---- -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml deleted file mode 100644 index c72d9e0422..0000000000 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml +++ /dev/null @@ -1,112 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# Modifications © 2020 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} - serviceName: {{ include "common.servicename" . }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" -{{- if .Values.persistence.enabled }} - initContainers: - - name: fix-permission - command: - - /bin/sh - args: - - -c - - | - chmod -R 775 /quorumclient/auth - chown -R 100:1000 /quorumclient/auth - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /quorumclient/auth - name: {{ include "common.fullname" . }}-data -{{- end }} - containers: - - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - name: {{ include "common.name" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["/quorumclient/bin/quorumclient"] - workingDir: /quorumclient/ - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /quorumclient/config.json - name: {{ include "common.name" .}} - subPath: config.json -{{- if .Values.persistence.enabled }} - - mountPath: /quorumclient/auth - name: {{ include "common.fullname" . }}-data -{{- end }} - resources: -{{ include "common.resources" . | indent 10 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name : {{ include "common.name" . }} - configMap: - name: {{ include "common.fullname" . }} - items: - - key: config.json - path: config.json - mode: 0755 -{{- if .Values.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: {{ include "common.fullname" . }}-data - labels: - name: {{ include "common.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} -{{- end }} diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/values.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/values.yaml deleted file mode 100644 index 1459624536..0000000000 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/values.yaml +++ /dev/null @@ -1,71 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# Modifications © 2020 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - persistence: {} - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/aaf/smsquorumclient:4.0.2 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -# Example: -# default number of instances -replicaCount: 3 - -nodeSelector: {} - -affinity: {} - -persistence: - enabled: true - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce - size: 10Mi - mountPath: /dockerdata-nfs - mountSubPath: sms/quorum/data - -ingress: - enabled: false - -flavor: small - -# Configure resource requests and limits -resources: - small: - limits: - cpu: 40m - memory: 40Mi - requests: - cpu: 1m - memory: 10Mi - large: - limits: - cpu: 400m - memory: 700Mi - requests: - cpu: 10m - memory: 100Mi - unlimited: {} diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/Chart.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/Chart.yaml deleted file mode 100644 index 074958ff70..0000000000 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: Chart to launch Vault as SMS backend -name: aaf-sms-vault -appVersion: 0.9.5 -version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml deleted file mode 100644 index 0d09221644..0000000000 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-vault - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: - config.json: | - {{ .Values.config.vault | toJson }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-consul - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: - config.json: | - {{ .Values.config.consul | toJson }} diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml deleted file mode 100644 index d855ae6fdf..0000000000 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{- $global := . }} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} -{{- if eq "True" (include "common.needPV" .) }} -{{- range $i := until (int $global.Values.replicaCount)}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" $global }}-data-{{ $i }} - namespace: {{ include "common.namespace" $global }} - labels: - app: {{ include "common.name" $global }} - chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" $global }}" - heritage: "{{ $global.Release.Service }}" - name: {{ include "common.fullname" $global }} -spec: - capacity: - storage: {{ $global.Values.persistence.size}} - accessModes: - - {{ $global.Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" $global }}-data" - hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} -{{if ne $i (int $global.Values.replicaCount) }} ---- -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/service.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/service.yaml deleted file mode 100644 index b642e39540..0000000000 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/service.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - - name: {{ .Values.service.portName }} - {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }} - {{- else -}} - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - {{- end}} - protocol: TCP - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml deleted file mode 100644 index 3e580eca41..0000000000 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml +++ /dev/null @@ -1,120 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# Modifications © 2020 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} - serviceName: {{ include "common.servicename" . }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: -{{- if .Values.persistence.enabled }} - initContainers: - - name: fix-permission - command: - - /bin/sh - args: - - -c - - | - chmod -R 775 /consul/data - chown -R 100:1000 /consul/data - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /consul/data - name: {{ include "common.fullname" . }}-data -{{- end }} - containers: - - image: "{{ include "common.repository" . }}/{{ .Values.image.vault }}" - name: {{ include "common.name" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - args: ["server"] - ports: - - containerPort: {{ .Values.service.internalPort }} - volumeMounts: - - mountPath: /vault/config/config.json - name: {{ include "common.fullname" . }}-vault - subPath: config.json - - mountPath: /etc/localtime - name: localtime - readOnly: true - resources: -{{ include "common.resources" . | indent 10 }} - - image: "{{ include "common.repository" . }}/{{ .Values.image.consul }}" - name: {{ include "common.name" . }}-backend - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - args: ["agent","-server","-bind","0.0.0.0","-bootstrap-expect=1","-config-file","/consul/config/config.json"] - ports: - - name: http - containerPort: 8500 - volumeMounts: -{{- if .Values.persistence.enabled }} - - mountPath: /consul/data - name: {{ include "common.fullname" . }}-data -{{- end }} - - mountPath: /consul/config/config.json - name: {{ include "common.fullname" . }}-consulconfiguration - subPath: config.json - - mountPath: /etc/localtime - name: localtime - readOnly: true - resources: -{{ include "common.resources" . | indent 10 }} - volumes: - - name: {{ include "common.fullname" . }}-consulconfiguration - configMap: - name: {{ include "common.fullname" . }}-consul - - name: {{ include "common.fullname" . }}-vault - configMap: - name: {{ include "common.fullname" . }}-vault - - name: localtime - hostPath: - path: /etc/localtime - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" -{{- if .Values.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: {{ include "common.fullname" . }}-data - labels: - name: {{ include "common.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} -{{- end }} diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/values.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/values.yaml deleted file mode 100644 index 7787f0b85d..0000000000 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/values.yaml +++ /dev/null @@ -1,111 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# Modifications © 2020 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - persistence: {} - -# application image -repository: nexus3.onap.org:10001 -image: - consul: library/consul:1.7.1 - vault: library/vault:1.3.3 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -################################################################# -# Application configuration defaults. -################################################################# -config: - consul: - server: true - log_level: INFO - server: true - data_dir: '/consul/data' - ports: - http: 8500 - https: -1 - - vault: - storage: - consul: - address: localhost:8500 - path: smsvault - listener: - tcp: - address: '[::]:8200' - tls_disable: true - disable_mlock: true - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -persistence: - enabled: true - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce - size: 2Gi - mountPath: /dockerdata-nfs - mountSubPath: sms/consul/data - -service: - type: ClusterIP - name: aaf-sms-db - portName: aaf-sms-db - internalPort: 8200 - externalPort: 8200 - -ingress: - enabled: false - -flavor: small - -# Configure resource requests and limits -resources: - small: - limits: - cpu: 40m - memory: 40Mi - requests: - cpu: 10m - memory: 25Mi - large: - limits: - cpu: 400m - memory: 700Mi - requests: - cpu: 10m - memory: 100Mi - unlimited: {} diff --git a/kubernetes/aaf/components/aaf-sms/components/Makefile b/kubernetes/aaf/components/aaf-sms/components/Makefile new file mode 100644 index 0000000000..bf267b7720 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/components/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/Chart.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/Chart.yaml new file mode 100644 index 0000000000..2dc3d49b66 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Secret Management Service Quorum Client +name: aaf-sms-quorumclient +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/requirements.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/requirements.yaml new file mode 100644 index 0000000000..26bc7a64d8 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/resources/config/config.json b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/resources/config/config.json new file mode 100644 index 0000000000..3a43f00019 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/resources/config/config.json @@ -0,0 +1,7 @@ +{ + "url":"https://aaf-sms.{{ include "common.namespace" . }}:10443", + "cafile": "/quorumclient/certs/aaf_root_ca.cer", + "clientcert":"client.cert", + "clientkey":"client.key", + "timeout":"10s" +} \ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/templates/configmap.yaml new file mode 100644 index 0000000000..471c9094aa --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/templates/configmap.yaml @@ -0,0 +1,28 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} \ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/templates/pv.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/templates/pv.yaml new file mode 100644 index 0000000000..d855ae6fdf --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/templates/pv.yaml @@ -0,0 +1,45 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- $global := . }} +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +{{- if eq "True" (include "common.needPV" .) }} +{{- range $i := until (int $global.Values.replicaCount)}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" $global }}-data-{{ $i }} + namespace: {{ include "common.namespace" $global }} + labels: + app: {{ include "common.name" $global }} + chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" + release: "{{ include "common.release" $global }}" + heritage: "{{ $global.Release.Service }}" + name: {{ include "common.fullname" $global }} +spec: + capacity: + storage: {{ $global.Values.persistence.size}} + accessModes: + - {{ $global.Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" $global }}-data" + hostPath: + path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} +{{if ne $i (int $global.Values.replicaCount) }} +--- +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/templates/statefulset.yaml new file mode 100644 index 0000000000..0e9e66dc47 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/templates/statefulset.yaml @@ -0,0 +1,112 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# Modifications © 2020 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + serviceName: {{ include "common.servicename" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{- if .Values.persistence.enabled }} + initContainers: + - name: fix-permission + command: + - /bin/sh + args: + - -c + - | + chmod -R 775 /quorumclient/auth + chown -R 100:1000 /quorumclient/auth + image: {{ include "repositoryGenerator.image.busybox" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /quorumclient/auth + name: {{ include "common.fullname" . }}-data +{{- end }} + containers: + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + name: {{ include "common.name" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/quorumclient/bin/quorumclient"] + workingDir: /quorumclient/ + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /quorumclient/config.json + name: {{ include "common.name" .}} + subPath: config.json +{{- if .Values.persistence.enabled }} + - mountPath: /quorumclient/auth + name: {{ include "common.fullname" . }}-data +{{- end }} + resources: +{{ include "common.resources" . | indent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name : {{ include "common.name" . }} + configMap: + name: {{ include "common.fullname" . }} + items: + - key: config.json + path: config.json + mode: 0755 +{{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: {{ include "common.fullname" . }}-data + labels: + name: {{ include "common.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ include "common.release" . }}" + heritage: "{{ .Release.Service }}" + spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + storageClassName: {{ include "common.storageClass" . }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- end }} diff --git a/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/values.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/values.yaml new file mode 100644 index 0000000000..d41d31ce82 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-quorumclient/values.yaml @@ -0,0 +1,73 @@ +# Copyright 2018 Intel Corporation, Inc +# Modifications © 2020 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: onap/aaf/smsquorumclient:4.0.2 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +# Example: +# default number of instances +replicaCount: 3 + +nodeSelector: {} + +affinity: {} + +service: + name: aaf-sms + +persistence: + enabled: true + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 10Mi + mountPath: /dockerdata-nfs + mountSubPath: sms/quorum/data + +ingress: + enabled: false + +flavor: small + +# Configure resource requests and limits +resources: + small: + limits: + cpu: 40m + memory: 40Mi + requests: + cpu: 1m + memory: 10Mi + large: + limits: + cpu: 400m + memory: 700Mi + requests: + cpu: 10m + memory: 100Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/Chart.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/Chart.yaml new file mode 100644 index 0000000000..074958ff70 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Chart to launch Vault as SMS backend +name: aaf-sms-vault +appVersion: 0.9.5 +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/requirements.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/requirements.yaml new file mode 100644 index 0000000000..26bc7a64d8 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/configmap.yaml new file mode 100644 index 0000000000..0d09221644 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/configmap.yaml @@ -0,0 +1,43 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-vault + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: + config.json: | + {{ .Values.config.vault | toJson }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-consul + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: + config.json: | + {{ .Values.config.consul | toJson }} diff --git a/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/pv.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/pv.yaml new file mode 100644 index 0000000000..d855ae6fdf --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/pv.yaml @@ -0,0 +1,45 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- $global := . }} +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +{{- if eq "True" (include "common.needPV" .) }} +{{- range $i := until (int $global.Values.replicaCount)}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" $global }}-data-{{ $i }} + namespace: {{ include "common.namespace" $global }} + labels: + app: {{ include "common.name" $global }} + chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" + release: "{{ include "common.release" $global }}" + heritage: "{{ $global.Release.Service }}" + name: {{ include "common.fullname" $global }} +spec: + capacity: + storage: {{ $global.Values.persistence.size}} + accessModes: + - {{ $global.Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" $global }}-data" + hostPath: + path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} +{{if ne $i (int $global.Values.replicaCount) }} +--- +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/service.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/service.yaml new file mode 100644 index 0000000000..b642e39540 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/service.yaml @@ -0,0 +1,41 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + - name: {{ .Values.service.portName }} + {{if eq .Values.service.type "NodePort" -}} + port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }} + {{- else -}} + port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + {{- end}} + protocol: TCP + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} diff --git a/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/statefulset.yaml new file mode 100644 index 0000000000..994e1555d3 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/templates/statefulset.yaml @@ -0,0 +1,120 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# Modifications © 2020 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + serviceName: {{ include "common.servicename" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: +{{- if .Values.persistence.enabled }} + initContainers: + - name: fix-permission + command: + - /bin/sh + args: + - -c + - | + chmod -R 775 /consul/data + chown -R 100:1000 /consul/data + image: {{ include "repositoryGenerator.image.busybox" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /consul/data + name: {{ include "common.fullname" . }}-data +{{- end }} + containers: + - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.vault }} + name: {{ include "common.name" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + args: ["server"] + ports: + - containerPort: {{ .Values.service.internalPort }} + volumeMounts: + - mountPath: /vault/config/config.json + name: {{ include "common.fullname" . }}-vault + subPath: config.json + - mountPath: /etc/localtime + name: localtime + readOnly: true + resources: +{{ include "common.resources" . | indent 10 }} + - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.consul }} + name: {{ include "common.name" . }}-backend + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + args: ["agent","-server","-bind","0.0.0.0","-bootstrap-expect=1","-config-file","/consul/config/config.json"] + ports: + - name: http + containerPort: 8500 + volumeMounts: +{{- if .Values.persistence.enabled }} + - mountPath: /consul/data + name: {{ include "common.fullname" . }}-data +{{- end }} + - mountPath: /consul/config/config.json + name: {{ include "common.fullname" . }}-consulconfiguration + subPath: config.json + - mountPath: /etc/localtime + name: localtime + readOnly: true + resources: +{{ include "common.resources" . | indent 10 }} + volumes: + - name: {{ include "common.fullname" . }}-consulconfiguration + configMap: + name: {{ include "common.fullname" . }}-consul + - name: {{ include "common.fullname" . }}-vault + configMap: + name: {{ include "common.fullname" . }}-vault + - name: localtime + hostPath: + path: /etc/localtime + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: {{ include "common.fullname" . }}-data + labels: + name: {{ include "common.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ include "common.release" . }}" + heritage: "{{ .Release.Service }}" + spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + storageClassName: {{ include "common.storageClass" . }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- end }} diff --git a/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/values.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/values.yaml new file mode 100644 index 0000000000..750363c8f4 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/values.yaml @@ -0,0 +1,110 @@ +# Copyright 2018 Intel Corporation, Inc +# Modifications © 2020 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + +# application image +image: + consul: library/consul:1.7.1 + vault: library/vault:1.3.3 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +################################################################# +# Application configuration defaults. +################################################################# +config: + consul: + server: true + log_level: INFO + server: true + data_dir: '/consul/data' + ports: + http: 8500 + https: -1 + + vault: + storage: + consul: + address: localhost:8500 + path: smsvault + listener: + tcp: + address: '[::]:8200' + tls_disable: true + disable_mlock: true + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +persistence: + enabled: true + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 2Gi + mountPath: /dockerdata-nfs + mountSubPath: sms/consul/data + +service: + type: ClusterIP + name: aaf-sms-db + portName: aaf-sms-db + internalPort: 8200 + externalPort: 8200 + +ingress: + enabled: false + +flavor: small + +# Configure resource requests and limits +resources: + small: + limits: + cpu: 40m + memory: 40Mi + requests: + cpu: 10m + memory: 25Mi + large: + limits: + cpu: 400m + memory: 700Mi + requests: + cpu: 10m + memory: 100Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-sms/requirements.yaml b/kubernetes/aaf/components/aaf-sms/requirements.yaml index 7152c37ff0..58a9a0dd26 100644 --- a/kubernetes/aaf/components/aaf-sms/requirements.yaml +++ b/kubernetes/aaf/components/aaf-sms/requirements.yaml @@ -12,10 +12,19 @@ # See the License for the specific language governing permissions and # limitations under the License. - dependencies: +dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' - name: certInitializer version: ~6.x-0 repository: '@local' + - name: aaf-sms-quorumclient + version: ~6.x-0 + repository: 'file://components/aaf-sms-quorumclient' + - name: aaf-sms-vault + version: ~6.x-0 + repository: 'file://components/aaf-sms-vault' diff --git a/kubernetes/aaf/components/aaf-sms/templates/deployment.yaml b/kubernetes/aaf/components/aaf-sms/templates/deployment.yaml index 782895e87f..cfe54cf07b 100644 --- a/kubernetes/aaf/components/aaf-sms/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-sms/templates/deployment.yaml @@ -47,7 +47,7 @@ spec: - -c - | cat /int-certs/intermediate_root_ca.pem >> {{ .Values.certInitializer.mountPath }}/local/org.onap.aaf-sms.crt - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }} - mountPath: /int-certs @@ -62,13 +62,13 @@ spec: - | chmod -R 775 /sms/auth chown -R 1000:1000 /sms/auth - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /sms/auth name: {{ include "common.fullname" . }}-auth - name: {{ include "common.name" . }}-readiness - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /app/ready.py @@ -84,7 +84,7 @@ spec: apiVersion: v1 fieldPath: metadata.namespace containers: - - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }} command: ["/sms/bin/sms"] diff --git a/kubernetes/aaf/components/aaf-sms/templates/job.yaml b/kubernetes/aaf/components/aaf-sms/templates/job.yaml index 3650990b99..1341889af3 100644 --- a/kubernetes/aaf/components/aaf-sms/templates/job.yaml +++ b/kubernetes/aaf/components/aaf-sms/templates/job.yaml @@ -136,10 +136,10 @@ spec: name: {{ include "common.name" . }}-preload-input - mountPath: /config/ name: {{ include "common.name" . }}-preload - image: "{{ .Values.global.envsubstImage }}" + image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config - - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + - image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness command: @@ -156,7 +156,7 @@ spec: apiVersion: v1 fieldPath: metadata.namespace containers: - - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-preload command: diff --git a/kubernetes/aaf/components/aaf-sms/values.yaml b/kubernetes/aaf/components/aaf-sms/values.yaml index 148d10da13..3b777c64f6 100644 --- a/kubernetes/aaf/components/aaf-sms/values.yaml +++ b/kubernetes/aaf/components/aaf-sms/values.yaml @@ -18,10 +18,7 @@ ################################################################# global: nodePortPrefix: 302 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 persistence: {} - envsubstImage: dibi/envsubst aafEnabled: true flavor: small @@ -58,7 +55,6 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 image: onap/aaf/sms:4.0.2 pullPolicy: Always diff --git a/kubernetes/aaf/components/aaf-sshsm/Makefile b/kubernetes/aaf/components/aaf-sshsm/Makefile new file mode 100644 index 0000000000..4c79718d02 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml deleted file mode 100644 index 499b82caaf..0000000000 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Trusted Platform Module Resource Manager -name: aaf-sshsm-abrmd -version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml deleted file mode 100644 index 8d1faf7e32..0000000000 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}} - -apiVersion: v1 -kind: ConfigMap -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} - -{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/deployment.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/deployment.yaml deleted file mode 100644 index 2715120ba9..0000000000 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/deployment.yaml +++ /dev/null @@ -1,89 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ .Values.replicaCount }} - serviceName: - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: - - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-job-complete - command: - - /app/ready.py - args: - - -j - - "{{ include "common.fullname" . }}-init" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 3m - memory: 20Mi - containers: - - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - name: {{ include "common.name" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["/abrmd/bin/run_abrmd.sh"] - workingDir: /abrmd/bin - securityContext: - privileged: true - volumeMounts: - - name: {{ include "common.fullname" . }}-dbus - mountPath: /var/run/dbus - - name: {{ include "common.fullname" . }}-tpm-device - mountPath: /dev/tpm0 - - mountPath: /etc/localtime - name: localtime - readOnly: true - resources: {{ include "common.resources" . | nindent 10 }} - nodeSelector: - {{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end -}} - {{- if .Values.global.tpm.enabled }} - {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} - {{- end -}} - {{- if .Values.affinity }} - affinity: {{ toYaml .Values.affinity | nindent 8 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: {{ include "common.fullname" . }}-dbus - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-sshsm-dbus - - name: {{ include "common.fullname" . }}-tpm-device - hostPath: - path: /dev/tpm0 - -{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml deleted file mode 100644 index 90d18997ac..0000000000 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml +++ /dev/null @@ -1,74 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}} - -apiVersion: batch/v1 -kind: Job -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - backoffLimit: 2 - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - restartPolicy: Never - containers: - - name: {{ include "common.name" . }}-job - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["/abrmd/bin/initialize_tpm.sh"] - workingDir: /abrmd/bin - securityContext: - privileged: true - env: - - name: TPM_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ABRMD_DATA - value: /abrmd/data - volumeMounts: - - name: {{ include "common.fullname" . }}-data - mountPath: /abrmd/data - - name: {{ include "common.fullname" . }}-tpm-device - mountPath: /dev/tpm0 - - name: {{ include "common.fullname" . }}-tpmconfig - mountPath: "/abrmd/cred/" - readOnly: true - resources: {{ include "common.resources" . | nindent 10 }} - {{- if .Values.nodeSelector }} - nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} - {{- if .Values.global.tpm.enabled }} - {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} - {{- end -}} - {{- end -}} - {{- if .Values.affinity }} - affinity: {{ toYaml .Values.affinity | nindent 8 }} - {{- end }} - volumes: - - name: {{ include "common.fullname" . }}-data - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-sshsm-data - - name: {{ include "common.fullname" . }}-tpm-device - hostPath: - path: /dev/tpm0 - - name: {{ include "common.fullname" . }}-tpmconfig - secret: - secretName: {{ include "common.release" . }}-aaf-sshsm - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" - -{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml deleted file mode 100644 index 2a733632bf..0000000000 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/aaf/abrmd:4.0.0 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -# Example: -# default number of instances -replicaCount: 1 - -# TPM specific node selection is done at parent chart aaf-sshsm -nodeSelector: {} - -affinity: {} - -ingress: - enabled: false - -# Configure resource requests and limits -flavor: small -resources: - small: - limits: - cpu: 20m - memory: 50Mi - requests: - cpu: 10m - memory: 10Mi - large: - limits: - cpu: 400m - memory: 1Gi - requests: - cpu: 10m - memory: 100Mi - unlimited: {} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml deleted file mode 100644 index 22ba3da019..0000000000 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Trusted Platform Module Distribution Center -name: aaf-sshsm-distcenter -version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml deleted file mode 100644 index 99176fcdf6..0000000000 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if .Values.global.distcenter.enabled -}} - -apiVersion: v1 -kind: ConfigMap -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} - -{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml deleted file mode 100644 index c40c6b075a..0000000000 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml +++ /dev/null @@ -1,105 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if .Values.global.distcenter.enabled -}} - -apiVersion: batch/v1 -kind: Job -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - serviceName: - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - restartPolicy: Never - initContainers: -{{- if .Values.global.tpm.enabled }} - - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - command: - - /app/ready.py - args: - - -j - - "{{ include "common.release" . }}-aaf-sshsm-abrmd-init" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 3m - memory: 20Mi -{{ else }} - - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-gen-passphrase - command: ["sh", "-c", "/usr/bin/openssl rand -base64 12 >/distcenter/data/passphrase"] - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - name: {{ include "common.fullname" . }}-data - mountPath: /distcenter/data - resources: - limits: - cpu: 1 - memory: 100Mi - requests: - cpu: 3m - memory: 20Mi -{{- end }} - containers: - - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - name: {{ include "common.name" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["/entrypoint.sh"] - workingDir: /distcenter - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - name: {{ include "common.fullname" . }}-data - mountPath: /distcenter/data - resources: {{ include "common.resources" . | nindent 10 }} - {{- if .Values.nodeSelector }} - nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: {{ toYaml .Values.affinity | nindent 8 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: {{ include "common.fullname" . }}-data - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-sshsm - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" - -{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml deleted file mode 100644 index bf0ef74be2..0000000000 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if .Values.global.distcenter.enabled -}} -{{ include "common.PV" . }} -{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml deleted file mode 100644 index a13b7f353b..0000000000 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if .Values.global.distcenter.enabled -}} -{{ include "common.PVC" . }} -{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml deleted file mode 100644 index 94791be713..0000000000 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml +++ /dev/null @@ -1,69 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - persistence: {} - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/aaf/distcenter:4.0.0 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -# Example: -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -persistence: - enabled: true - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce - size: 10Mi - mountPath: /dockerdata-nfs - mountSubPath: sshsm/distcenter/data - -ingress: - enabled: false - -# Configure resource requests and limits -flavor: small -resources: - small: - limits: - cpu: 20m - memory: 50Mi - requests: - cpu: 10m - memory: 10Mi - large: - limits: - cpu: 400m - memory: 1Gi - requests: - cpu: 10m - memory: 100Mi - unlimited: {} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml deleted file mode 100644 index b64e0c331a..0000000000 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Trusted Platform Module Test CA Service -name: aaf-sshsm-testca -version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml deleted file mode 100644 index 021276b06d..0000000000 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml +++ /dev/null @@ -1,130 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if .Values.global.testca.enabled -}} - -apiVersion: batch/v1 -kind: Job -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - restartPolicy: Never - initContainers: - - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-distcenter-ready - command: - - /app/ready.py - args: - - -j - - "{{ include "common.release" . }}-aaf-sshsm-distcenter" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 3m - memory: 20Mi -{{- if .Values.global.tpm.enabled }} - - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-abrmd-ready - command: ["sh", "/sshsm/bin/abrmd_ready.sh", "300"] - workingDir: /testca/bin - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - volumeMounts: - - name: {{ include "common.fullname" . }}-dbus - mountPath: /var/run/dbus - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 3m - memory: 20Mi -{{- end }} - containers: - - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - name: {{ include "common.name" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["./import.sh"] - workingDir: /testca/bin - env: -{{- if .Values.global.tpm.enabled }} - - name: TPM_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: DATA_FOLDER - value: /testca/data/host_$(TPM_NODE_NAME) -{{ else }} - - name: DATA_FOLDER - value: /testca/data -{{- end }} - - name: SECRETS_FOLDER - value: /testca/secrets - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - name: {{ include "common.fullname" . }}-data - mountPath: /testca/data - - name: {{ include "common.fullname" . }}-dbus - mountPath: /var/run/dbus - - name: {{ include "common.fullname" . }}-secrets - mountPath: /testca/secrets - readOnly: true - resources: {{ include "common.resources" . | nindent 10 }} - nodeSelector: - {{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end -}} - {{- if .Values.global.tpm.enabled }} - {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} - {{- end -}} - {{- if .Values.affinity }} - affinity: {{ toYaml .Values.affinity | nindent 8 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: {{ include "common.fullname" . }}-data - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-sshsm - - name: {{ include "common.fullname" . }}-dbus - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-sshsm-dbus - - name: {{ include "common.fullname" . }}-secrets - secret: - secretName: {{ include "common.release" . }}-aaf-sshsm - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" - -{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml deleted file mode 100644 index dd04c93bd7..0000000000 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml +++ /dev/null @@ -1,61 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# - -enabled: true - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/aaf/testcaservice:4.0.0 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -# Example: -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -ingress: - enabled: false - -# Configure resource requests and limits -flavor: small -resources: - small: - limits: - cpu: 50m - memory: 100Mi - requests: - cpu: 10m - memory: 10Mi - large: - limits: - cpu: 400m - memory: 1Gi - requests: - cpu: 10m - memory: 100Mi - unlimited: {} diff --git a/kubernetes/aaf/components/aaf-sshsm/components/Makefile b/kubernetes/aaf/components/aaf-sshsm/components/Makefile new file mode 100644 index 0000000000..bf267b7720 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/components/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/Chart.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/Chart.yaml new file mode 100644 index 0000000000..499b82caaf --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Trusted Platform Module Resource Manager +name: aaf-sshsm-abrmd +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/requirements.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/requirements.yaml new file mode 100644 index 0000000000..771a327656 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/templates/configmap.yaml new file mode 100644 index 0000000000..8555a3c153 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/templates/configmap.yaml @@ -0,0 +1,25 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.tpm.enabled -}} + +apiVersion: v1 +kind: ConfigMap +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} + +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/templates/deployment.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/templates/deployment.yaml new file mode 100644 index 0000000000..a2df4e53b9 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/templates/deployment.yaml @@ -0,0 +1,89 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.tpm.enabled -}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + serviceName: + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-job-complete + command: + - /app/ready.py + args: + - -j + - "{{ include "common.fullname" . }}-init" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi + containers: + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + name: {{ include "common.name" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/abrmd/bin/run_abrmd.sh"] + workingDir: /abrmd/bin + securityContext: + privileged: true + volumeMounts: + - name: {{ include "common.fullname" . }}-dbus + mountPath: /var/run/dbus + - name: {{ include "common.fullname" . }}-tpm-device + mountPath: /dev/tpm0 + - mountPath: /etc/localtime + name: localtime + readOnly: true + resources: {{ include "common.resources" . | nindent 10 }} + nodeSelector: + {{- if .Values.nodeSelector }} + {{ toYaml .Values.nodeSelector | indent 8 | trim }} + {{- end }} + {{- if .Values.global.tpm.enabled }} + {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-dbus + persistentVolumeClaim: + claimName: {{ include "common.release" . }}-aaf-sshsm-dbus + - name: {{ include "common.fullname" . }}-tpm-device + hostPath: + path: /dev/tpm0 + +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/templates/job.yaml new file mode 100644 index 0000000000..8a8b6bd8fe --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/templates/job.yaml @@ -0,0 +1,74 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.tpm.enabled -}} + +apiVersion: batch/v1 +kind: Job +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + backoffLimit: 2 + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + restartPolicy: Never + containers: + - name: {{ include "common.name" . }}-job + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/abrmd/bin/initialize_tpm.sh"] + workingDir: /abrmd/bin + securityContext: + privileged: true + env: + - name: TPM_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: ABRMD_DATA + value: /abrmd/data + volumeMounts: + - name: {{ include "common.fullname" . }}-data + mountPath: /abrmd/data + - name: {{ include "common.fullname" . }}-tpm-device + mountPath: /dev/tpm0 + - name: {{ include "common.fullname" . }}-tpmconfig + mountPath: "/abrmd/cred/" + readOnly: true + resources: {{ include "common.resources" . | nindent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} + {{- if .Values.global.tpm.enabled }} + {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} + {{- end -}} + {{- end -}} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} + {{- end }} + volumes: + - name: {{ include "common.fullname" . }}-data + persistentVolumeClaim: + claimName: {{ include "common.release" . }}-aaf-sshsm-data + - name: {{ include "common.fullname" . }}-tpm-device + hostPath: + path: /dev/tpm0 + - name: {{ include "common.fullname" . }}-tpmconfig + secret: + secretName: {{ include "common.release" . }}-aaf-sshsm + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" + +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/values.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/values.yaml new file mode 100644 index 0000000000..e97519aa3e --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-abrmd/values.yaml @@ -0,0 +1,66 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + tpm: + enabled: true + # if enabled, nodeselector will use the below + # values in the nodeselector section of the pod + nodeLabel: "tpm-node" + nodeLabelValue: "true" + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: onap/aaf/abrmd:4.0.0 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +# Example: +# default number of instances +replicaCount: 1 + +# TPM specific node selection is done at parent chart aaf-sshsm +nodeSelector: {} + +affinity: {} + +ingress: + enabled: false + +# Configure resource requests and limits +flavor: small +resources: + small: + limits: + cpu: 20m + memory: 50Mi + requests: + cpu: 10m + memory: 10Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 10m + memory: 100Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/Chart.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/Chart.yaml new file mode 100644 index 0000000000..22ba3da019 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Trusted Platform Module Distribution Center +name: aaf-sshsm-distcenter +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/requirements.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/requirements.yaml new file mode 100644 index 0000000000..771a327656 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/configmap.yaml new file mode 100644 index 0000000000..2e82f5bd26 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/configmap.yaml @@ -0,0 +1,21 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} \ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/job.yaml new file mode 100644 index 0000000000..f74b5c8f2d --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/job.yaml @@ -0,0 +1,101 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: batch/v1 +kind: Job +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + serviceName: + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + restartPolicy: Never + initContainers: +{{- if .Values.global.tpm.enabled }} + - image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + command: + - /app/ready.py + args: + - -j + - "{{ include "common.release" . }}-aaf-sshsm-abrmd-init" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi +{{ else }} + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-gen-passphrase + command: ["sh", "-c", "/usr/bin/openssl rand -base64 12 >/distcenter/data/passphrase"] + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: {{ include "common.fullname" . }}-data + mountPath: /distcenter/data + resources: + limits: + cpu: 1 + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi +{{- end }} + containers: + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + name: {{ include "common.name" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/entrypoint.sh"] + workingDir: /distcenter + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: {{ include "common.fullname" . }}-data + mountPath: /distcenter/data + resources: {{ include "common.resources" . | nindent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-data + persistentVolumeClaim: + claimName: {{ include "common.release" . }}-aaf-sshsm + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/pv.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/pv.yaml new file mode 100644 index 0000000000..22acb2a609 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/pv.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.PV" . }} diff --git a/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/pvc.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/pvc.yaml new file mode 100644 index 0000000000..1c7f6ffe4a --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/templates/pvc.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.PVC" . }} diff --git a/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/values.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/values.yaml new file mode 100644 index 0000000000..fb42843cb7 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-distcenter/values.yaml @@ -0,0 +1,70 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + tpm: + enabled: true + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: onap/aaf/distcenter:4.0.0 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +# Example: +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +persistence: + enabled: true + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 10Mi + mountPath: /dockerdata-nfs + mountSubPath: sshsm/distcenter/data + +ingress: + enabled: false + +# Configure resource requests and limits +flavor: small +resources: + small: + limits: + cpu: 20m + memory: 50Mi + requests: + cpu: 10m + memory: 10Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 10m + memory: 100Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/Chart.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/Chart.yaml new file mode 100644 index 0000000000..b64e0c331a --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Trusted Platform Module Test CA Service +name: aaf-sshsm-testca +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/requirements.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/requirements.yaml new file mode 100644 index 0000000000..771a327656 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/templates/job.yaml new file mode 100644 index 0000000000..71e7c299bc --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/templates/job.yaml @@ -0,0 +1,126 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: batch/v1 +kind: Job +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + restartPolicy: Never + initContainers: + - image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-distcenter-ready + command: + - /app/ready.py + args: + - -j + - "{{ include "common.release" . }}-aaf-sshsm-distcenter" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi +{{- if .Values.global.tpm.enabled }} + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-abrmd-ready + command: ["sh", "/sshsm/bin/abrmd_ready.sh", "300"] + workingDir: /testca/bin + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + volumeMounts: + - name: {{ include "common.fullname" . }}-dbus + mountPath: /var/run/dbus + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi +{{- end }} + containers: + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + name: {{ include "common.name" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["./import.sh"] + workingDir: /testca/bin + env: +{{- if .Values.global.tpm.enabled }} + - name: TPM_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: DATA_FOLDER + value: /testca/data/host_$(TPM_NODE_NAME) +{{ else }} + - name: DATA_FOLDER + value: /testca/data +{{- end }} + - name: SECRETS_FOLDER + value: /testca/secrets + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: {{ include "common.fullname" . }}-data + mountPath: /testca/data + - name: {{ include "common.fullname" . }}-dbus + mountPath: /var/run/dbus + - name: {{ include "common.fullname" . }}-secrets + mountPath: /testca/secrets + readOnly: true + resources: {{ include "common.resources" . | nindent 10 }} + nodeSelector: + {{- if .Values.nodeSelector }} + {{ toYaml .Values.nodeSelector | indent 8 | trim }} + {{- end -}} + {{- if .Values.global.tpm.enabled }} + {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} + {{- end -}} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-data + persistentVolumeClaim: + claimName: {{ include "common.release" . }}-aaf-sshsm + - name: {{ include "common.fullname" . }}-dbus + persistentVolumeClaim: + claimName: {{ include "common.release" . }}-aaf-sshsm-dbus + - name: {{ include "common.fullname" . }}-secrets + secret: + secretName: {{ include "common.release" . }}-aaf-sshsm + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/values.yaml b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/values.yaml new file mode 100644 index 0000000000..f116c6d5e9 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/components/aaf-sshsm-testca/values.yaml @@ -0,0 +1,66 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# + +global: + tpm: + enabled: true + # if enabled, nodeselector will use the below + # values in the nodeselector section of the pod + nodeLabel: "tpm-node" + nodeLabelValue: "true" + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: onap/aaf/testcaservice:4.0.0 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +# Example: +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +ingress: + enabled: false + +# Configure resource requests and limits +flavor: small +resources: + small: + limits: + cpu: 50m + memory: 100Mi + requests: + cpu: 10m + memory: 10Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 10m + memory: 100Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-sshsm/requirements.yaml b/kubernetes/aaf/components/aaf-sshsm/requirements.yaml index 0704a2c9df..bb76d59c04 100644 --- a/kubernetes/aaf/components/aaf-sshsm/requirements.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/requirements.yaml @@ -16,3 +16,18 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' + - name: aaf-sshsm-abrmd + version: ~6.x-0 + repository: 'file://components/aaf-sshsm-abrmd' + condition: aaf-sshsm-abrmd.enabled + - name: aaf-sshsm-distcenter + version: ~6.x-0 + repository: 'file://components/aaf-sshsm-distcenter' + condition: aaf-sshsm-distcenter.enabled + - name: aaf-sshsm-testca + version: ~6.x-0 + repository: 'file://components/aaf-sshsm-testca' + condition: aaf-sshsm-testca.testca.enabled diff --git a/kubernetes/aaf/components/aaf-sshsm/values.yaml b/kubernetes/aaf/components/aaf-sshsm/values.yaml index eee2bcf0aa..7e8d4f1352 100644 --- a/kubernetes/aaf/components/aaf-sshsm/values.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/values.yaml @@ -18,20 +18,8 @@ ################################################################# global: nodePortPrefix: 302 - # Readiness image - readinessImage: onap/oom/readiness:3.0.1 - # Ubuntu Init image - ubuntuInitRepository: docker.io - ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 - # Logging image - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - # BusyBox image - busyboxRepository: docker.io - busyboxImage: library/busybox:1.31 # Standard OOM pullPolicy: "Always" - repository: "nexus3.onap.org:10001" tpm: enabled: false @@ -39,14 +27,15 @@ global: # values in the nodeselector section of the pod nodeLabel: "tpm-node" nodeLabelValue: "true" - abrmd: - enabled: true - distcenter: - enabled: true - testca: - enabled: true persistence: {} +aaf-sshsm-abrmd: + enabled: true +aaf-sshsm-distcenter: + enabled: true +aaf-sshsm-testca: + enabled: true + persistence: enabled: true data: diff --git a/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl b/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl index bf6931a8e3..25a05a5e2f 100644 --- a/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl +++ b/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl @@ -28,7 +28,7 @@ spec: - name: {{ include "common.name" . }} workingDir: /opt/app/aaf command: ["bin/{{ .Values.binary }}"] - image: {{ include "common.repository" . }}/{{.Values.global.aaf.image}} + image: {{ include "repositoryGenerator.repository" . }}/{{.Values.global.aaf.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: {{ include "common.containerPorts" . | nindent 10 }} volumeMounts: diff --git a/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl b/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl index 69d954af77..7cdf4d072e 100644 --- a/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl +++ b/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl @@ -23,7 +23,7 @@ - | chown -R 1000:1000 /opt/app/aaf chown -R 1000:1000 /opt/app/osaaf - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /opt/app/osaaf @@ -39,7 +39,7 @@ {{- define "aaf.podConfiguration" }} - name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} + image: {{ include "repositoryGenerator.repository" . }}/{{.Values.global.aaf.config.image}} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /bin/bash @@ -108,7 +108,7 @@ initContainers: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: limits: diff --git a/kubernetes/aaf/values.yaml b/kubernetes/aaf/values.yaml index df6aff5a04..9d032b599a 100644 --- a/kubernetes/aaf/values.yaml +++ b/kubernetes/aaf/values.yaml @@ -20,26 +20,10 @@ global: nodePortPrefix: 302 - # Readiness image - readinessImage: onap/oom/readiness:3.0.1 - # Ubuntu Init image - ubuntuInitRepository: docker.io - ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 - # Logging image - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - # BusyBox image - busyboxRepository: docker.io - busyboxImage: library/busybox:1.31 persistence: enabled: true # Standard OOM pullPolicy: "Always" - repository: "nexus3.onap.org:10001" - - # Use Local - #pullPolicy: IfNotPresent - #repository: "nexus3.onap.org:10003" cmpv2Enabled: true addTestingComponents: false -- cgit 1.2.3-korg