From c8257d1cdf4a1640ae2c2aeade8f8bc9e3b418fa Mon Sep 17 00:00:00 2001 From: Sylvain Desbureaux Date: Fri, 5 Jun 2020 15:19:22 +0200 Subject: [AAF SMS] Use certInitializer for certificates AAF SMS was hardcoding its certificates in the container. This patch makes use of certInitializer in order to retrieve "fresh" certificates. In order to use certInitiliazer in a sub component, we had to move charts to component and add the right requirements. Issue-ID: AAF-1159 Signed-off-by: Sylvain Desbureaux Change-Id: I6ec55eddffd54dd56b03cea1a6f0b437f8bfa299 (cherry picked from commit 0de302ad6212185c842ce7232319e19d994dd520) --- kubernetes/aaf/Makefile | 50 ++++ kubernetes/aaf/charts/aaf-cass/.helmignore | 21 -- kubernetes/aaf/charts/aaf-cass/Chart.yaml | 18 -- kubernetes/aaf/charts/aaf-cass/templates/NOTES.txt | 33 --- .../aaf/charts/aaf-cass/templates/deployment.yaml | 113 --------- kubernetes/aaf/charts/aaf-cass/templates/pv.yaml | 18 -- kubernetes/aaf/charts/aaf-cass/templates/pvc.yaml | 18 -- .../aaf/charts/aaf-cass/templates/service.yaml | 16 -- kubernetes/aaf/charts/aaf-cass/values.yaml | 90 -------- kubernetes/aaf/charts/aaf-cert-service/.helmignore | 22 -- kubernetes/aaf/charts/aaf-cert-service/Chart.yaml | 18 -- .../resources/certServiceClient-keystore.jks | Bin 4087 -> 0 bytes .../resources/certServiceServer-keystore.jks | Bin 4126 -> 0 bytes .../resources/certServiceServer-keystore.p12 | Bin 4691 -> 0 bytes .../resources/default/cmpServers.json | 3 - .../aaf/charts/aaf-cert-service/resources/root.crt | 32 --- .../resources/test/cmpServers.json | 24 -- .../aaf-cert-service/resources/truststore.jks | Bin 1722 -> 0 bytes .../aaf-cert-service/templates/deployment.yaml | 123 ---------- .../charts/aaf-cert-service/templates/secret.yaml | 56 ----- .../charts/aaf-cert-service/templates/service.yaml | 17 -- kubernetes/aaf/charts/aaf-cert-service/values.yaml | 141 ----------- kubernetes/aaf/charts/aaf-cm/.helmignore | 21 -- kubernetes/aaf/charts/aaf-cm/Chart.yaml | 19 -- kubernetes/aaf/charts/aaf-cm/templates/NOTES.txt | 33 --- .../aaf/charts/aaf-cm/templates/deployment.yaml | 16 -- .../aaf/charts/aaf-cm/templates/ingress.yaml | 4 - .../aaf/charts/aaf-cm/templates/service.yaml | 16 -- kubernetes/aaf/charts/aaf-cm/values.yaml | 81 ------- kubernetes/aaf/charts/aaf-fs/.helmignore | 21 -- kubernetes/aaf/charts/aaf-fs/Chart.yaml | 18 -- kubernetes/aaf/charts/aaf-fs/templates/NOTES.txt | 33 --- .../aaf/charts/aaf-fs/templates/deployment.yaml | 16 -- .../aaf/charts/aaf-fs/templates/ingress.yaml | 4 - .../aaf/charts/aaf-fs/templates/service.yaml | 16 -- kubernetes/aaf/charts/aaf-fs/values.yaml | 83 ------- kubernetes/aaf/charts/aaf-gui/.helmignore | 21 -- kubernetes/aaf/charts/aaf-gui/Chart.yaml | 18 -- kubernetes/aaf/charts/aaf-gui/templates/NOTES.txt | 33 --- .../aaf/charts/aaf-gui/templates/deployment.yaml | 16 -- .../aaf/charts/aaf-gui/templates/ingress.yaml | 4 - .../aaf/charts/aaf-gui/templates/service.yaml | 16 -- kubernetes/aaf/charts/aaf-gui/values.yaml | 83 ------- kubernetes/aaf/charts/aaf-hello/.helmignore | 21 -- kubernetes/aaf/charts/aaf-hello/Chart.yaml | 18 -- .../aaf/charts/aaf-hello/templates/NOTES.txt | 14 -- .../aaf/charts/aaf-hello/templates/deployment.yaml | 60 ----- .../aaf/charts/aaf-hello/templates/ingress.yaml | 4 - .../aaf/charts/aaf-hello/templates/secret.yaml | 15 -- .../aaf/charts/aaf-hello/templates/service.yaml | 16 -- kubernetes/aaf/charts/aaf-hello/values.yaml | 105 --------- kubernetes/aaf/charts/aaf-locate/.helmignore | 21 -- kubernetes/aaf/charts/aaf-locate/Chart.yaml | 18 -- .../aaf/charts/aaf-locate/templates/NOTES.txt | 33 --- .../charts/aaf-locate/templates/deployment.yaml | 16 -- .../aaf/charts/aaf-locate/templates/ingress.yaml | 2 - .../aaf/charts/aaf-locate/templates/service.yaml | 16 -- kubernetes/aaf/charts/aaf-locate/values.yaml | 79 ------- kubernetes/aaf/charts/aaf-oauth/.helmignore | 21 -- kubernetes/aaf/charts/aaf-oauth/Chart.yaml | 18 -- .../aaf/charts/aaf-oauth/templates/NOTES.txt | 33 --- .../aaf/charts/aaf-oauth/templates/deployment.yaml | 16 -- .../aaf/charts/aaf-oauth/templates/ingress.yaml | 2 - .../aaf/charts/aaf-oauth/templates/service.yaml | 16 -- kubernetes/aaf/charts/aaf-oauth/values.yaml | 82 ------- kubernetes/aaf/charts/aaf-service/.helmignore | 21 -- kubernetes/aaf/charts/aaf-service/Chart.yaml | 18 -- .../charts/aaf-service/templates/deployment.yaml | 16 -- .../aaf/charts/aaf-service/templates/ingress.yaml | 4 - .../aaf/charts/aaf-service/templates/service.yaml | 16 -- kubernetes/aaf/charts/aaf-service/values.yaml | 81 ------- kubernetes/aaf/charts/aaf-sms/Chart.yaml | 18 -- .../aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml | 18 -- .../resources/config/config.json | 7 - .../aaf-sms-quorumclient/templates/configmap.yaml | 26 --- .../charts/aaf-sms-quorumclient/templates/pv.yaml | 45 ---- .../templates/statefulset.yaml | 107 --------- .../charts/aaf-sms-quorumclient/values.yaml | 71 ------ .../charts/aaf-sms/charts/aaf-sms-vault/Chart.yaml | 19 -- .../charts/aaf-sms-vault/templates/configmap.yaml | 41 ---- .../aaf-sms/charts/aaf-sms-vault/templates/pv.yaml | 45 ---- .../charts/aaf-sms-vault/templates/service.yaml | 39 ---- .../aaf-sms-vault/templates/statefulset.yaml | 115 --------- .../aaf-sms/charts/aaf-sms-vault/values.yaml | 111 --------- .../aaf/charts/aaf-sms/resources/config/has.json | 44 ---- .../aaf/charts/aaf-sms/resources/config/osdf.json | 105 --------- .../aaf/charts/aaf-sms/templates/configmap.yaml | 42 ---- .../aaf/charts/aaf-sms/templates/deployment.yaml | 122 ---------- kubernetes/aaf/charts/aaf-sms/templates/job.yaml | 202 ---------------- kubernetes/aaf/charts/aaf-sms/templates/pv.yaml | 40 ---- kubernetes/aaf/charts/aaf-sms/templates/pvc.yaml | 39 ---- .../aaf/charts/aaf-sms/templates/secret.yaml | 17 -- .../aaf/charts/aaf-sms/templates/service.yaml | 39 ---- kubernetes/aaf/charts/aaf-sms/values.yaml | 227 ------------------ kubernetes/aaf/charts/aaf-sshsm/Chart.yaml | 18 -- kubernetes/aaf/charts/aaf-sshsm/README.md | 24 -- .../aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml | 18 -- .../aaf-sshsm-abrmd/templates/configmap.yaml | 25 -- .../charts/aaf-sshsm-abrmd/templates/job.yaml | 75 ------ .../aaf-sshsm-abrmd/templates/statefulset.yaml | 89 ------- .../aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml | 60 ----- .../charts/aaf-sshsm-distcenter/Chart.yaml | 18 -- .../aaf-sshsm-distcenter/templates/configmap.yaml | 25 -- .../charts/aaf-sshsm-distcenter/templates/job.yaml | 106 --------- .../charts/aaf-sshsm-distcenter/templates/pv.yaml | 19 -- .../charts/aaf-sshsm-distcenter/templates/pvc.yaml | 19 -- .../charts/aaf-sshsm-distcenter/values.yaml | 69 ------ .../aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml | 18 -- .../charts/aaf-sshsm-testca/templates/job.yaml | 131 ----------- .../aaf-sshsm/charts/aaf-sshsm-testca/values.yaml | 61 ----- kubernetes/aaf/charts/aaf-sshsm/requirements.yaml | 18 -- .../charts/aaf-sshsm/resources/config/prk_passwd | 1 - .../charts/aaf-sshsm/resources/config/srk_handle | 1 - .../aaf/charts/aaf-sshsm/templates/pv-data.yaml | 17 -- .../aaf/charts/aaf-sshsm/templates/pv-dbus.yaml | 17 -- .../aaf/charts/aaf-sshsm/templates/pvc-data.yaml | 17 -- .../aaf/charts/aaf-sshsm/templates/pvc-dbus.yaml | 17 -- .../aaf/charts/aaf-sshsm/templates/secret.yaml | 22 -- kubernetes/aaf/charts/aaf-sshsm/values.yaml | 66 ------ kubernetes/aaf/components/Makefile | 50 ++++ kubernetes/aaf/components/aaf-cass/.helmignore | 21 ++ kubernetes/aaf/components/aaf-cass/Chart.yaml | 18 ++ .../aaf/components/aaf-cass/requirements.yaml | 18 ++ .../aaf/components/aaf-cass/templates/NOTES.txt | 33 +++ .../components/aaf-cass/templates/deployment.yaml | 113 +++++++++ .../aaf/components/aaf-cass/templates/pv.yaml | 18 ++ .../aaf/components/aaf-cass/templates/pvc.yaml | 18 ++ .../aaf/components/aaf-cass/templates/service.yaml | 16 ++ kubernetes/aaf/components/aaf-cass/values.yaml | 109 +++++++++ .../aaf/components/aaf-cert-service/.helmignore | 22 ++ .../aaf/components/aaf-cert-service/Chart.yaml | 18 ++ .../components/aaf-cert-service/requirements.yaml | 18 ++ .../resources/certServiceClient-keystore.jks | Bin 0 -> 4087 bytes .../resources/certServiceServer-keystore.jks | Bin 0 -> 4126 bytes .../resources/certServiceServer-keystore.p12 | Bin 0 -> 4691 bytes .../resources/default/cmpServers.json | 3 + .../components/aaf-cert-service/resources/root.crt | 32 +++ .../resources/test/cmpServers.json | 24 ++ .../aaf-cert-service/resources/truststore.jks | Bin 0 -> 1722 bytes .../aaf-cert-service/templates/deployment.yaml | 123 ++++++++++ .../aaf-cert-service/templates/secret.yaml | 56 +++++ .../aaf-cert-service/templates/service.yaml | 17 ++ .../aaf/components/aaf-cert-service/values.yaml | 160 +++++++++++++ kubernetes/aaf/components/aaf-cm/.helmignore | 21 ++ kubernetes/aaf/components/aaf-cm/Chart.yaml | 19 ++ kubernetes/aaf/components/aaf-cm/requirements.yaml | 21 ++ .../aaf/components/aaf-cm/templates/NOTES.txt | 33 +++ .../components/aaf-cm/templates/deployment.yaml | 16 ++ .../aaf/components/aaf-cm/templates/ingress.yaml | 4 + .../aaf/components/aaf-cm/templates/service.yaml | 16 ++ kubernetes/aaf/components/aaf-cm/values.yaml | 106 +++++++++ kubernetes/aaf/components/aaf-fs/.helmignore | 21 ++ kubernetes/aaf/components/aaf-fs/Chart.yaml | 18 ++ kubernetes/aaf/components/aaf-fs/requirements.yaml | 21 ++ .../aaf/components/aaf-fs/templates/NOTES.txt | 33 +++ .../components/aaf-fs/templates/deployment.yaml | 16 ++ .../aaf/components/aaf-fs/templates/ingress.yaml | 4 + .../aaf/components/aaf-fs/templates/service.yaml | 16 ++ kubernetes/aaf/components/aaf-fs/values.yaml | 107 +++++++++ kubernetes/aaf/components/aaf-gui/.helmignore | 21 ++ kubernetes/aaf/components/aaf-gui/Chart.yaml | 18 ++ .../aaf/components/aaf-gui/requirements.yaml | 21 ++ .../aaf/components/aaf-gui/templates/NOTES.txt | 33 +++ .../components/aaf-gui/templates/deployment.yaml | 16 ++ .../aaf/components/aaf-gui/templates/ingress.yaml | 4 + .../aaf/components/aaf-gui/templates/service.yaml | 16 ++ kubernetes/aaf/components/aaf-gui/values.yaml | 107 +++++++++ kubernetes/aaf/components/aaf-hello/.helmignore | 21 ++ kubernetes/aaf/components/aaf-hello/Chart.yaml | 18 ++ .../aaf/components/aaf-hello/requirements.yaml | 21 ++ .../aaf/components/aaf-hello/templates/NOTES.txt | 14 ++ .../components/aaf-hello/templates/deployment.yaml | 60 +++++ .../components/aaf-hello/templates/ingress.yaml | 4 + .../aaf/components/aaf-hello/templates/secret.yaml | 15 ++ .../components/aaf-hello/templates/service.yaml | 16 ++ kubernetes/aaf/components/aaf-hello/values.yaml | 105 +++++++++ kubernetes/aaf/components/aaf-locate/.helmignore | 21 ++ kubernetes/aaf/components/aaf-locate/Chart.yaml | 18 ++ .../aaf/components/aaf-locate/requirements.yaml | 21 ++ .../aaf/components/aaf-locate/templates/NOTES.txt | 33 +++ .../aaf-locate/templates/deployment.yaml | 16 ++ .../components/aaf-locate/templates/ingress.yaml | 2 + .../components/aaf-locate/templates/service.yaml | 16 ++ kubernetes/aaf/components/aaf-locate/values.yaml | 104 +++++++++ kubernetes/aaf/components/aaf-oauth/.helmignore | 21 ++ kubernetes/aaf/components/aaf-oauth/Chart.yaml | 18 ++ .../aaf/components/aaf-oauth/requirements.yaml | 21 ++ .../aaf/components/aaf-oauth/templates/NOTES.txt | 33 +++ .../components/aaf-oauth/templates/deployment.yaml | 16 ++ .../components/aaf-oauth/templates/ingress.yaml | 2 + .../components/aaf-oauth/templates/service.yaml | 16 ++ kubernetes/aaf/components/aaf-oauth/values.yaml | 107 +++++++++ kubernetes/aaf/components/aaf-service/.helmignore | 21 ++ kubernetes/aaf/components/aaf-service/Chart.yaml | 18 ++ .../aaf/components/aaf-service/requirements.yaml | 21 ++ .../aaf-service/templates/deployment.yaml | 16 ++ .../components/aaf-service/templates/ingress.yaml | 4 + .../components/aaf-service/templates/service.yaml | 16 ++ kubernetes/aaf/components/aaf-service/values.yaml | 106 +++++++++ kubernetes/aaf/components/aaf-sms/Chart.yaml | 18 ++ .../aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml | 18 ++ .../resources/config/config.json | 7 + .../aaf-sms-quorumclient/templates/configmap.yaml | 26 +++ .../charts/aaf-sms-quorumclient/templates/pv.yaml | 45 ++++ .../templates/statefulset.yaml | 107 +++++++++ .../charts/aaf-sms-quorumclient/values.yaml | 71 ++++++ .../aaf-sms/charts/aaf-sms-vault/Chart.yaml | 19 ++ .../charts/aaf-sms-vault/templates/configmap.yaml | 41 ++++ .../aaf-sms/charts/aaf-sms-vault/templates/pv.yaml | 45 ++++ .../charts/aaf-sms-vault/templates/service.yaml | 39 ++++ .../aaf-sms-vault/templates/statefulset.yaml | 115 +++++++++ .../aaf-sms/charts/aaf-sms-vault/values.yaml | 111 +++++++++ .../aaf/components/aaf-sms/requirements.yaml | 21 ++ .../resources/certs/intermediate_root_ca.pem | 26 +++ .../components/aaf-sms/resources/config/has.json | 44 ++++ .../components/aaf-sms/resources/config/osdf.json | 105 +++++++++ .../components/aaf-sms/templates/configmap.yaml | 42 ++++ .../components/aaf-sms/templates/deployment.yaml | 144 ++++++++++++ .../aaf/components/aaf-sms/templates/job.yaml | 202 ++++++++++++++++ .../aaf/components/aaf-sms/templates/pv.yaml | 40 ++++ .../aaf/components/aaf-sms/templates/pvc.yaml | 39 ++++ .../aaf/components/aaf-sms/templates/secret.yaml | 32 +++ .../aaf/components/aaf-sms/templates/service.yaml | 39 ++++ kubernetes/aaf/components/aaf-sms/values.yaml | 257 +++++++++++++++++++++ kubernetes/aaf/components/aaf-sshsm/Chart.yaml | 18 ++ kubernetes/aaf/components/aaf-sshsm/README.md | 24 ++ .../aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml | 18 ++ .../aaf-sshsm-abrmd/templates/configmap.yaml | 25 ++ .../charts/aaf-sshsm-abrmd/templates/job.yaml | 75 ++++++ .../aaf-sshsm-abrmd/templates/statefulset.yaml | 89 +++++++ .../aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml | 60 +++++ .../charts/aaf-sshsm-distcenter/Chart.yaml | 18 ++ .../aaf-sshsm-distcenter/templates/configmap.yaml | 25 ++ .../charts/aaf-sshsm-distcenter/templates/job.yaml | 106 +++++++++ .../charts/aaf-sshsm-distcenter/templates/pv.yaml | 19 ++ .../charts/aaf-sshsm-distcenter/templates/pvc.yaml | 19 ++ .../charts/aaf-sshsm-distcenter/values.yaml | 69 ++++++ .../aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml | 18 ++ .../charts/aaf-sshsm-testca/templates/job.yaml | 131 +++++++++++ .../aaf-sshsm/charts/aaf-sshsm-testca/values.yaml | 61 +++++ .../aaf/components/aaf-sshsm/requirements.yaml | 18 ++ .../aaf-sshsm/resources/config/prk_passwd | 1 + .../aaf-sshsm/resources/config/srk_handle | 1 + .../components/aaf-sshsm/templates/pv-data.yaml | 17 ++ .../components/aaf-sshsm/templates/pv-dbus.yaml | 17 ++ .../components/aaf-sshsm/templates/pvc-data.yaml | 17 ++ .../components/aaf-sshsm/templates/pvc-dbus.yaml | 17 ++ .../aaf/components/aaf-sshsm/templates/secret.yaml | 22 ++ kubernetes/aaf/components/aaf-sshsm/values.yaml | 84 +++++++ kubernetes/aaf/components/aaf-templates/Chart.yaml | 19 ++ .../aaf/components/aaf-templates/requirements.yaml | 18 ++ .../aaf-templates/templates/_deployment.tpl | 67 ++++++ .../aaf-templates/templates/_initContainers.tpl | 122 ++++++++++ .../aaf/components/aaf-templates/values.yaml | 13 ++ kubernetes/aaf/requirements.yaml | 36 ++- kubernetes/aaf/templates/_deployment.tpl | 67 ------ kubernetes/aaf/templates/_initContainers.tpl | 122 ---------- 257 files changed, 5481 insertions(+), 4798 deletions(-) create mode 100644 kubernetes/aaf/Makefile delete mode 100644 kubernetes/aaf/charts/aaf-cass/.helmignore delete mode 100644 kubernetes/aaf/charts/aaf-cass/Chart.yaml delete mode 100644 kubernetes/aaf/charts/aaf-cass/templates/NOTES.txt delete mode 100644 kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml delete mode 100644 kubernetes/aaf/charts/aaf-cass/templates/pv.yaml delete mode 100644 kubernetes/aaf/charts/aaf-cass/templates/pvc.yaml delete mode 100644 kubernetes/aaf/charts/aaf-cass/templates/service.yaml delete mode 100644 kubernetes/aaf/charts/aaf-cass/values.yaml delete mode 100644 kubernetes/aaf/charts/aaf-cert-service/.helmignore delete mode 100644 kubernetes/aaf/charts/aaf-cert-service/Chart.yaml delete mode 100644 kubernetes/aaf/charts/aaf-cert-service/resources/certServiceClient-keystore.jks delete mode 100644 kubernetes/aaf/charts/aaf-cert-service/resources/certServiceServer-keystore.jks delete mode 100644 kubernetes/aaf/charts/aaf-cert-service/resources/certServiceServer-keystore.p12 delete mode 100644 kubernetes/aaf/charts/aaf-cert-service/resources/default/cmpServers.json delete mode 100644 kubernetes/aaf/charts/aaf-cert-service/resources/root.crt delete mode 100644 kubernetes/aaf/charts/aaf-cert-service/resources/test/cmpServers.json delete mode 100644 kubernetes/aaf/charts/aaf-cert-service/resources/truststore.jks delete mode 100644 kubernetes/aaf/charts/aaf-cert-service/templates/deployment.yaml delete mode 100644 kubernetes/aaf/charts/aaf-cert-service/templates/secret.yaml delete mode 100644 kubernetes/aaf/charts/aaf-cert-service/templates/service.yaml delete mode 100644 kubernetes/aaf/charts/aaf-cert-service/values.yaml delete mode 100644 kubernetes/aaf/charts/aaf-cm/.helmignore delete mode 100644 kubernetes/aaf/charts/aaf-cm/Chart.yaml delete mode 100644 kubernetes/aaf/charts/aaf-cm/templates/NOTES.txt delete mode 100644 kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml delete mode 100644 kubernetes/aaf/charts/aaf-cm/templates/ingress.yaml delete mode 100644 kubernetes/aaf/charts/aaf-cm/templates/service.yaml delete mode 100644 kubernetes/aaf/charts/aaf-cm/values.yaml delete mode 100644 kubernetes/aaf/charts/aaf-fs/.helmignore delete mode 100644 kubernetes/aaf/charts/aaf-fs/Chart.yaml delete mode 100644 kubernetes/aaf/charts/aaf-fs/templates/NOTES.txt delete mode 100644 kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml delete mode 100644 kubernetes/aaf/charts/aaf-fs/templates/ingress.yaml delete mode 100644 kubernetes/aaf/charts/aaf-fs/templates/service.yaml delete mode 100644 kubernetes/aaf/charts/aaf-fs/values.yaml delete mode 100644 kubernetes/aaf/charts/aaf-gui/.helmignore delete mode 100644 kubernetes/aaf/charts/aaf-gui/Chart.yaml delete mode 100644 kubernetes/aaf/charts/aaf-gui/templates/NOTES.txt delete mode 100644 kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml delete mode 100644 kubernetes/aaf/charts/aaf-gui/templates/ingress.yaml delete mode 100644 kubernetes/aaf/charts/aaf-gui/templates/service.yaml delete mode 100644 kubernetes/aaf/charts/aaf-gui/values.yaml delete mode 100644 kubernetes/aaf/charts/aaf-hello/.helmignore delete mode 100644 kubernetes/aaf/charts/aaf-hello/Chart.yaml delete mode 100644 kubernetes/aaf/charts/aaf-hello/templates/NOTES.txt delete mode 100644 kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml delete mode 100644 kubernetes/aaf/charts/aaf-hello/templates/ingress.yaml delete mode 100644 kubernetes/aaf/charts/aaf-hello/templates/secret.yaml delete mode 100644 kubernetes/aaf/charts/aaf-hello/templates/service.yaml delete mode 100644 kubernetes/aaf/charts/aaf-hello/values.yaml delete mode 100644 kubernetes/aaf/charts/aaf-locate/.helmignore delete mode 100644 kubernetes/aaf/charts/aaf-locate/Chart.yaml delete mode 100644 kubernetes/aaf/charts/aaf-locate/templates/NOTES.txt delete mode 100644 kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml delete mode 100644 kubernetes/aaf/charts/aaf-locate/templates/ingress.yaml delete mode 100644 kubernetes/aaf/charts/aaf-locate/templates/service.yaml delete mode 100644 kubernetes/aaf/charts/aaf-locate/values.yaml delete mode 100644 kubernetes/aaf/charts/aaf-oauth/.helmignore delete mode 100644 kubernetes/aaf/charts/aaf-oauth/Chart.yaml delete mode 100644 kubernetes/aaf/charts/aaf-oauth/templates/NOTES.txt delete mode 100644 kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml delete mode 100644 kubernetes/aaf/charts/aaf-oauth/templates/ingress.yaml delete mode 100644 kubernetes/aaf/charts/aaf-oauth/templates/service.yaml delete mode 100644 kubernetes/aaf/charts/aaf-oauth/values.yaml delete mode 100644 kubernetes/aaf/charts/aaf-service/.helmignore delete mode 100644 kubernetes/aaf/charts/aaf-service/Chart.yaml delete mode 100644 kubernetes/aaf/charts/aaf-service/templates/deployment.yaml delete mode 100644 kubernetes/aaf/charts/aaf-service/templates/ingress.yaml delete mode 100644 kubernetes/aaf/charts/aaf-service/templates/service.yaml delete mode 100644 kubernetes/aaf/charts/aaf-service/values.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sms/Chart.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json delete mode 100644 kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/Chart.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/service.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sms/resources/config/has.json delete mode 100644 kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json delete mode 100644 kubernetes/aaf/charts/aaf-sms/templates/configmap.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sms/templates/deployment.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sms/templates/job.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sms/templates/pv.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sms/templates/pvc.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sms/templates/secret.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sms/templates/service.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sms/values.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sshsm/Chart.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sshsm/README.md delete mode 100644 kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sshsm/requirements.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sshsm/resources/config/prk_passwd delete mode 100644 kubernetes/aaf/charts/aaf-sshsm/resources/config/srk_handle delete mode 100644 kubernetes/aaf/charts/aaf-sshsm/templates/pv-data.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sshsm/templates/pv-dbus.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sshsm/templates/pvc-data.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sshsm/templates/pvc-dbus.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sshsm/templates/secret.yaml delete mode 100644 kubernetes/aaf/charts/aaf-sshsm/values.yaml create mode 100644 kubernetes/aaf/components/Makefile create mode 100644 kubernetes/aaf/components/aaf-cass/.helmignore create mode 100644 kubernetes/aaf/components/aaf-cass/Chart.yaml create mode 100644 kubernetes/aaf/components/aaf-cass/requirements.yaml create mode 100644 kubernetes/aaf/components/aaf-cass/templates/NOTES.txt create mode 100644 kubernetes/aaf/components/aaf-cass/templates/deployment.yaml create mode 100644 kubernetes/aaf/components/aaf-cass/templates/pv.yaml create mode 100644 kubernetes/aaf/components/aaf-cass/templates/pvc.yaml create mode 100644 kubernetes/aaf/components/aaf-cass/templates/service.yaml create mode 100644 kubernetes/aaf/components/aaf-cass/values.yaml create mode 100644 kubernetes/aaf/components/aaf-cert-service/.helmignore create mode 100644 kubernetes/aaf/components/aaf-cert-service/Chart.yaml create mode 100644 kubernetes/aaf/components/aaf-cert-service/requirements.yaml create mode 100644 kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks create mode 100644 kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks create mode 100644 kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12 create mode 100644 kubernetes/aaf/components/aaf-cert-service/resources/default/cmpServers.json create mode 100644 kubernetes/aaf/components/aaf-cert-service/resources/root.crt create mode 100644 kubernetes/aaf/components/aaf-cert-service/resources/test/cmpServers.json create mode 100644 kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks create mode 100644 kubernetes/aaf/components/aaf-cert-service/templates/deployment.yaml create mode 100644 kubernetes/aaf/components/aaf-cert-service/templates/secret.yaml create mode 100644 kubernetes/aaf/components/aaf-cert-service/templates/service.yaml create mode 100644 kubernetes/aaf/components/aaf-cert-service/values.yaml create mode 100644 kubernetes/aaf/components/aaf-cm/.helmignore create mode 100644 kubernetes/aaf/components/aaf-cm/Chart.yaml create mode 100644 kubernetes/aaf/components/aaf-cm/requirements.yaml create mode 100644 kubernetes/aaf/components/aaf-cm/templates/NOTES.txt create mode 100644 kubernetes/aaf/components/aaf-cm/templates/deployment.yaml create mode 100644 kubernetes/aaf/components/aaf-cm/templates/ingress.yaml create mode 100644 kubernetes/aaf/components/aaf-cm/templates/service.yaml create mode 100644 kubernetes/aaf/components/aaf-cm/values.yaml create mode 100644 kubernetes/aaf/components/aaf-fs/.helmignore create mode 100644 kubernetes/aaf/components/aaf-fs/Chart.yaml create mode 100644 kubernetes/aaf/components/aaf-fs/requirements.yaml create mode 100644 kubernetes/aaf/components/aaf-fs/templates/NOTES.txt create mode 100644 kubernetes/aaf/components/aaf-fs/templates/deployment.yaml create mode 100644 kubernetes/aaf/components/aaf-fs/templates/ingress.yaml create mode 100644 kubernetes/aaf/components/aaf-fs/templates/service.yaml create mode 100644 kubernetes/aaf/components/aaf-fs/values.yaml create mode 100644 kubernetes/aaf/components/aaf-gui/.helmignore create mode 100644 kubernetes/aaf/components/aaf-gui/Chart.yaml create mode 100644 kubernetes/aaf/components/aaf-gui/requirements.yaml create mode 100644 kubernetes/aaf/components/aaf-gui/templates/NOTES.txt create mode 100644 kubernetes/aaf/components/aaf-gui/templates/deployment.yaml create mode 100644 kubernetes/aaf/components/aaf-gui/templates/ingress.yaml create mode 100644 kubernetes/aaf/components/aaf-gui/templates/service.yaml create mode 100644 kubernetes/aaf/components/aaf-gui/values.yaml create mode 100644 kubernetes/aaf/components/aaf-hello/.helmignore create mode 100644 kubernetes/aaf/components/aaf-hello/Chart.yaml create mode 100644 kubernetes/aaf/components/aaf-hello/requirements.yaml create mode 100644 kubernetes/aaf/components/aaf-hello/templates/NOTES.txt create mode 100644 kubernetes/aaf/components/aaf-hello/templates/deployment.yaml create mode 100644 kubernetes/aaf/components/aaf-hello/templates/ingress.yaml create mode 100644 kubernetes/aaf/components/aaf-hello/templates/secret.yaml create mode 100644 kubernetes/aaf/components/aaf-hello/templates/service.yaml create mode 100644 kubernetes/aaf/components/aaf-hello/values.yaml create mode 100644 kubernetes/aaf/components/aaf-locate/.helmignore create mode 100644 kubernetes/aaf/components/aaf-locate/Chart.yaml create mode 100644 kubernetes/aaf/components/aaf-locate/requirements.yaml create mode 100644 kubernetes/aaf/components/aaf-locate/templates/NOTES.txt create mode 100644 kubernetes/aaf/components/aaf-locate/templates/deployment.yaml create mode 100644 kubernetes/aaf/components/aaf-locate/templates/ingress.yaml create mode 100644 kubernetes/aaf/components/aaf-locate/templates/service.yaml create mode 100644 kubernetes/aaf/components/aaf-locate/values.yaml create mode 100644 kubernetes/aaf/components/aaf-oauth/.helmignore create mode 100644 kubernetes/aaf/components/aaf-oauth/Chart.yaml create mode 100644 kubernetes/aaf/components/aaf-oauth/requirements.yaml create mode 100644 kubernetes/aaf/components/aaf-oauth/templates/NOTES.txt create mode 100644 kubernetes/aaf/components/aaf-oauth/templates/deployment.yaml create mode 100644 kubernetes/aaf/components/aaf-oauth/templates/ingress.yaml create mode 100644 kubernetes/aaf/components/aaf-oauth/templates/service.yaml create mode 100644 kubernetes/aaf/components/aaf-oauth/values.yaml create mode 100644 kubernetes/aaf/components/aaf-service/.helmignore create mode 100644 kubernetes/aaf/components/aaf-service/Chart.yaml create mode 100644 kubernetes/aaf/components/aaf-service/requirements.yaml create mode 100644 kubernetes/aaf/components/aaf-service/templates/deployment.yaml create mode 100644 kubernetes/aaf/components/aaf-service/templates/ingress.yaml create mode 100644 kubernetes/aaf/components/aaf-service/templates/service.yaml create mode 100644 kubernetes/aaf/components/aaf-service/values.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/Chart.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json create mode 100644 kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/values.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/Chart.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/service.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/values.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/requirements.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/resources/certs/intermediate_root_ca.pem create mode 100644 kubernetes/aaf/components/aaf-sms/resources/config/has.json create mode 100644 kubernetes/aaf/components/aaf-sms/resources/config/osdf.json create mode 100644 kubernetes/aaf/components/aaf-sms/templates/configmap.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/templates/deployment.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/templates/job.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/templates/pv.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/templates/pvc.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/templates/secret.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/templates/service.yaml create mode 100644 kubernetes/aaf/components/aaf-sms/values.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/Chart.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/README.md create mode 100644 kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/requirements.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/resources/config/prk_passwd create mode 100644 kubernetes/aaf/components/aaf-sshsm/resources/config/srk_handle create mode 100644 kubernetes/aaf/components/aaf-sshsm/templates/pv-data.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/templates/pv-dbus.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/templates/pvc-data.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/templates/pvc-dbus.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/templates/secret.yaml create mode 100644 kubernetes/aaf/components/aaf-sshsm/values.yaml create mode 100644 kubernetes/aaf/components/aaf-templates/Chart.yaml create mode 100644 kubernetes/aaf/components/aaf-templates/requirements.yaml create mode 100644 kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl create mode 100644 kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl create mode 100644 kubernetes/aaf/components/aaf-templates/values.yaml delete mode 100644 kubernetes/aaf/templates/_deployment.tpl delete mode 100644 kubernetes/aaf/templates/_initContainers.tpl (limited to 'kubernetes/aaf') diff --git a/kubernetes/aaf/Makefile b/kubernetes/aaf/Makefile new file mode 100644 index 0000000000..9396001ebc --- /dev/null +++ b/kubernetes/aaf/Makefile @@ -0,0 +1,50 @@ +# Copyright © 2020 Samsung Electronics, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/aaf/charts/aaf-cass/.helmignore b/kubernetes/aaf/charts/aaf-cass/.helmignore deleted file mode 100644 index daebc7da77..0000000000 --- a/kubernetes/aaf/charts/aaf-cass/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/aaf/charts/aaf-cass/Chart.yaml b/kubernetes/aaf/charts/aaf-cass/Chart.yaml deleted file mode 100644 index 42b4076689..0000000000 --- a/kubernetes/aaf/charts/aaf-cass/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP AAF cassandra -name: aaf-cass -version: 6.0.0 diff --git a/kubernetes/aaf/charts/aaf-cass/templates/NOTES.txt b/kubernetes/aaf/charts/aaf-cass/templates/NOTES.txt deleted file mode 100644 index bd74a42cd5..0000000000 --- a/kubernetes/aaf/charts/aaf-cass/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml deleted file mode 100644 index 309a9f38c6..0000000000 --- a/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml +++ /dev/null @@ -1,113 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2020 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: - - name: fix-permission - command: - - /bin/sh - args: - - -c - - | - chown -R 1000:1000 /opt/app/aaf/status - chown -R 1000:1000 /var/lib/cassandra - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /var/lib/cassandra - name: aaf-cass-vol - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 30m - memory: 100Mi - containers: - - name: {{ include "common.name" . }} - image: {{ include "common.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - # installing with cmd "onap" will not only initialize the DB, but add ONAP bootstrap data as well - command: ["/bin/bash","/opt/app/aaf/cass_init/cmd.sh","onap"] - ports: {{ include "common.containerPorts" . | nindent 10 }} - env: - - name: CASSANDRA_CLUSTER_NAME - value: {{ .Values.config.cluster_name }} - - name: CASSANDRA_DC - value: {{ .Values.config.dc }} - - name: CQLSH - value: "/opt/cassandra/bin/cqlsh" - - name: HEAP_NEWSIZE - value: {{ .Values.config.heap_new_size }} - - name: MAX_HEAP_SIZE - value: {{ .Values.config.max_heap_size }} - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - volumeMounts: - - mountPath: /var/lib/cassandra - name: aaf-cass-vol - - mountPath: /etc/localtime - name: localtime - readOnly: true - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: tcp-cql - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: tcp-cql - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: {{ include "common.resources" . | nindent 10 }} - {{- if .Values.nodeSelector }} - nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: {{ toYaml .Values.affinity | nindent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: aaf-cass-vol - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }} - {{- else }} - emptyDir: {} - {{- end }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-cass/templates/pv.yaml b/kubernetes/aaf/charts/aaf-cass/templates/pv.yaml deleted file mode 100644 index 187e9b75de..0000000000 --- a/kubernetes/aaf/charts/aaf-cass/templates/pv.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2020 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.PV" . }} diff --git a/kubernetes/aaf/charts/aaf-cass/templates/pvc.yaml b/kubernetes/aaf/charts/aaf-cass/templates/pvc.yaml deleted file mode 100644 index e56c98751c..0000000000 --- a/kubernetes/aaf/charts/aaf-cass/templates/pvc.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2020 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.PVC" . }} diff --git a/kubernetes/aaf/charts/aaf-cass/templates/service.yaml b/kubernetes/aaf/charts/aaf-cass/templates/service.yaml deleted file mode 100644 index 8f80ee12a2..0000000000 --- a/kubernetes/aaf/charts/aaf-cass/templates/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2020 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.service" . }} diff --git a/kubernetes/aaf/charts/aaf-cass/values.yaml b/kubernetes/aaf/charts/aaf-cass/values.yaml deleted file mode 100644 index ec7dcbb7de..0000000000 --- a/kubernetes/aaf/charts/aaf-cass/values.yaml +++ /dev/null @@ -1,90 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2020 AT&T, Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -flavor: small - -################################################################# -# Application configuration defaults. -################################################################# -# application configuration -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 120 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - port: tcp-cql - -image: onap/aaf/aaf_cass:2.1.23 - -config: - cluster_name: osaaf - heap_new_size: 512M - max_heap_size: 1024M - dc: dc1 - -readiness: - initialDelaySeconds: 5 - periodSeconds: 10 - -service: - name: aaf-cass - type: ClusterIP - ports: - - name: tcp-intra - port: 7000 - - name: tls - port: 7001 - - name: tcp-cql - port: 9042 - - name: tcp-thrift - port: 9160 - -ingress: - enabled: false - -# Configure resource requests and limits -resources: - small: - limits: - cpu: 2100m - memory: 1792Mi - requests: - cpu: 30m - memory: 1280Mi - large: - limits: - cpu: 4 - memory: 12000Mi - requests: - cpu: 40m - memory: 9000Mi - unlimited: {} - -persistence: - enabled: true - #existingClaim: - mountPath: /dockerdata-nfs - mountSubPath: "cass" - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce - size: 20Gi diff --git a/kubernetes/aaf/charts/aaf-cert-service/.helmignore b/kubernetes/aaf/charts/aaf-cert-service/.helmignore deleted file mode 100644 index 50af031725..0000000000 --- a/kubernetes/aaf/charts/aaf-cert-service/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/kubernetes/aaf/charts/aaf-cert-service/Chart.yaml b/kubernetes/aaf/charts/aaf-cert-service/Chart.yaml deleted file mode 100644 index 525b2ac4b6..0000000000 --- a/kubernetes/aaf/charts/aaf-cert-service/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2020 Nokia -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP AAF Cert Service -name: aaf-cert-service -version: 6.0.0 diff --git a/kubernetes/aaf/charts/aaf-cert-service/resources/certServiceClient-keystore.jks b/kubernetes/aaf/charts/aaf-cert-service/resources/certServiceClient-keystore.jks deleted file mode 100644 index f24908c55d..0000000000 Binary files a/kubernetes/aaf/charts/aaf-cert-service/resources/certServiceClient-keystore.jks and /dev/null differ diff --git a/kubernetes/aaf/charts/aaf-cert-service/resources/certServiceServer-keystore.jks b/kubernetes/aaf/charts/aaf-cert-service/resources/certServiceServer-keystore.jks deleted file mode 100644 index 89605b6b7a..0000000000 Binary files a/kubernetes/aaf/charts/aaf-cert-service/resources/certServiceServer-keystore.jks and /dev/null differ diff --git a/kubernetes/aaf/charts/aaf-cert-service/resources/certServiceServer-keystore.p12 b/kubernetes/aaf/charts/aaf-cert-service/resources/certServiceServer-keystore.p12 deleted file mode 100644 index 2106c817ef..0000000000 Binary files a/kubernetes/aaf/charts/aaf-cert-service/resources/certServiceServer-keystore.p12 and /dev/null differ diff --git a/kubernetes/aaf/charts/aaf-cert-service/resources/default/cmpServers.json b/kubernetes/aaf/charts/aaf-cert-service/resources/default/cmpServers.json deleted file mode 100644 index 358f2a82c7..0000000000 --- a/kubernetes/aaf/charts/aaf-cert-service/resources/default/cmpServers.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "cmpv2Servers": [] -} \ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-cert-service/resources/root.crt b/kubernetes/aaf/charts/aaf-cert-service/resources/root.crt deleted file mode 100644 index faeee81357..0000000000 --- a/kubernetes/aaf/charts/aaf-cert-service/resources/root.crt +++ /dev/null @@ -1,32 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFlDCCA3ygAwIBAgIETsAy8jANBgkqhkiG9w0BAQwFADByMQswCQYDVQQGEwJQ -TDEUMBIGA1UECBMLRG9sbnkgU2xhc2sxEDAOBgNVBAcTB1dyb2NsYXcxFTATBgNV -BAoTDFJvb3QgQ29tcGFueTERMA8GA1UECxMIUm9vdCBPcmcxETAPBgNVBAMTCHJv -b3QuY29tMB4XDTIwMDQwMzA5MTYxNloXDTMwMDQwMTA5MTYxNlowcjELMAkGA1UE -BhMCUEwxFDASBgNVBAgTC0RvbG55IFNsYXNrMRAwDgYDVQQHEwdXcm9jbGF3MRUw -EwYDVQQKEwxSb290IENvbXBhbnkxETAPBgNVBAsTCFJvb3QgT3JnMREwDwYDVQQD -Ewhyb290LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAImm68wu -rtdkVrC5JI2y53+DoVE4al7NxC2yHeVW0PRD3CgW1xba6dlSQoDQQKkDkxtuNhlU -IQxU1bbKR6syqJgpJXwSDx4sl4J5lQGWN+iuNA72C1IyXATOgowGq6PbOVVTkApy -3+ZZGBCmweTjhvddAO7k5p8v+ePt17VvBTxSt6rSvrkGMbpCxBGAPfGpL9xykm9Z -okVSlA42gGhbra499QTT0Yc/WPPFotKkDKFGaDrLW3NYX1Lio11myYNvLOMwfSEV -Xy9vkwxcdqFJpHjx+EVLLQXwkudZP+D53N4bk8nP3SacbZSQ/A85mZpWNtw+r9QL -fZGecY1YIR0udLj66CIG3ybl3gSXX7TSRERTIMR6Um1lt+039FSa18mRBpQTCDXV -tSL58Qs5BHFkCe0sGpY+XiSEypc6oYPf/7YjiTvMT/mHhDffrvFjhK+wP/oCIg8u -vuPRoPWuyw41bBeFGitJgDn7E8p9B4K/1DCO/ZcjXiYMgn5Hwb3ojablYUeiXs99 -2AAV8gCceUCdgcP8d6wdAydOVljavkgHPG0IMbiVG1WT57oM3HQpejgpujlKDDsI -bi9/lbcC/U0JoN9yAaJZFr7CXJrxRv8DWeTwzMTo203KHNu9roQiERd38P8Dp6AQ -ivmqf0+0VZM3IpjWBYKM68tclHJcG+7wyFjvAgMBAAGjMjAwMB0GA1UdDgQWBBSN -lFyR56zh67mnvYTmmgJQVxEJrjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB -DAUAA4ICAQBczmFY0kmr1FK50glkT282ur0vukNtwXQNJONof3rYRqP2W98jID6D -ayma0B4/H1EqCa0d66wRBxFdwW+MqOc4uWD3uUwgazrYD/Bv+V3aumaw8yX6vbyL -hLNfpd4pViAEGtzYxYfMfFR6uzInF3NMpvt8OXCSGKiQjDMnMs0ekvUZLJm7yxwT -Qr9aAEFYQYM/GstUC6qFfuUa4MaGvmyKWhZ10JoKXYbGGeFU4wI7Kzifh3VvawTg -r314ZvQ3zpEwzNJpdvT5ZKuPvyN+drAKFpSPfOTFmmb3uF95FgYq33OFPpo7SR43 -tnw5u5YqKnsHmqCIRMctWiYZc8rBJ3+eBGmke6z/AN6FraG6Ejc8e4WPclrB8STb -+oB3a4Cvri1VHyodkm50Sb/d1FAMDXvzEPBfu2D0dVvOwOcISSN/MQUom8NN4YeI -aEATdAPNkokgehOzZ1OPRv47FKYEVPCXjaZEWAC7NNmNiRn4RQOti0DlNrLL7Nx9 -vK09G0EnW01MO2ARRkZ3dog+Ph7orJQV3sd7TO4EEortqWtbegSH75ylyYw6rt/j -uBzYtMOnEtnQKhxj4Wj7PO+StCgspoOByn0d+iSgDd2TlpWm4naP2pfFZT0R+TOH -wzSH0F47TSfRd0++uEz/QhViybrvQK7yMt1G1YwZp2im+imuWwUC8Q== ------END CERTIFICATE----- diff --git a/kubernetes/aaf/charts/aaf-cert-service/resources/test/cmpServers.json b/kubernetes/aaf/charts/aaf-cert-service/resources/test/cmpServers.json deleted file mode 100644 index 06e1087f60..0000000000 --- a/kubernetes/aaf/charts/aaf-cert-service/resources/test/cmpServers.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "cmpv2Servers": [ - { - "caName": "CLIENT", - "url": "http://ejbca:8080/ejbca/publicweb/cmp/cmp", - "issuerDN": "CN=ManagementCA", - "caMode": "CLIENT", - "authentication": { - "iak": "${CLIENT_IAK}", - "rv": "${CLIENT_RV}" - } - }, - { - "caName": "RA", - "url": "http://ejbca:8080/ejbca/publicweb/cmp/cmpRA", - "issuerDN": "CN=ManagementCA", - "caMode": "RA", - "authentication": { - "iak": "${RA_IAK}", - "rv": "${RA_RV}" - } - } - ] -} \ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-cert-service/resources/truststore.jks b/kubernetes/aaf/charts/aaf-cert-service/resources/truststore.jks deleted file mode 100644 index c32d37fd9d..0000000000 Binary files a/kubernetes/aaf/charts/aaf-cert-service/resources/truststore.jks and /dev/null differ diff --git a/kubernetes/aaf/charts/aaf-cert-service/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-cert-service/templates/deployment.yaml deleted file mode 100644 index 76e610f169..0000000000 --- a/kubernetes/aaf/charts/aaf-cert-service/templates/deployment.yaml +++ /dev/null @@ -1,123 +0,0 @@ -# Copyright © 2020, Nokia -# Modifications Copyright © 2020, Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- if .Values.global.cmpv2Enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: {{- include "common.selectors" . | nindent 4 }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - volumes: -{{- if .Values.global.addTestingComponents }} - - name: cmp-servers-template-volume - secret: - secretName: {{ .Values.cmpServers.secret.name }} - - name: {{ .Values.cmpServers.volume.name }} - emptyDir: - medium: Memory -{{- else }} - - name: {{ .Values.cmpServers.volume.name }} - secret: - secretName: {{ .Values.cmpServers.secret.name }} -{{- end }} - - name: {{ .Values.tls.server.volume.name }} - secret: - secretName: {{ .Values.tls.server.secret.name }} -{{- if .Values.global.addTestingComponents }} - initContainers: - - name: wait-for-ejbca - command: - - /root/ready.py - args: - - --container-name - - ejbca-ejbca - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - name: subsitute-envs - image: "{{ .Values.global.envsubstImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ['sh', '-c', "cd /config-input && envsubst < cmpServers.json > {{ .Values.cmpServers.volume.mountPath }}/cmpServers.json"] - volumeMounts: - - name: cmp-servers-template-volume - mountPath: /config-input - readOnly: true - - name: {{ .Values.cmpServers.volume.name }} - mountPath: {{ .Values.cmpServers.volume.mountPath }} - readOnly: false - env: - - name: CLIENT_IAK - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-client-iak" "key" "password") | indent 14 }} - - name: CLIENT_RV - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmp-config-client-rv" "key" "password") | indent 14 }} - - name: RA_IAK - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-ra-iak" "key" "password") | indent 14 }} - - name: RA_RV - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmp-config-ra-rv" "key" "password") | indent 14 }} -{{- end }} - containers: - - name: {{ include "common.name" . }} - image: {{ .Values.repository }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: {{ include "common.containerPorts" . | nindent 10 }} - env: - - name: HTTPS_PORT - value: "{{ .Values.envs.httpsPort }}" - - name: KEYSTORE_PATH - value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.keystore.jksName }}" - - name: KEYSTORE_P12_PATH - value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.keystore.p12Name }}" - - name: TRUSTSTORE_PATH - value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.truststore.jksName }}" - - name: ROOT_CERT - value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.truststore.crtName }}" - - name: KEYSTORE_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 14 }} - - name: TRUSTSTORE_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 14 }} - livenessProbe: - exec: - command: - - /bin/bash - - -c - - {{ .Values.liveness.command }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - readinessProbe: - exec: - command: - - /bin/bash - - -c - - {{ .Values.readiness.command }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: - - name: {{ .Values.cmpServers.volume.name }} - mountPath: {{ .Values.cmpServers.volume.mountPath }} - readOnly: false - - name: {{ .Values.tls.server.volume.name }} - mountPath: {{ .Values.tls.server.volume.mountPath }} - readOnly: true - resources: {{ include "common.resources" . | nindent 12 }} -{{ end -}} diff --git a/kubernetes/aaf/charts/aaf-cert-service/templates/secret.yaml b/kubernetes/aaf/charts/aaf-cert-service/templates/secret.yaml deleted file mode 100644 index ac92f56487..0000000000 --- a/kubernetes/aaf/charts/aaf-cert-service/templates/secret.yaml +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright © 2020, Nokia -# Modifications Copyright © 2020, Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- if .Values.global.cmpv2Enabled }} -{{ include "common.secretFast" . }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.cmpServers.secret.name }} -type: Opaque -data: -{{ if .Values.global.addTestingComponents }} - {{ (.Files.Glob "resources/test/cmpServers.json").AsSecrets }} -{{ else }} - {{ (.Files.Glob "resources/default/cmpServers.json").AsSecrets }} -{{ end }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.global.aaf.certServiceClient.secret.name | default .Values.tls.client.secret.defaultName }} -type: Opaque -data: - certServiceClient-keystore.jks: - {{ (.Files.Glob "resources/certServiceClient-keystore.jks").AsSecrets }} - truststore.jks: - {{ (.Files.Glob "resources/truststore.jks").AsSecrets }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.tls.server.secret.name }} -type: Opaque -data: - certServiceServer-keystore.jks: - {{ (.Files.Glob "resources/certServiceServer-keystore.jks").AsSecrets }} - certServiceServer-keystore.p12: - {{ (.Files.Glob "resources/certServiceServer-keystore.p12").AsSecrets }} - truststore.jks: - {{ (.Files.Glob "resources/truststore.jks").AsSecrets }} - root.crt: - {{ (.Files.Glob "resources/root.crt").AsSecrets }} -{{ end -}} \ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-cert-service/templates/service.yaml b/kubernetes/aaf/charts/aaf-cert-service/templates/service.yaml deleted file mode 100644 index 60e2afa41d..0000000000 --- a/kubernetes/aaf/charts/aaf-cert-service/templates/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright © 2020, Nokia -# Modifications Copyright © 2020, Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -{{- if .Values.global.cmpv2Enabled }} - {{ include "common.service" . }} -{{ end -}} \ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-cert-service/values.yaml b/kubernetes/aaf/charts/aaf-cert-service/values.yaml deleted file mode 100644 index c2bbecd81a..0000000000 --- a/kubernetes/aaf/charts/aaf-cert-service/values.yaml +++ /dev/null @@ -1,141 +0,0 @@ -# Copyright © 2020, Nokia -# Modifications Copyright © 2020, Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Global -global: - envsubstImage: dibi/envsubst - -# Service configuration -service: - type: ClusterIP - ports: - - name: http - port: 8443 - port_protocol: http - - -# Deployment configuration -repository: nexus3.onap.org:10001 -image: onap/org.onap.aaf.certservice.aaf-certservice-api:1.0.0 -pullPolicy: Always -replicaCount: 1 - -liveness: - initialDelaySeconds: 60 - periodSeconds: 10 - command: curl https://localhost:$HTTPS_PORT/actuator/health --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD -readiness: - initialDelaySeconds: 30 - periodSeconds: 10 - command: curl https://localhost:$HTTPS_PORT/ready --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD - -flavor: small -resources: - small: - limits: - cpu: 0.5 - memory: 1Gi - requests: - cpu: 0.2 - memory: 512Mi - large: - limits: - cpu: 1 - memory: 2Gi - requests: - cpu: 0.4 - memory: 1Gi - unlimited: {} - - -# Application configuration -cmpServers: - secret: - name: aaf-cert-service-secret - volume: - name: aaf-cert-service-volume - mountPath: /etc/onap/aaf/certservice - -tls: - server: - secret: - name: aaf-cert-service-server-tls-secret - volume: - name: aaf-cert-service-server-tls-volume - mountPath: /etc/onap/aaf/certservice/certs/ - client: - secret: - defaultName: aaf-cert-service-client-tls-secret - -envs: - keystore: - jksName: certServiceServer-keystore.jks - p12Name: certServiceServer-keystore.p12 - truststore: - jksName: truststore.jks - crtName: root.crt - httpsPort: 8443 - -# External secrets with credentials can be provided to override default credentials defined below, -# by uncommenting and filling appropriate *ExternalSecret value -credentials: - tls: - keystorePassword: secret - truststorePassword: secret - #keystorePasswordExternalSecret: - #truststorePasswordExternalSecret: - # Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled - cmp: - #clientIakExternalSecret: - #clientRvExternalSecret: - #raIakExternalSecret: - #raRvExternalSecret: - client: {} - # iak: mypassword - # rv: unused - ra: {} - # iak: mypassword - # rv: unused - -secrets: - - uid: keystore-password - name: '{{ include "common.release" . }}-keystore-password' - type: password - externalSecret: '{{ tpl (default "" .Values.credentials.tls.keystorePasswordExternalSecret) . }}' - password: '{{ .Values.credentials.tls.keystorePassword }}' - passwordPolicy: required - - uid: truststore-password - name: '{{ include "common.release" . }}-truststore-password' - type: password - externalSecret: '{{ tpl (default "" .Values.credentials.tls.truststorePasswordExternalSecret) . }}' - password: '{{ .Values.credentials.tls.truststorePassword }}' - passwordPolicy: required - # Below values are relevant only if global addTestingComponents flag is enabled - - uid: ejbca-server-client-iak - type: password - externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientIakExternalSecret) . }}' - password: '{{ .Values.credentials.cmp.client.iak }}' - - uid: cmp-config-client-rv - type: password - externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientRvExternalSecret) . }}' - password: '{{ .Values.credentials.cmp.client.rv }}' - - uid: ejbca-server-ra-iak - type: password - externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raIakExternalSecret) . }}' - password: '{{ .Values.credentials.cmp.ra.iak }}' - - uid: cmp-config-ra-rv - type: password - externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raRvExternalSecret) . }}' - password: '{{ .Values.credentials.cmp.ra.rv }}' diff --git a/kubernetes/aaf/charts/aaf-cm/.helmignore b/kubernetes/aaf/charts/aaf-cm/.helmignore deleted file mode 100644 index daebc7da77..0000000000 --- a/kubernetes/aaf/charts/aaf-cm/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/aaf/charts/aaf-cm/Chart.yaml b/kubernetes/aaf/charts/aaf-cm/Chart.yaml deleted file mode 100644 index ed453f7ac7..0000000000 --- a/kubernetes/aaf/charts/aaf-cm/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T, ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP AAF Certificate Manager -name: aaf-cm -version: 6.0.0 diff --git a/kubernetes/aaf/charts/aaf-cm/templates/NOTES.txt b/kubernetes/aaf/charts/aaf-cm/templates/NOTES.txt deleted file mode 100644 index bd74a42cd5..0000000000 --- a/kubernetes/aaf/charts/aaf-cm/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml deleted file mode 100644 index 5074c8bc08..0000000000 --- a/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright © 2017 Amdocs -# Modifications © 2020 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/charts/aaf-cm/templates/ingress.yaml b/kubernetes/aaf/charts/aaf-cm/templates/ingress.yaml deleted file mode 100644 index 40b4bba0ce..0000000000 --- a/kubernetes/aaf/charts/aaf-cm/templates/ingress.yaml +++ /dev/null @@ -1,4 +0,0 @@ - -{{ include "common.ingress" . }} - - diff --git a/kubernetes/aaf/charts/aaf-cm/templates/service.yaml b/kubernetes/aaf/charts/aaf-cm/templates/service.yaml deleted file mode 100644 index e54c4f3057..0000000000 --- a/kubernetes/aaf/charts/aaf-cm/templates/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright © 2017 Amdocs, Orange -# Modifications © 2020 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.service" . }} diff --git a/kubernetes/aaf/charts/aaf-cm/values.yaml b/kubernetes/aaf/charts/aaf-cm/values.yaml deleted file mode 100644 index c391369db6..0000000000 --- a/kubernetes/aaf/charts/aaf-cm/values.yaml +++ /dev/null @@ -1,81 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2020 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -flavor: small - -################################################################# -# Application configuration defaults. -################################################################# -# application image -replicaCount: 1 - -binary: cm - -sequence_order: - - service - - locate - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 30 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - port: api - -readiness: - initialDelaySeconds: 5 - periodSeconds: 10 - port: api - -service: - name: aaf-cm - type: ClusterIP - ports: - - name: api - protocol: http - port: 8150 - -ingress: - enabled: false - service: - - baseaddr: "aafcm" - name: "aaf-cm" - port: 8150 - config: - ssl: "redirect" - -# Configure resource requests and limits -resources: - small: - limits: - cpu: 400m - memory: 300Mi - requests: - cpu: 1m - memory: 200Mi - large: - limits: - cpu: 400m - memory: 1Gi - requests: - cpu: 40m - memory: 600Mi - unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-fs/.helmignore b/kubernetes/aaf/charts/aaf-fs/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/aaf/charts/aaf-fs/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/aaf/charts/aaf-fs/Chart.yaml b/kubernetes/aaf/charts/aaf-fs/Chart.yaml deleted file mode 100644 index 211c4c28de..0000000000 --- a/kubernetes/aaf/charts/aaf-fs/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP AAF File Server -name: aaf-fs -version: 6.0.0 \ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-fs/templates/NOTES.txt b/kubernetes/aaf/charts/aaf-fs/templates/NOTES.txt deleted file mode 100644 index bd74a42cd5..0000000000 --- a/kubernetes/aaf/charts/aaf-fs/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml deleted file mode 100644 index c36750809c..0000000000 --- a/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright © 2017 Amdocs, Orange -# Modifications © 2020 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/charts/aaf-fs/templates/ingress.yaml b/kubernetes/aaf/charts/aaf-fs/templates/ingress.yaml deleted file mode 100644 index 40b4bba0ce..0000000000 --- a/kubernetes/aaf/charts/aaf-fs/templates/ingress.yaml +++ /dev/null @@ -1,4 +0,0 @@ - -{{ include "common.ingress" . }} - - diff --git a/kubernetes/aaf/charts/aaf-fs/templates/service.yaml b/kubernetes/aaf/charts/aaf-fs/templates/service.yaml deleted file mode 100644 index e54c4f3057..0000000000 --- a/kubernetes/aaf/charts/aaf-fs/templates/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright © 2017 Amdocs, Orange -# Modifications © 2020 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.service" . }} diff --git a/kubernetes/aaf/charts/aaf-fs/values.yaml b/kubernetes/aaf/charts/aaf-fs/values.yaml deleted file mode 100644 index 6ddc07278b..0000000000 --- a/kubernetes/aaf/charts/aaf-fs/values.yaml +++ /dev/null @@ -1,83 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2020 AT&T, Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -flavor: small - -################################################################# -# Application configuration defaults. -################################################################# -# application image -pullPolicy: Always - -replicaCount: 1 - -binary: fs - -sequence_order: - - service - - locate - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 120 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - port: api - -readiness: - initialDelaySeconds: 5 - periodSeconds: 10 - port: api - -service: - name: aaf-fs - type: ClusterIP - ports: - - name: api - port: 8096 - protocol: http - -ingress: - enabled: false - service: - - baseaddr: "aaffs" - name: "aaf-fs" - port: 8096 - config: - ssl: "none" - -# Configure resource requests and limits -resources: - small: - limits: - cpu: 200m - memory: 110Mi - requests: - cpu: 1m - memory: 80Mi - large: - limits: - cpu: 500m - memory: 700Mi - requests: - cpu: 100m - memory: 400Mi - unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-gui/.helmignore b/kubernetes/aaf/charts/aaf-gui/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/aaf/charts/aaf-gui/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/aaf/charts/aaf-gui/Chart.yaml b/kubernetes/aaf/charts/aaf-gui/Chart.yaml deleted file mode 100644 index 7e81a70759..0000000000 --- a/kubernetes/aaf/charts/aaf-gui/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP AAF GUI -name: aaf-gui -version: 6.0.0 \ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-gui/templates/NOTES.txt b/kubernetes/aaf/charts/aaf-gui/templates/NOTES.txt deleted file mode 100644 index bd74a42cd5..0000000000 --- a/kubernetes/aaf/charts/aaf-gui/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml deleted file mode 100644 index c36750809c..0000000000 --- a/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright © 2017 Amdocs, Orange -# Modifications © 2020 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/charts/aaf-gui/templates/ingress.yaml b/kubernetes/aaf/charts/aaf-gui/templates/ingress.yaml deleted file mode 100644 index 40b4bba0ce..0000000000 --- a/kubernetes/aaf/charts/aaf-gui/templates/ingress.yaml +++ /dev/null @@ -1,4 +0,0 @@ - -{{ include "common.ingress" . }} - - diff --git a/kubernetes/aaf/charts/aaf-gui/templates/service.yaml b/kubernetes/aaf/charts/aaf-gui/templates/service.yaml deleted file mode 100644 index e54c4f3057..0000000000 --- a/kubernetes/aaf/charts/aaf-gui/templates/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright © 2017 Amdocs, Orange -# Modifications © 2020 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.service" . }} diff --git a/kubernetes/aaf/charts/aaf-gui/values.yaml b/kubernetes/aaf/charts/aaf-gui/values.yaml deleted file mode 100644 index f418fd5b41..0000000000 --- a/kubernetes/aaf/charts/aaf-gui/values.yaml +++ /dev/null @@ -1,83 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2020 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -flavor: small -################################################################# -# Application configuration defaults. -################################################################# -# application image -pullPolicy: Always - -replicaCount: 1 - -binary: gui - -sequence_order: - - service - - locate - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 30 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - port: gui - -readiness: - initialDelaySeconds: 5 - periodSeconds: 10 - port: gui - -service: - name: aaf-gui - type: NodePort - ports: - - name: gui - protocol: http - port: 8200 - nodePort: 51 - -ingress: - enabled: false - service: - - baseaddr: "aafgui" - name: "aaf-gui" - port: 8200 - config: - ssl: "redirect" - -# Configure resource requests and limits -resources: - small: - limits: - cpu: 200m - memory: 280Mi - requests: - cpu: 1m - memory: 170Mi - large: - limits: - cpu: 200m - memory: 1Gi - requests: - cpu: 100m - memory: 500Mi - unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-hello/.helmignore b/kubernetes/aaf/charts/aaf-hello/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/aaf/charts/aaf-hello/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/aaf/charts/aaf-hello/Chart.yaml b/kubernetes/aaf/charts/aaf-hello/Chart.yaml deleted file mode 100644 index 71b3242558..0000000000 --- a/kubernetes/aaf/charts/aaf-hello/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP AAF Hello -name: aaf-hello -version: 6.0.0 \ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-hello/templates/NOTES.txt b/kubernetes/aaf/charts/aaf-hello/templates/NOTES.txt deleted file mode 100644 index ef4d8e7d23..0000000000 --- a/kubernetes/aaf/charts/aaf-hello/templates/NOTES.txt +++ /dev/null @@ -1,14 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - diff --git a/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml deleted file mode 100644 index 891b829f43..0000000000 --- a/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2020 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: {{ include "common.aaf-config" (dict "aafRoot" .Values.aaf_init "dot" .) | nindent 6 }} -# CONTAINER Definition - containers: - - name: {{ include "common.name" . }} - command: ["bash","-c","cd /opt/app/aaf && if [ ! -d /opt/app/osaaf/etc ]; then cp -Rf etc logs /opt/app/osaaf; fi && exec bin/hello"] - image: {{ .Values.global.repository }}/{{.Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: {{ include "common.containerPorts" . | nindent 10 }} - volumeMounts: {{ include "common.aaf-config-volume-mountpath" . | nindent 8 }} - - mountPath: /etc/localtime - name: localtime - readOnly: true - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.liveness.port }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{- end }} - readinessProbe: - tcpSocket: - port: {{ .Values.readiness.port }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: {{ toYaml .Values.affinity | nindent 10 }} - {{- end }} - volumes: {{ include "common.aaf-config-volumes" (dict "aafRoot" .Values.aaf_init "dot" .) | nindent 6 }} - - name: localtime - hostPath: - path: /etc/localtime - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-hello/templates/ingress.yaml b/kubernetes/aaf/charts/aaf-hello/templates/ingress.yaml deleted file mode 100644 index 40b4bba0ce..0000000000 --- a/kubernetes/aaf/charts/aaf-hello/templates/ingress.yaml +++ /dev/null @@ -1,4 +0,0 @@ - -{{ include "common.ingress" . }} - - diff --git a/kubernetes/aaf/charts/aaf-hello/templates/secret.yaml b/kubernetes/aaf/charts/aaf-hello/templates/secret.yaml deleted file mode 100644 index f8c32e0670..0000000000 --- a/kubernetes/aaf/charts/aaf-hello/templates/secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright © 2020 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.secretFast" . }} diff --git a/kubernetes/aaf/charts/aaf-hello/templates/service.yaml b/kubernetes/aaf/charts/aaf-hello/templates/service.yaml deleted file mode 100644 index 8f80ee12a2..0000000000 --- a/kubernetes/aaf/charts/aaf-hello/templates/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2020 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.service" . }} diff --git a/kubernetes/aaf/charts/aaf-hello/values.yaml b/kubernetes/aaf/charts/aaf-hello/values.yaml deleted file mode 100644 index df3abec67c..0000000000 --- a/kubernetes/aaf/charts/aaf-hello/values.yaml +++ /dev/null @@ -1,105 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2020 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -global: - aafEnabled: true - -flavor: small - -################################################################# -# Application configuration defaults. -################################################################# -# application image -aaf_init: - # You might want this in your own app. For AAF, we store in global - # replicas: 1 - fqi: aaf@aaf.osaaf.org -# This MUST match what is put in AAF's "Artifact" for Certificates - fqdn: aaf-hello -# What is put in Locator for External Access - public_fqdn: aaf.osaaf.org - cadi_latitude: "38.0" - cadi_longitude: "-72.0" - credsPath: /opt/app/osaaf/local - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - secret_uid: &aaf_secret_uid nbi-aaf-deploy-creds - permission_user: 1000 - permission_group: 999 - -replicaCount: 0 - -image: onap/aaf/aaf_hello:2.1.23 - -service: - name: aaf-hello - type: ClusterIP - ports: - - name: api - protocol: http - port: 8130 - -nodeSelector: {} - -affinity: {} - -secrets: - - uid: *aaf_secret_uid - type: basicAuth - externalSecret: '{{ ternary (tpl (default "" .Values.aaf_init.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}' - login: '{{ .Values.aaf_init.aafDeployFqi }}' - password: '{{ .Values.aaf_init.aafDeployPass }}' - passwordPolicy: required - -# probe configuration parameters -liveness: - initialDelaySeconds: 30 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - port: api - -readiness: - initialDelaySeconds: 5 - periodSeconds: 10 - port: api - -ingress: - enabled: false - service: - - baseaddr: "aafhello" - name: "aaf-hello" - port: 8130 - config: - ssl: "none" - -# Configure resource requests and limits -resources: - small: - limits: - cpu: 200m - memory: 500Mi - requests: - cpu: 10m - memory: 200Mi - large: - limits: - cpu: 400m - memory: 1Gi - requests: - cpu: 20m - memory: 500Mi - unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-locate/.helmignore b/kubernetes/aaf/charts/aaf-locate/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/aaf/charts/aaf-locate/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/aaf/charts/aaf-locate/Chart.yaml b/kubernetes/aaf/charts/aaf-locate/Chart.yaml deleted file mode 100644 index 3133191280..0000000000 --- a/kubernetes/aaf/charts/aaf-locate/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP AAF Locate -name: aaf-locate -version: 6.0.0 \ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-locate/templates/NOTES.txt b/kubernetes/aaf/charts/aaf-locate/templates/NOTES.txt deleted file mode 100644 index bd74a42cd5..0000000000 --- a/kubernetes/aaf/charts/aaf-locate/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml deleted file mode 100644 index 5074c8bc08..0000000000 --- a/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright © 2017 Amdocs -# Modifications © 2020 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/charts/aaf-locate/templates/ingress.yaml b/kubernetes/aaf/charts/aaf-locate/templates/ingress.yaml deleted file mode 100644 index 1b33c1f8d1..0000000000 --- a/kubernetes/aaf/charts/aaf-locate/templates/ingress.yaml +++ /dev/null @@ -1,2 +0,0 @@ - -{{ include "common.ingress" . }} diff --git a/kubernetes/aaf/charts/aaf-locate/templates/service.yaml b/kubernetes/aaf/charts/aaf-locate/templates/service.yaml deleted file mode 100644 index e54c4f3057..0000000000 --- a/kubernetes/aaf/charts/aaf-locate/templates/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright © 2017 Amdocs, Orange -# Modifications © 2020 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.service" . }} diff --git a/kubernetes/aaf/charts/aaf-locate/values.yaml b/kubernetes/aaf/charts/aaf-locate/values.yaml deleted file mode 100644 index 01a5ab158a..0000000000 --- a/kubernetes/aaf/charts/aaf-locate/values.yaml +++ /dev/null @@ -1,79 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2020 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -flavor: small -################################################################# -# Application configuration defaults. -################################################################# -# application image -replicaCount: 1 - -binary: locate - -sequence_order: - - service - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 30 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - port: api - -readiness: - initialDelaySeconds: 5 - periodSeconds: 10 - port: api - -service: - name: aaf-locate - type: ClusterIP - ports: - - name: api - protocol: http - port: 8095 - -ingress: - enabled: false - service: - - baseaddr: "aaflocate" - name: "aaf-locate" - port: 8095 - config: - ssl: "redirect" - -# Configure resource requests and limits -resources: - small: - limits: - cpu: 500m - memory: 320Mi - requests: - cpu: 1m - memory: 210Mi - large: - limits: - cpu: 400m - memory: 1Gi - requests: - cpu: 40m - memory: 500Mi - unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-oauth/.helmignore b/kubernetes/aaf/charts/aaf-oauth/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/aaf/charts/aaf-oauth/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/aaf/charts/aaf-oauth/Chart.yaml b/kubernetes/aaf/charts/aaf-oauth/Chart.yaml deleted file mode 100644 index a64a17c7b1..0000000000 --- a/kubernetes/aaf/charts/aaf-oauth/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP AAF OAuth -name: aaf-oauth -version: 6.0.0 \ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/NOTES.txt b/kubernetes/aaf/charts/aaf-oauth/templates/NOTES.txt deleted file mode 100644 index bd74a42cd5..0000000000 --- a/kubernetes/aaf/charts/aaf-oauth/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml deleted file mode 100644 index 5074c8bc08..0000000000 --- a/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright © 2017 Amdocs -# Modifications © 2020 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/ingress.yaml b/kubernetes/aaf/charts/aaf-oauth/templates/ingress.yaml deleted file mode 100644 index 1b33c1f8d1..0000000000 --- a/kubernetes/aaf/charts/aaf-oauth/templates/ingress.yaml +++ /dev/null @@ -1,2 +0,0 @@ - -{{ include "common.ingress" . }} diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml b/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml deleted file mode 100644 index e54c4f3057..0000000000 --- a/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright © 2017 Amdocs, Orange -# Modifications © 2020 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.service" . }} diff --git a/kubernetes/aaf/charts/aaf-oauth/values.yaml b/kubernetes/aaf/charts/aaf-oauth/values.yaml deleted file mode 100644 index 7604b86393..0000000000 --- a/kubernetes/aaf/charts/aaf-oauth/values.yaml +++ /dev/null @@ -1,82 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2020 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -flavor: small - -################################################################# -# Application configuration defaults. -################################################################# -# application image - -replicaCount: 1 - -binary: oauth - -sequence_order: - - service - - locate - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 30 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - port: api - -readiness: - initialDelaySeconds: 5 - periodSeconds: 10 - port: api - -service: - name: aaf-oauth - type: ClusterIP - ports: - - name: api - protocol: http - port: 8140 - -ingress: - enabled: false - service: - - baseaddr: "aafoauth" - name: "aaf-oauth" - port: 8140 - config: - ssl: "redirect" - -# Configure resource requests and limits -resources: - small: - limits: - cpu: 40m - memory: 320Mi - requests: - cpu: 1m - memory: 210Mi - large: - limits: - cpu: 400m - memory: 600Mi - requests: - cpu: 40m - memory: 200Mi - unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-service/.helmignore b/kubernetes/aaf/charts/aaf-service/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/aaf/charts/aaf-service/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/aaf/charts/aaf-service/Chart.yaml b/kubernetes/aaf/charts/aaf-service/Chart.yaml deleted file mode 100644 index 187e33ac6f..0000000000 --- a/kubernetes/aaf/charts/aaf-service/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP AAF Service -name: aaf-service -version: 6.0.0 diff --git a/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml deleted file mode 100644 index 5074c8bc08..0000000000 --- a/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright © 2017 Amdocs -# Modifications © 2020 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/charts/aaf-service/templates/ingress.yaml b/kubernetes/aaf/charts/aaf-service/templates/ingress.yaml deleted file mode 100644 index 40b4bba0ce..0000000000 --- a/kubernetes/aaf/charts/aaf-service/templates/ingress.yaml +++ /dev/null @@ -1,4 +0,0 @@ - -{{ include "common.ingress" . }} - - diff --git a/kubernetes/aaf/charts/aaf-service/templates/service.yaml b/kubernetes/aaf/charts/aaf-service/templates/service.yaml deleted file mode 100644 index e54c4f3057..0000000000 --- a/kubernetes/aaf/charts/aaf-service/templates/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright © 2017 Amdocs, Orange -# Modifications © 2020 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.service" . }} diff --git a/kubernetes/aaf/charts/aaf-service/values.yaml b/kubernetes/aaf/charts/aaf-service/values.yaml deleted file mode 100644 index c2d96032cc..0000000000 --- a/kubernetes/aaf/charts/aaf-service/values.yaml +++ /dev/null @@ -1,81 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2020 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -flavor: small - -################################################################# -# Application configuration defaults. -################################################################# -# application image - -replicaCount: 1 - -binary: service - -sequence_order: - - cass - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 30 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - port: api - -readiness: - initialDelaySeconds: 5 - periodSeconds: 10 - port: api - -service: - name: aaf-service - type: ClusterIP - ports: - - name: api - port: 8100 - protocol: http - -ingress: - enabled: false - service: - - baseaddr: "aafservice" - name: "aaf-service" - port: 8100 - config: - ssl: "redirect" - -# Configure resource requests and limits -resources: - small: - limits: - cpu: 250m - memory: 360Mi - requests: - cpu: 10m - memory: 250Mi - large: - limits: - cpu: 400m - memory: 1Gi - requests: - cpu: 40m - memory: 300Mi - unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-sms/Chart.yaml b/kubernetes/aaf/charts/aaf-sms/Chart.yaml deleted file mode 100644 index 557894f456..0000000000 --- a/kubernetes/aaf/charts/aaf-sms/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Secret Management Service -name: aaf-sms -version: 6.0.0 diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml deleted file mode 100644 index 2dc3d49b66..0000000000 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Secret Management Service Quorum Client -name: aaf-sms-quorumclient -version: 6.0.0 diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json deleted file mode 100644 index 3a43f00019..0000000000 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "url":"https://aaf-sms.{{ include "common.namespace" . }}:10443", - "cafile": "/quorumclient/certs/aaf_root_ca.cer", - "clientcert":"client.cert", - "clientkey":"client.key", - "timeout":"10s" -} \ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml deleted file mode 100644 index 02f1080f29..0000000000 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} \ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml deleted file mode 100644 index d855ae6fdf..0000000000 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{- $global := . }} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} -{{- if eq "True" (include "common.needPV" .) }} -{{- range $i := until (int $global.Values.replicaCount)}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" $global }}-data-{{ $i }} - namespace: {{ include "common.namespace" $global }} - labels: - app: {{ include "common.name" $global }} - chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" $global }}" - heritage: "{{ $global.Release.Service }}" - name: {{ include "common.fullname" $global }} -spec: - capacity: - storage: {{ $global.Values.persistence.size}} - accessModes: - - {{ $global.Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" $global }}-data" - hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} -{{if ne $i (int $global.Values.replicaCount) }} ---- -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml deleted file mode 100644 index 1c6cc933f5..0000000000 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml +++ /dev/null @@ -1,107 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# Modifications © 2020 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1beta1 -kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - serviceName: - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" -{{- if .Values.persistence.enabled }} - initContainers: - - name: fix-permission - command: - - /bin/sh - args: - - -c - - | - chmod -R 775 /quorumclient/auth - chown -R 100:1000 /quorumclient/auth - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /quorumclient/auth - name: {{ include "common.fullname" . }}-data -{{- end }} - containers: - - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - name: {{ include "common.name" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["/quorumclient/bin/quorumclient"] - workingDir: /quorumclient/ - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /quorumclient/config.json - name: {{ include "common.name" .}} - subPath: config.json -{{- if .Values.persistence.enabled }} - - mountPath: /quorumclient/auth - name: {{ include "common.fullname" . }}-data -{{- end }} - resources: -{{ include "common.resources" . | indent 10 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name : {{ include "common.name" . }} - configMap: - name: {{ include "common.fullname" . }} - items: - - key: config.json - path: config.json - mode: 0755 -{{- if .Values.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: {{ include "common.fullname" . }}-data - labels: - name: {{ include "common.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} -{{- end }} diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml deleted file mode 100644 index 1459624536..0000000000 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml +++ /dev/null @@ -1,71 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# Modifications © 2020 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - persistence: {} - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/aaf/smsquorumclient:4.0.2 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -# Example: -# default number of instances -replicaCount: 3 - -nodeSelector: {} - -affinity: {} - -persistence: - enabled: true - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce - size: 10Mi - mountPath: /dockerdata-nfs - mountSubPath: sms/quorum/data - -ingress: - enabled: false - -flavor: small - -# Configure resource requests and limits -resources: - small: - limits: - cpu: 40m - memory: 40Mi - requests: - cpu: 1m - memory: 10Mi - large: - limits: - cpu: 400m - memory: 700Mi - requests: - cpu: 10m - memory: 100Mi - unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/Chart.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/Chart.yaml deleted file mode 100644 index 074958ff70..0000000000 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: Chart to launch Vault as SMS backend -name: aaf-sms-vault -appVersion: 0.9.5 -version: 6.0.0 diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml deleted file mode 100644 index 2c70c23e03..0000000000 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-vault - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: - config.json: | - {{ .Values.config.vault | toJson }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-consul - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: - config.json: | - {{ .Values.config.consul | toJson }} diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml deleted file mode 100644 index d855ae6fdf..0000000000 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{- $global := . }} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} -{{- if eq "True" (include "common.needPV" .) }} -{{- range $i := until (int $global.Values.replicaCount)}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" $global }}-data-{{ $i }} - namespace: {{ include "common.namespace" $global }} - labels: - app: {{ include "common.name" $global }} - chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" $global }}" - heritage: "{{ $global.Release.Service }}" - name: {{ include "common.fullname" $global }} -spec: - capacity: - storage: {{ $global.Values.persistence.size}} - accessModes: - - {{ $global.Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" $global }}-data" - hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} -{{if ne $i (int $global.Values.replicaCount) }} ---- -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/service.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/service.yaml deleted file mode 100644 index a3a7591b02..0000000000 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/service.yaml +++ /dev/null @@ -1,39 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - - name: {{ .Values.service.portName }} - {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }} - {{- else -}} - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - {{- end}} - protocol: TCP - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml deleted file mode 100644 index 4023106091..0000000000 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml +++ /dev/null @@ -1,115 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# Modifications © 2020 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1beta1 -kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - serviceName: - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: -{{- if .Values.persistence.enabled }} - initContainers: - - name: fix-permission - command: - - /bin/sh - args: - - -c - - | - chmod -R 775 /consul/data - chown -R 100:1000 /consul/data - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /consul/data - name: {{ include "common.fullname" . }}-data -{{- end }} - containers: - - image: "{{ include "common.repository" . }}/{{ .Values.image.vault }}" - name: {{ include "common.name" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - args: ["server"] - ports: - - containerPort: {{ .Values.service.internalPort }} - volumeMounts: - - mountPath: /vault/config/config.json - name: {{ include "common.fullname" . }}-vault - subPath: config.json - - mountPath: /etc/localtime - name: localtime - readOnly: true - resources: -{{ include "common.resources" . | indent 10 }} - - image: "{{ include "common.repository" . }}/{{ .Values.image.consul }}" - name: {{ include "common.name" . }}-backend - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - args: ["agent","-server","-bind","0.0.0.0","-bootstrap-expect=1","-config-file","/consul/config/config.json"] - ports: - - name: http - containerPort: 8500 - volumeMounts: -{{- if .Values.persistence.enabled }} - - mountPath: /consul/data - name: {{ include "common.fullname" . }}-data -{{- end }} - - mountPath: /consul/config/config.json - name: {{ include "common.fullname" . }}-consulconfiguration - subPath: config.json - - mountPath: /etc/localtime - name: localtime - readOnly: true - resources: -{{ include "common.resources" . | indent 10 }} - volumes: - - name: {{ include "common.fullname" . }}-consulconfiguration - configMap: - name: {{ include "common.fullname" . }}-consul - - name: {{ include "common.fullname" . }}-vault - configMap: - name: {{ include "common.fullname" . }}-vault - - name: localtime - hostPath: - path: /etc/localtime - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" -{{- if .Values.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: {{ include "common.fullname" . }}-data - labels: - name: {{ include "common.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} -{{- end }} diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml deleted file mode 100644 index 7787f0b85d..0000000000 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml +++ /dev/null @@ -1,111 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# Modifications © 2020 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - persistence: {} - -# application image -repository: nexus3.onap.org:10001 -image: - consul: library/consul:1.7.1 - vault: library/vault:1.3.3 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -################################################################# -# Application configuration defaults. -################################################################# -config: - consul: - server: true - log_level: INFO - server: true - data_dir: '/consul/data' - ports: - http: 8500 - https: -1 - - vault: - storage: - consul: - address: localhost:8500 - path: smsvault - listener: - tcp: - address: '[::]:8200' - tls_disable: true - disable_mlock: true - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -persistence: - enabled: true - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce - size: 2Gi - mountPath: /dockerdata-nfs - mountSubPath: sms/consul/data - -service: - type: ClusterIP - name: aaf-sms-db - portName: aaf-sms-db - internalPort: 8200 - externalPort: 8200 - -ingress: - enabled: false - -flavor: small - -# Configure resource requests and limits -resources: - small: - limits: - cpu: 40m - memory: 40Mi - requests: - cpu: 10m - memory: 25Mi - large: - limits: - cpu: 400m - memory: 700Mi - requests: - cpu: 10m - memory: 100Mi - unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-sms/resources/config/has.json b/kubernetes/aaf/charts/aaf-sms/resources/config/has.json deleted file mode 100644 index 679b5189de..0000000000 --- a/kubernetes/aaf/charts/aaf-sms/resources/config/has.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "domain": { - "name": "has", - "secrets": [ - { - "name": "aai", - "values": { - "username": "${AAI_USER}", - "password": "${AAI_PASS}" - } - }, - { - "name": "conductor_api", - "values": { - "username": "${CONDUCTOR_USER}", - "password": "${CONDUCTOR_PASS}" - } - }, - { - "name": "sdnc", - "values": { - "username": "${SDNC_USER}", - "password": "${SDNC_PASS}" - } - }, - { - "name": "music_api", - "values": { - "aafuser": "${MUSIC_USER}", - "aafpass": "${MUSIC_PASS}", - "aafns": "conductor" - } - }, - { - "name": "aaf_api", - "values": { - "username": "${AAF_USER}", - "password": "${AAF_PASS}", - "aaf_conductor_user": "oof@oof.onap.org" - } - } - ] - } -} diff --git a/kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json b/kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json deleted file mode 100644 index add0808701..0000000000 --- a/kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json +++ /dev/null @@ -1,105 +0,0 @@ -{ - "domain": { - "name": "osdf", - "secrets": [ - { - "name": "so", - "values": { - "UserName": "${SO_USER}", - "Password": "${SO_PASS}" - } - }, - { - "name": "conductor", - "values": { - "UserName": "${CONDUCTOR_USER}", - "Password": "${CONDUCTOR_PASS}" - } - }, - { - "name": "policyPlatform", - "values": { - "UserName": "${POLICY_PLAT_USER}", - "Password": "${POLICY_PLAT_PASS}" - } - }, - { - "name": "policyClient", - "values": { - "UserName": "${POLICY_CLI_USER}", - "Password": "${POLICY_CLI_PASS}" - } - }, - { - "name": "dmaap", - "values": { - "UserName": "NA", - "Password": "NA" - } - }, - { - "name": "sdc", - "values": { - "UserName": "NA", - "Password": "NA" - } - }, - { - "name": "osdfPlacement", - "values": { - "UserName": "${OSDF_PLACEMENT_USER}", - "Password": "${OSDF_PLACEMENT_PASS}" - } - }, - { - "name": "osdfPlacementSO", - "values": { - "UserName": "${OSDF_PLACEMENT_SO_USER}", - "Password": "${OSDF_PLACEMENT_SO_PASS}" - } - }, - { - "name": "osdfPlacementVFC", - "values": { - "UserName": "${OSDF_PLACEMENT_VFC_USER}", - "Password": "${OSDF_PLACEMENT_VFC_PASS}" - } - }, - { - "name": "osdfCMScheduler", - "values": { - "UserName": "${OSDF_CM_SCHEDULER_USER}", - "Password": "${OSDF_CM_SCHEDULER_PASS}" - } - }, - { - "name": "configDb", - "values": { - "UserName": "${CONFIG_DB_USER}", - "Password": "${CONFIG_DB_PASS}" - } - }, - { - "name": "pciHMS", - "values": { - "UserName": "", - "Password": "" - } - }, - { - "name": "osdfPCIOpt", - "values": { - "UserName": "${OSDF_PCI_OPT_USER}", - "Password": "${OSDF_PCI_OPT_PASS}" - } - }, - { - "name": "osdfOptEngine", - "values": { - "UserName": "${OSDF_OPT_ENGINE_USER}", - "Password": "${OSDF_OPT_ENGINE_PASS}" - } - } - ] - } -} diff --git a/kubernetes/aaf/charts/aaf-sms/templates/configmap.yaml b/kubernetes/aaf/charts/aaf-sms/templates/configmap.yaml deleted file mode 100644 index a74fe277b7..0000000000 --- a/kubernetes/aaf/charts/aaf-sms/templates/configmap.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: - smsconfig.json: | - {{ .Values.config | toJson }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-preload - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-preload - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/aaf/charts/aaf-sms/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-sms/templates/deployment.yaml deleted file mode 100644 index 6113c0d5c8..0000000000 --- a/kubernetes/aaf/charts/aaf-sms/templates/deployment.yaml +++ /dev/null @@ -1,122 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# Modifications © 2020 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - name: fix-permission - command: - - /bin/sh - args: - - -c - - | - chmod -R 775 /sms/auth - chown -R 1000:1000 /sms/auth - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /sms/auth - name: {{ include "common.fullname" . }}-auth - - name: {{ include "common.name" . }}-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /root/ready.py - args: - - --container-name - - "aaf-sms-vault" - - --container-name - - "aaf-sms-vault-backend" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - containers: - - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }} - command: ["/sms/bin/sms"] - workingDir: /sms/ - ports: - - containerPort: {{ .Values.service.internalPort }} - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - httpGet: - port: {{ .Values.service.internalPort }} - scheme: HTTPS - path: /v1/sms/quorum/status - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - httpGet: - port: {{ .Values.service.internalPort }} - scheme: HTTPS - path: /v1/sms/quorum/status - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /sms/smsconfig.json - name: {{ include "common.name" .}} - subPath: smsconfig.json - - mountPath: /sms/auth - name: {{ include "common.fullname" . }}-auth - resources: -{{ include "common.resources" . | indent 10 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name : {{ include "common.name" . }} - configMap: - name: {{ include "common.fullname" . }} - - name: {{ include "common.fullname" . }}-auth - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }} - {{- else }} - emptyDir: {} - {{- end }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-sms/templates/job.yaml b/kubernetes/aaf/charts/aaf-sms/templates/job.yaml deleted file mode 100644 index bb145ef3f8..0000000000 --- a/kubernetes/aaf/charts/aaf-sms/templates/job.yaml +++ /dev/null @@ -1,202 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "common.fullname" . }}-preload - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - command: - - sh - args: - - -c - - "export AAI_PASS=${AAI_PASS_PLAIN}; - export CONDUCTOR_PASS=${CONDUCTOR_PASS_PLAIN}; - export SDNC_PASS=${SDNC_PASS_PLAIN}; - export MUSIC_PASS=${MUSIC_PASS_PLAIN}; - export AAF_PASS=${AAF_PASS_PLAIN}; - export POLICY_PLAT_PASS=${POLICY_PLAT_PASS_PLAIN}; - export POLICY_CLI_PASS=${POLICY_CLI_PASS_PLAIN}; - export OSDF_PLACEMENT_PASS=${OSDF_PLACEMENT_PASS_PLAIN}; - export OSDF_PLACEMENT_SO_PASS=${OSDF_PLACEMENT_SO_PASS_PLAIN}; - export OSDF_PLACMENET_VFC_PASS=${OSDF_PLACEMENT_VFC_PASS_PLAIN}; - export OSDF_CM_SCHEDULER_PASS=${OSDF_CM_SCHEDULER_PASS_PLAIN}; - export CONFIG_DB_PASS=${CONFIG_DB_PASS_PLAIN}; - export OSDF_PCI_OPT_PASS=${OSDF_PCI_OPT_PASS_PLAIN}; - export OSDF_OPT_ENGINE_PASS=${OSDF_OPT_ENGINE_PASS_PLAIN}; - export SO_PASS=${SO_PASS_PLAIN}; - cd /config-input; - for PFILE in `find . -not -type d | grep -v -F ..`; do - envsubst <${PFILE} >/config/${PFILE}; - done" - env: - - name: AAI_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-creds" "key" "login") | indent 10 }} - - name: AAI_PASS_PLAIN - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-creds" "key" "password") | indent 10 }} - - - name: CONDUCTOR_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "conductor-creds" "key" "login") | indent 10 }} - - name: CONDUCTOR_PASS_PLAIN - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "conductor-creds" "key" "password") | indent 10 }} - - - name: SDNC_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "login") | indent 10 }} - - name: SDNC_PASS_PLAIN - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "password") | indent 10 }} - - - name: MUSIC_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "music-creds" "key" "login") | indent 10 }} - - name: MUSIC_PASS_PLAIN - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "music-creds" "key" "password") | indent 10 }} - - - name: AAF_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "login") | indent 10 }} - - name: AAF_PASS_PLAIN - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "password") | indent 10 }} - - - name: POLICY_PLAT_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-plat-creds" "key" "login") | indent 10 }} - - name: POLICY_PLAT_PASS_PLAIN - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-plat-creds" "key" "password") | indent 10 }} - - - name: POLICY_CLI_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-cli-creds" "key" "login") | indent 10 }} - - name: POLICY_CLI_PASS_PLAIN - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-cli-creds" "key" "password") | indent 10 }} - - - name: OSDF_PLACEMENT_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-creds" "key" "login") | indent 10 }} - - name: OSDF_PLACEMENT_PASS_PLAIN - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-creds" "key" "password") | indent 10 }} - - - name: OSDF_PLACEMENT_SO_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-so-creds" "key" "login") | indent 10 }} - - name: OSDF_PLACEMENT_SO_PASS_PLAIN - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-so-creds" "key" "password") | indent 10 }} - - - name: OSDF_PLACEMENT_VFC_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-vfc-creds" "key" "login") | indent 10 }} - - name: OSDF_PLACEMENT_VFC_PASS_PLAIN - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-vfc-creds" "key" "password") | indent 10 }} - - - name: OSDF_CM_SCHEDULER_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-cm-scheduler-creds" "key" "login") | indent 10 }} - - name: OSDF_CM_SCHEDULER_PASS_PLAIN - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-cm-scheduler-creds" "key" "password") | indent 10 }} - - - name: CONFIG_DB_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "config-db-creds" "key" "login") | indent 10 }} - - name: CONFIG_DB_PASS_PLAIN - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "config-db-creds" "key" "password") | indent 10 }} - - - name: OSDF_PCI_OPT_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-pci-opt-creds" "key" "login") | indent 10 }} - - name: OSDF_PCI_OPT_PASS_PLAIN - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-pci-opt-creds" "key" "password") | indent 10 }} - - - name: OSDF_OPT_ENGINE_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-opt-engine-creds" "key" "login") | indent 10 }} - - name: OSDF_OPT_ENGINE_PASS_PLAIN - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-opt-engine-creds" "key" "password") | indent 10 }} - - - name: SO_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-creds" "key" "login") | indent 10 }} - - name: SO_PASS_PLAIN - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-creds" "key" "password") | indent 10 }} - - volumeMounts: - - mountPath: /config-input - name: {{ include "common.name" . }}-preload-input - - mountPath: /config/ - name: {{ include "common.name" . }}-preload - image: "{{ .Values.global.envsubstImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config - - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - command: - - /root/ready.py - args: - - --container-name - - "aaf-sms" - - --container-name - - "aaf-sms-quorumclient" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - containers: - - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-preload - command: - - "/sms/bin/preload" - - "-cacert" - - "/sms/certs/aaf_root_ca.cer" - - "-jsondir" - - "/preload/config" - - "-serviceport" - - "{{ .Values.service.internalPort }}" - - "-serviceurl" - - "https://aaf-sms.{{ include "common.namespace" . }}" - workingDir: /sms - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /preload/config - name: {{ include "common.name" . }}-preload - resources: -{{ include "common.resources" . | indent 10 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: {{ include "common.name" . }}-preload-input - configMap: - name: {{ include "common.fullname" . }}-preload - - name: {{ include "common.name" . }}-preload - emptyDir: - medium: Memory - restartPolicy: OnFailure - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-sms/templates/pv.yaml b/kubernetes/aaf/charts/aaf-sms/templates/pv.yaml deleted file mode 100644 index d06131feb5..0000000000 --- a/kubernetes/aaf/charts/aaf-sms/templates/pv.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) }} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ include "common.release" . }} - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" . }}-data" - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} -{{- end -}} -{{- end -}} diff --git a/kubernetes/aaf/charts/aaf-sms/templates/pvc.yaml b/kubernetes/aaf/charts/aaf-sms/templates/pvc.yaml deleted file mode 100644 index c46d50607c..0000000000 --- a/kubernetes/aaf/charts/aaf-sms/templates/pvc.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.size }} - storageClassName: {{ include "common.storageClass" . }} -{{- end -}} diff --git a/kubernetes/aaf/charts/aaf-sms/templates/secret.yaml b/kubernetes/aaf/charts/aaf-sms/templates/secret.yaml deleted file mode 100644 index 34932b713d..0000000000 --- a/kubernetes/aaf/charts/aaf-sms/templates/secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/aaf/charts/aaf-sms/templates/service.yaml b/kubernetes/aaf/charts/aaf-sms/templates/service.yaml deleted file mode 100644 index 9c94202fe3..0000000000 --- a/kubernetes/aaf/charts/aaf-sms/templates/service.yaml +++ /dev/null @@ -1,39 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - - name: {{ .Values.service.PortName }} - {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }} - {{- else -}} - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - {{- end}} - protocol: TCP - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/aaf/charts/aaf-sms/values.yaml b/kubernetes/aaf/charts/aaf-sms/values.yaml deleted file mode 100644 index 7e0aa5c282..0000000000 --- a/kubernetes/aaf/charts/aaf-sms/values.yaml +++ /dev/null @@ -1,227 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# Modifications © 2020 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - persistence: {} - envsubstImage: dibi/envsubst - -flavor: small -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/aaf/sms:4.0.2 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -# Example: -config: - smsdbaddress: "http://aaf-sms-db:8200" - cafile: "/sms/certs/aaf_root_ca.cer" - servercert: "/sms/certs/aaf-sms.pub" - serverkey: "/sms/certs/aaf-sms.pr" - password: "c2VjcmV0bWFuYWdlbWVudHNlcnZpY2VzZWNyZXRwYXNzd29yZA==" - -# subchart configuration -vault: - nameOverride: smsdb - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 30 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 30 - -service: - type: ClusterIP - name: aaf-sms - portName: aaf-sms - internalPort: 10443 - externalPort: 10443 - -persistence: - enabled: true - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce - size: 1Gi - mountPath: /dockerdata-nfs - mountSubPath: sms/auth - -ingress: - enabled: false - -secrets: - - uid: aai-creds - type: basicAuth - login: '{{ .Values.oofCreds.aaiUsername }}' - password: '{{ .Values.oofCreds.aaiPassword }}' - passwordPolicy: required - - uid: conductor-creds - type: basicAuth - login: '{{ .Values.oofCreds.conductorUsername }}' - password: '{{ .Values.oofCreds.conductorPassword }}' - passwordPolicy: required - - uid: sdnc-creds - type: basicAuth - login: '{{ .Values.oofCreds.sdncUsername }}' - password: '{{ .Values.oofCreds.sdncPassword }}' - passwordPolicy: required - - uid: music-creds - type: basicAuth - login: '{{ .Values.oofCreds.musicUsername }}' - password: '{{ .Values.oofCreds.musicPassword }}' - passwordPolicy: required - - uid: aaf-creds - type: basicAuth - login: '{{ .Values.oofCreds.aafUsername }}' - password: '{{ .Values.oofCreds.aafPassword }}' - passwordPolicy: required - - uid: policy-plat-creds - type: basicAuth - login: '{{ .Values.oofCreds.policyPlatUsername }}' - password: '{{ .Values.oofCreds.policyPlatPassword }}' - passwordPolicy: required - - uid: policy-cli-creds - type: basicAuth - login: '{{ .Values.oofCreds.policyCliUsername }}' - password: '{{ .Values.oofCreds.policyCliPassword }}' - passwordPolicy: required - - uid: osdf-placement-creds - type: basicAuth - login: '{{ .Values.oofCreds.osdfPlacementUsername }}' - password: '{{ .Values.oofCreds.osdfPlacementPassword }}' - passwordPolicy: required - - uid: osdf-placement-so-creds - type: basicAuth - login: '{{ .Values.oofCreds.osdfPlacementSOUsername }}' - password: '{{ .Values.oofCreds.osdfPlacementSOPassword }}' - passwordPolicy: required - - uid: osdf-placement-vfc-creds - type: basicAuth - login: '{{ .Values.oofCreds.osdfPlacementVFCUsername }}' - password: '{{ .Values.oofCreds.osdfPlacementVFCPassword }}' - passwordPolicy: required - - uid: osdf-cm-scheduler-creds - type: basicAuth - login: '{{ .Values.oofCreds.osdfCMSchedulerUsername }}' - password: '{{ .Values.oofCreds.osdfCMSchedulerPassword }}' - passwordPolicy: required - - uid: config-db-creds - type: basicAuth - login: '{{ .Values.oofCreds.configDbUsername }}' - password: '{{ .Values.oofCreds.configDbPassword }}' - passwordPolicy: required - - uid: osdf-pci-opt-creds - type: basicAuth - login: '{{ .Values.oofCreds.osdfPCIOptUsername }}' - password: '{{ .Values.oofCreds.osdfPCIOptPassword }}' - passwordPolicy: required - - uid: osdf-opt-engine-creds - type: basicAuth - login: '{{ .Values.oofCreds.osdfOptEngineUsername }}' - password: '{{ .Values.oofCreds.osdfOptEnginePassword }}' - passwordPolicy: required - - uid: so-creds - type: basicAuth - login: '{{ .Values.oofCreds.soUsername }}' - password: '{{ .Values.oofCreds.soPassword }}' - passwordPolicy: required - -oofCreds: - aaiUsername: oof@oof.onap.org - aaiPassword: demo123456! - - conductorUsername: admin1 - conductorPassword: plan.15 - - sdncUsername: admin - sdncPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U - - musicUsername: conductor - musicPassword: c0nduct0r - - aafUsername: aaf_admin@people.osaaf.org - aafPassword: demo123456! - - policyPlatUsername: healthcheck - policyPlatPassword: zb!XztG34 - - policyCliUsername: healthcheck - policyCliPassword: zb!XztG34 - - osdfPlacementUsername: test - osdfPlacementPassword: testpwd - - osdfPlacementSOUsername: so_test - osdfPlacementSOPassword: so_testpwd - - osdfPlacementVFCUsername: vfc_test - osdfPlacementVFCPassword: vfc_testpwd - - osdfCMSchedulerUsername: test1 - osdfCMSchedulerPassword: testpwd1 - - configDbUsername: osdf - configDbPassword: passwd - - osdfPCIOptUsername: pci_test - osdfPCIOptPassword: pci_testpwd - - osdfOptEngineUsername: opt_test - osdfOptEnginePassword: opt_testpwd - - soUsername: apihBpmn - soPassword: password1$ - -# Configure resource requests and limits -resources: - small: - limits: - cpu: 100m - memory: 400Mi - requests: - cpu: 25m - memory: 10Mi - large: - limits: - cpu: 400m - memory: 1Gi - requests: - cpu: 25m - memory: 100Mi - unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-sshsm/Chart.yaml b/kubernetes/aaf/charts/aaf-sshsm/Chart.yaml deleted file mode 100644 index d39b561905..0000000000 --- a/kubernetes/aaf/charts/aaf-sshsm/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Hardware Security Components -name: aaf-sshsm -version: 6.0.0 diff --git a/kubernetes/aaf/charts/aaf-sshsm/README.md b/kubernetes/aaf/charts/aaf-sshsm/README.md deleted file mode 100644 index a6f2e62cb9..0000000000 --- a/kubernetes/aaf/charts/aaf-sshsm/README.md +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Helm Chart for ONAP Hardware Security Components - -This includes the following Kubernetes services: - -1. dist-center - A service that is used to create and distribute private keys -2. abrmd - A service that manages access to the TPM device - -# Service Dependencies - -All services depend on AAF \ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml deleted file mode 100644 index 499b82caaf..0000000000 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Trusted Platform Module Resource Manager -name: aaf-sshsm-abrmd -version: 6.0.0 diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml deleted file mode 100644 index 8d1faf7e32..0000000000 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}} - -apiVersion: v1 -kind: ConfigMap -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} - -{{- end -}} diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml deleted file mode 100644 index 23fe79d716..0000000000 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}} - -apiVersion: batch/v1 -kind: Job -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - backoffLimit: 2 - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - restartPolicy: Never - containers: - - name: {{ include "common.name" . }}-job - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["/abrmd/bin/initialize_tpm.sh"] - workingDir: /abrmd/bin - securityContext: - privileged: true - env: - - name: TPM_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ABRMD_DATA - value: /abrmd/data - volumeMounts: - - name: {{ include "common.fullname" . }}-data - mountPath: /abrmd/data - - name: {{ include "common.fullname" . }}-tpm-device - mountPath: /dev/tpm0 - - name: {{ include "common.fullname" . }}-tpmconfig - mountPath: "/abrmd/cred/" - readOnly: true - resources: {{ toYaml .Values.resources | nindent 10 }} - {{- if .Values.nodeSelector }} - nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} - {{- end -}} - {{- if .Values.global.tpm.enabled }} - {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} - {{- end -}} - {{- if .Values.affinity }} - affinity: {{ toYaml .Values.affinity | nindent 8 }} - {{- end }} - resources: {{ include "common.resources" . | nindent 10 }} - volumes: - - name: {{ include "common.fullname" . }}-data - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-sshsm-data - - name: {{ include "common.fullname" . }}-tpm-device - hostPath: - path: /dev/tpm0 - - name: {{ include "common.fullname" . }}-tpmconfig - secret: - secretName: {{ include "common.release" . }}-aaf-sshsm - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" - -{{- end -}} diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml deleted file mode 100644 index c624ccfc4d..0000000000 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml +++ /dev/null @@ -1,89 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}} - -apiVersion: apps/v1 -kind: StatefulSet -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ .Values.replicaCount }} - serviceName: - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: - - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-job-complete - command: - - /root/job_complete.py - args: - - -j - - "{{ include "common.fullname" . }}-init" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 3m - memory: 20Mi - containers: - - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - name: {{ include "common.name" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["/abrmd/bin/run_abrmd.sh"] - workingDir: /abrmd/bin - securityContext: - privileged: true - volumeMounts: - - name: {{ include "common.fullname" . }}-dbus - mountPath: /var/run/dbus - - name: {{ include "common.fullname" . }}-tpm-device - mountPath: /dev/tpm0 - - mountPath: /etc/localtime - name: localtime - readOnly: true - resources: {{ include "common.resources" . | nindent 10 }} - nodeSelector: - {{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end -}} - {{- if .Values.global.tpm.enabled }} - {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} - {{- end -}} - {{- if .Values.affinity }} - affinity: {{ toYaml .Values.affinity | nindent 8 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: {{ include "common.fullname" . }}-dbus - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-sshsm-dbus - - name: {{ include "common.fullname" . }}-tpm-device - hostPath: - path: /dev/tpm0 - -{{- end -}} diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml deleted file mode 100644 index 2a733632bf..0000000000 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/aaf/abrmd:4.0.0 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -# Example: -# default number of instances -replicaCount: 1 - -# TPM specific node selection is done at parent chart aaf-sshsm -nodeSelector: {} - -affinity: {} - -ingress: - enabled: false - -# Configure resource requests and limits -flavor: small -resources: - small: - limits: - cpu: 20m - memory: 50Mi - requests: - cpu: 10m - memory: 10Mi - large: - limits: - cpu: 400m - memory: 1Gi - requests: - cpu: 10m - memory: 100Mi - unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml deleted file mode 100644 index 22ba3da019..0000000000 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Trusted Platform Module Distribution Center -name: aaf-sshsm-distcenter -version: 6.0.0 diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml deleted file mode 100644 index 99176fcdf6..0000000000 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if .Values.global.distcenter.enabled -}} - -apiVersion: v1 -kind: ConfigMap -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} - -{{- end -}} diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml deleted file mode 100644 index fb48c7df4a..0000000000 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml +++ /dev/null @@ -1,106 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if .Values.global.distcenter.enabled -}} - -apiVersion: batch/v1 -kind: Job -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - replicas: {{ .Values.replicaCount }} - serviceName: - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - restartPolicy: Never - initContainers: -{{- if .Values.global.tpm.enabled }} - - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - command: - - /root/job_complete.py - args: - - -j - - "{{ include "common.release" . }}-aaf-sshsm-abrmd-init" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 3m - memory: 20Mi -{{ else }} - - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-gen-passphrase - command: ["sh", "-c", "/usr/bin/openssl rand -base64 12 >/distcenter/data/passphrase"] - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - name: {{ include "common.fullname" . }}-data - mountPath: /distcenter/data - resources: - limits: - cpu: 1 - memory: 100Mi - requests: - cpu: 3m - memory: 20Mi -{{- end }} - containers: - - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - name: {{ include "common.name" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["/entrypoint.sh"] - workingDir: /distcenter - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - name: {{ include "common.fullname" . }}-data - mountPath: /distcenter/data - resources: {{ include "common.resources" . | nindent 10 }} - {{- if .Values.nodeSelector }} - nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: {{ toYaml .Values.affinity | nindent 8 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: {{ include "common.fullname" . }}-data - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-sshsm - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" - -{{- end -}} diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml deleted file mode 100644 index bf0ef74be2..0000000000 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if .Values.global.distcenter.enabled -}} -{{ include "common.PV" . }} -{{- end -}} diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml deleted file mode 100644 index a13b7f353b..0000000000 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if .Values.global.distcenter.enabled -}} -{{ include "common.PVC" . }} -{{- end -}} diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml deleted file mode 100644 index 94791be713..0000000000 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml +++ /dev/null @@ -1,69 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - persistence: {} - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/aaf/distcenter:4.0.0 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -# Example: -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -persistence: - enabled: true - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce - size: 10Mi - mountPath: /dockerdata-nfs - mountSubPath: sshsm/distcenter/data - -ingress: - enabled: false - -# Configure resource requests and limits -flavor: small -resources: - small: - limits: - cpu: 20m - memory: 50Mi - requests: - cpu: 10m - memory: 10Mi - large: - limits: - cpu: 400m - memory: 1Gi - requests: - cpu: 10m - memory: 100Mi - unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml deleted file mode 100644 index b64e0c331a..0000000000 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Trusted Platform Module Test CA Service -name: aaf-sshsm-testca -version: 6.0.0 diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml deleted file mode 100644 index a64f483d74..0000000000 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml +++ /dev/null @@ -1,131 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if .Values.global.testca.enabled -}} - -apiVersion: batch/v1 -kind: Job -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - replicas: {{ .Values.replicaCount }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - restartPolicy: Never - initContainers: - - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-distcenter-ready - command: - - /root/job_complete.py - args: - - -j - - "{{ include "common.release" . }}-aaf-sshsm-distcenter" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 3m - memory: 20Mi -{{- if .Values.global.tpm.enabled }} - - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-abrmd-ready - command: ["sh", "/sshsm/bin/abrmd_ready.sh", "300"] - workingDir: /testca/bin - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - volumeMounts: - - name: {{ include "common.fullname" . }}-dbus - mountPath: /var/run/dbus - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 3m - memory: 20Mi -{{- end }} - containers: - - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - name: {{ include "common.name" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["./import.sh"] - workingDir: /testca/bin - env: -{{- if .Values.global.tpm.enabled }} - - name: TPM_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: DATA_FOLDER - value: /testca/data/host_$(TPM_NODE_NAME) -{{ else }} - - name: DATA_FOLDER - value: /testca/data -{{- end }} - - name: SECRETS_FOLDER - value: /testca/secrets - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - name: {{ include "common.fullname" . }}-data - mountPath: /testca/data - - name: {{ include "common.fullname" . }}-dbus - mountPath: /var/run/dbus - - name: {{ include "common.fullname" . }}-secrets - mountPath: /testca/secrets - readOnly: true - resources: {{ include "common.resources" . | nindent 10 }} - nodeSelector: - {{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end -}} - {{- if .Values.global.tpm.enabled }} - {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} - {{- end -}} - {{- if .Values.affinity }} - affinity: {{ toYaml .Values.affinity | nindent 8 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: {{ include "common.fullname" . }}-data - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-sshsm - - name: {{ include "common.fullname" . }}-dbus - persistentVolumeClaim: - claimName: {{ include "common.release" . }}-aaf-sshsm-dbus - - name: {{ include "common.fullname" . }}-secrets - secret: - secretName: {{ include "common.release" . }}-aaf-sshsm - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" - -{{- end -}} diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml deleted file mode 100644 index dd04c93bd7..0000000000 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml +++ /dev/null @@ -1,61 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# - -enabled: true - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/aaf/testcaservice:4.0.0 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -# Example: -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -ingress: - enabled: false - -# Configure resource requests and limits -flavor: small -resources: - small: - limits: - cpu: 50m - memory: 100Mi - requests: - cpu: 10m - memory: 10Mi - large: - limits: - cpu: 400m - memory: 1Gi - requests: - cpu: 10m - memory: 100Mi - unlimited: {} diff --git a/kubernetes/aaf/charts/aaf-sshsm/requirements.yaml b/kubernetes/aaf/charts/aaf-sshsm/requirements.yaml deleted file mode 100644 index 0704a2c9df..0000000000 --- a/kubernetes/aaf/charts/aaf-sshsm/requirements.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~6.x-0 - repository: '@local' diff --git a/kubernetes/aaf/charts/aaf-sshsm/resources/config/prk_passwd b/kubernetes/aaf/charts/aaf-sshsm/resources/config/prk_passwd deleted file mode 100644 index 640b325898..0000000000 --- a/kubernetes/aaf/charts/aaf-sshsm/resources/config/prk_passwd +++ /dev/null @@ -1 +0,0 @@ -cHJpbWFyeXBhc3N3b3JkCg== diff --git a/kubernetes/aaf/charts/aaf-sshsm/resources/config/srk_handle b/kubernetes/aaf/charts/aaf-sshsm/resources/config/srk_handle deleted file mode 100644 index b8b9d8ddb0..0000000000 --- a/kubernetes/aaf/charts/aaf-sshsm/resources/config/srk_handle +++ /dev/null @@ -1 +0,0 @@ -MHg4MTAwMDAyMwo= diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pv-data.yaml b/kubernetes/aaf/charts/aaf-sshsm/templates/pv-data.yaml deleted file mode 100644 index b566b11458..0000000000 --- a/kubernetes/aaf/charts/aaf-sshsm/templates/pv-data.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.PV" (dict "dot" . "persistenceInfos" .Values.persistence.data) }} diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pv-dbus.yaml b/kubernetes/aaf/charts/aaf-sshsm/templates/pv-dbus.yaml deleted file mode 100644 index b3e7f9fabd..0000000000 --- a/kubernetes/aaf/charts/aaf-sshsm/templates/pv-dbus.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.PV" (dict "dot" . "suffix" "dbus" "persistenceInfos" .Values.persistence.dbus) }} diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-data.yaml b/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-data.yaml deleted file mode 100644 index b8971cc03c..0000000000 --- a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-data.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.PVC" (dict "dot" . "persistenceInfos" .Values.persistence.data) }} diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-dbus.yaml b/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-dbus.yaml deleted file mode 100644 index 7297d6f81d..0000000000 --- a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-dbus.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.PVC" (dict "dot" . "suffix" "dbus" "persistenceInfos" .Values.persistence.dbus) }} diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/secret.yaml b/kubernetes/aaf/charts/aaf-sshsm/templates/secret.yaml deleted file mode 100644 index 50b6f36cd3..0000000000 --- a/kubernetes/aaf/charts/aaf-sshsm/templates/secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ (.Files.Glob "resources/config/*").AsSecrets | indent 2 }} \ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-sshsm/values.yaml b/kubernetes/aaf/charts/aaf-sshsm/values.yaml deleted file mode 100644 index 5600213e11..0000000000 --- a/kubernetes/aaf/charts/aaf-sshsm/values.yaml +++ /dev/null @@ -1,66 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - tpm: - enabled: false - # if enabled, nodeselector will use the below - # values in the nodeselector section of the pod - nodeLabel: "tpm-node" - nodeLabelValue: "true" - abrmd: - enabled: true - distcenter: - enabled: true - testca: - enabled: true - persistence: {} - -persistence: - enabled: true - data: - enabled: true - size: 10Mi - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce - mountSubPath: sshsm/data - dbus: - enabled: true - size: 10Mi - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce - mountSubPath: sshsm/dbus - - - -# Configure resource requests and limits -resources: - small: - limits: - cpu: 20m - memory: 50Mi - requests: - cpu: 10m - memory: 10Mi - large: - limits: - cpu: 400m - memory: 1Gi - requests: - cpu: 10m - memory: 100Mi - unlimited: {} diff --git a/kubernetes/aaf/components/Makefile b/kubernetes/aaf/components/Makefile new file mode 100644 index 0000000000..2fc0cbe4ab --- /dev/null +++ b/kubernetes/aaf/components/Makefile @@ -0,0 +1,50 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/aaf/components/aaf-cass/.helmignore b/kubernetes/aaf/components/aaf-cass/.helmignore new file mode 100644 index 0000000000..daebc7da77 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cass/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aaf/components/aaf-cass/Chart.yaml b/kubernetes/aaf/components/aaf-cass/Chart.yaml new file mode 100644 index 0000000000..42b4076689 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cass/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAF cassandra +name: aaf-cass +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-cass/requirements.yaml b/kubernetes/aaf/components/aaf-cass/requirements.yaml new file mode 100644 index 0000000000..6afaa06e8a --- /dev/null +++ b/kubernetes/aaf/components/aaf-cass/requirements.yaml @@ -0,0 +1,18 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/components/aaf-cass/templates/NOTES.txt b/kubernetes/aaf/components/aaf-cass/templates/NOTES.txt new file mode 100644 index 0000000000..bd74a42cd5 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cass/templates/NOTES.txt @@ -0,0 +1,33 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml b/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml new file mode 100644 index 0000000000..309a9f38c6 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml @@ -0,0 +1,113 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - name: fix-permission + command: + - /bin/sh + args: + - -c + - | + chown -R 1000:1000 /opt/app/aaf/status + chown -R 1000:1000 /var/lib/cassandra + image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /var/lib/cassandra + name: aaf-cass-vol + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 30m + memory: 100Mi + containers: + - name: {{ include "common.name" . }} + image: {{ include "common.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + # installing with cmd "onap" will not only initialize the DB, but add ONAP bootstrap data as well + command: ["/bin/bash","/opt/app/aaf/cass_init/cmd.sh","onap"] + ports: {{ include "common.containerPorts" . | nindent 10 }} + env: + - name: CASSANDRA_CLUSTER_NAME + value: {{ .Values.config.cluster_name }} + - name: CASSANDRA_DC + value: {{ .Values.config.dc }} + - name: CQLSH + value: "/opt/cassandra/bin/cqlsh" + - name: HEAP_NEWSIZE + value: {{ .Values.config.heap_new_size }} + - name: MAX_HEAP_SIZE + value: {{ .Values.config.max_heap_size }} + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + volumeMounts: + - mountPath: /var/lib/cassandra + name: aaf-cass-vol + - mountPath: /etc/localtime + name: localtime + readOnly: true + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: tcp-cql + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: tcp-cql + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: {{ include "common.resources" . | nindent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: aaf-cass-vol + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }} + {{- else }} + emptyDir: {} + {{- end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/components/aaf-cass/templates/pv.yaml b/kubernetes/aaf/components/aaf-cass/templates/pv.yaml new file mode 100644 index 0000000000..187e9b75de --- /dev/null +++ b/kubernetes/aaf/components/aaf-cass/templates/pv.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.PV" . }} diff --git a/kubernetes/aaf/components/aaf-cass/templates/pvc.yaml b/kubernetes/aaf/components/aaf-cass/templates/pvc.yaml new file mode 100644 index 0000000000..e56c98751c --- /dev/null +++ b/kubernetes/aaf/components/aaf-cass/templates/pvc.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.PVC" . }} diff --git a/kubernetes/aaf/components/aaf-cass/templates/service.yaml b/kubernetes/aaf/components/aaf-cass/templates/service.yaml new file mode 100644 index 0000000000..8f80ee12a2 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cass/templates/service.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/aaf/components/aaf-cass/values.yaml b/kubernetes/aaf/components/aaf-cass/values.yaml new file mode 100644 index 0000000000..c5e5811fd1 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cass/values.yaml @@ -0,0 +1,109 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 AT&T, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + +flavor: small + +################################################################# +# Application configuration defaults. +################################################################# +# application configuration +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 120 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: tcp-cql + +image: onap/aaf/aaf_cass:2.1.23 + +config: + cluster_name: osaaf + heap_new_size: 512M + max_heap_size: 1024M + dc: dc1 + +readiness: + initialDelaySeconds: 5 + periodSeconds: 10 + +service: + name: aaf-cass + type: ClusterIP + ports: + - name: tcp-intra + port: 7000 + - name: tls + port: 7001 + - name: tcp-cql + port: 9042 + - name: tcp-thrift + port: 9160 + +ingress: + enabled: false + +# Configure resource requests and limits +resources: + small: + limits: + cpu: 2100m + memory: 1792Mi + requests: + cpu: 30m + memory: 1280Mi + large: + limits: + cpu: 4 + memory: 12000Mi + requests: + cpu: 40m + memory: 9000Mi + unlimited: {} + +persistence: + enabled: true + #existingClaim: + mountPath: /dockerdata-nfs + mountSubPath: "cass" + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 20Gi diff --git a/kubernetes/aaf/components/aaf-cert-service/.helmignore b/kubernetes/aaf/components/aaf-cert-service/.helmignore new file mode 100644 index 0000000000..50af031725 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/kubernetes/aaf/components/aaf-cert-service/Chart.yaml b/kubernetes/aaf/components/aaf-cert-service/Chart.yaml new file mode 100644 index 0000000000..525b2ac4b6 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAF Cert Service +name: aaf-cert-service +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-cert-service/requirements.yaml b/kubernetes/aaf/components/aaf-cert-service/requirements.yaml new file mode 100644 index 0000000000..6afaa06e8a --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/requirements.yaml @@ -0,0 +1,18 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks new file mode 100644 index 0000000000..f24908c55d Binary files /dev/null and b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks differ diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks new file mode 100644 index 0000000000..89605b6b7a Binary files /dev/null and b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks differ diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12 b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12 new file mode 100644 index 0000000000..2106c817ef Binary files /dev/null and b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12 differ diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/default/cmpServers.json b/kubernetes/aaf/components/aaf-cert-service/resources/default/cmpServers.json new file mode 100644 index 0000000000..358f2a82c7 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/resources/default/cmpServers.json @@ -0,0 +1,3 @@ +{ + "cmpv2Servers": [] +} \ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/root.crt b/kubernetes/aaf/components/aaf-cert-service/resources/root.crt new file mode 100644 index 0000000000..faeee81357 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/resources/root.crt @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFlDCCA3ygAwIBAgIETsAy8jANBgkqhkiG9w0BAQwFADByMQswCQYDVQQGEwJQ +TDEUMBIGA1UECBMLRG9sbnkgU2xhc2sxEDAOBgNVBAcTB1dyb2NsYXcxFTATBgNV +BAoTDFJvb3QgQ29tcGFueTERMA8GA1UECxMIUm9vdCBPcmcxETAPBgNVBAMTCHJv +b3QuY29tMB4XDTIwMDQwMzA5MTYxNloXDTMwMDQwMTA5MTYxNlowcjELMAkGA1UE +BhMCUEwxFDASBgNVBAgTC0RvbG55IFNsYXNrMRAwDgYDVQQHEwdXcm9jbGF3MRUw +EwYDVQQKEwxSb290IENvbXBhbnkxETAPBgNVBAsTCFJvb3QgT3JnMREwDwYDVQQD +Ewhyb290LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAImm68wu +rtdkVrC5JI2y53+DoVE4al7NxC2yHeVW0PRD3CgW1xba6dlSQoDQQKkDkxtuNhlU +IQxU1bbKR6syqJgpJXwSDx4sl4J5lQGWN+iuNA72C1IyXATOgowGq6PbOVVTkApy +3+ZZGBCmweTjhvddAO7k5p8v+ePt17VvBTxSt6rSvrkGMbpCxBGAPfGpL9xykm9Z +okVSlA42gGhbra499QTT0Yc/WPPFotKkDKFGaDrLW3NYX1Lio11myYNvLOMwfSEV +Xy9vkwxcdqFJpHjx+EVLLQXwkudZP+D53N4bk8nP3SacbZSQ/A85mZpWNtw+r9QL +fZGecY1YIR0udLj66CIG3ybl3gSXX7TSRERTIMR6Um1lt+039FSa18mRBpQTCDXV +tSL58Qs5BHFkCe0sGpY+XiSEypc6oYPf/7YjiTvMT/mHhDffrvFjhK+wP/oCIg8u +vuPRoPWuyw41bBeFGitJgDn7E8p9B4K/1DCO/ZcjXiYMgn5Hwb3ojablYUeiXs99 +2AAV8gCceUCdgcP8d6wdAydOVljavkgHPG0IMbiVG1WT57oM3HQpejgpujlKDDsI +bi9/lbcC/U0JoN9yAaJZFr7CXJrxRv8DWeTwzMTo203KHNu9roQiERd38P8Dp6AQ +ivmqf0+0VZM3IpjWBYKM68tclHJcG+7wyFjvAgMBAAGjMjAwMB0GA1UdDgQWBBSN +lFyR56zh67mnvYTmmgJQVxEJrjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB +DAUAA4ICAQBczmFY0kmr1FK50glkT282ur0vukNtwXQNJONof3rYRqP2W98jID6D +ayma0B4/H1EqCa0d66wRBxFdwW+MqOc4uWD3uUwgazrYD/Bv+V3aumaw8yX6vbyL +hLNfpd4pViAEGtzYxYfMfFR6uzInF3NMpvt8OXCSGKiQjDMnMs0ekvUZLJm7yxwT +Qr9aAEFYQYM/GstUC6qFfuUa4MaGvmyKWhZ10JoKXYbGGeFU4wI7Kzifh3VvawTg +r314ZvQ3zpEwzNJpdvT5ZKuPvyN+drAKFpSPfOTFmmb3uF95FgYq33OFPpo7SR43 +tnw5u5YqKnsHmqCIRMctWiYZc8rBJ3+eBGmke6z/AN6FraG6Ejc8e4WPclrB8STb ++oB3a4Cvri1VHyodkm50Sb/d1FAMDXvzEPBfu2D0dVvOwOcISSN/MQUom8NN4YeI +aEATdAPNkokgehOzZ1OPRv47FKYEVPCXjaZEWAC7NNmNiRn4RQOti0DlNrLL7Nx9 +vK09G0EnW01MO2ARRkZ3dog+Ph7orJQV3sd7TO4EEortqWtbegSH75ylyYw6rt/j +uBzYtMOnEtnQKhxj4Wj7PO+StCgspoOByn0d+iSgDd2TlpWm4naP2pfFZT0R+TOH +wzSH0F47TSfRd0++uEz/QhViybrvQK7yMt1G1YwZp2im+imuWwUC8Q== +-----END CERTIFICATE----- diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/test/cmpServers.json b/kubernetes/aaf/components/aaf-cert-service/resources/test/cmpServers.json new file mode 100644 index 0000000000..06e1087f60 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/resources/test/cmpServers.json @@ -0,0 +1,24 @@ +{ + "cmpv2Servers": [ + { + "caName": "CLIENT", + "url": "http://ejbca:8080/ejbca/publicweb/cmp/cmp", + "issuerDN": "CN=ManagementCA", + "caMode": "CLIENT", + "authentication": { + "iak": "${CLIENT_IAK}", + "rv": "${CLIENT_RV}" + } + }, + { + "caName": "RA", + "url": "http://ejbca:8080/ejbca/publicweb/cmp/cmpRA", + "issuerDN": "CN=ManagementCA", + "caMode": "RA", + "authentication": { + "iak": "${RA_IAK}", + "rv": "${RA_RV}" + } + } + ] +} \ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks b/kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks new file mode 100644 index 0000000000..c32d37fd9d Binary files /dev/null and b/kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks differ diff --git a/kubernetes/aaf/components/aaf-cert-service/templates/deployment.yaml b/kubernetes/aaf/components/aaf-cert-service/templates/deployment.yaml new file mode 100644 index 0000000000..76e610f169 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/templates/deployment.yaml @@ -0,0 +1,123 @@ +# Copyright © 2020, Nokia +# Modifications Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.global.cmpv2Enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + volumes: +{{- if .Values.global.addTestingComponents }} + - name: cmp-servers-template-volume + secret: + secretName: {{ .Values.cmpServers.secret.name }} + - name: {{ .Values.cmpServers.volume.name }} + emptyDir: + medium: Memory +{{- else }} + - name: {{ .Values.cmpServers.volume.name }} + secret: + secretName: {{ .Values.cmpServers.secret.name }} +{{- end }} + - name: {{ .Values.tls.server.volume.name }} + secret: + secretName: {{ .Values.tls.server.secret.name }} +{{- if .Values.global.addTestingComponents }} + initContainers: + - name: wait-for-ejbca + command: + - /root/ready.py + args: + - --container-name + - ejbca-ejbca + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + - name: subsitute-envs + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ['sh', '-c', "cd /config-input && envsubst < cmpServers.json > {{ .Values.cmpServers.volume.mountPath }}/cmpServers.json"] + volumeMounts: + - name: cmp-servers-template-volume + mountPath: /config-input + readOnly: true + - name: {{ .Values.cmpServers.volume.name }} + mountPath: {{ .Values.cmpServers.volume.mountPath }} + readOnly: false + env: + - name: CLIENT_IAK + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-client-iak" "key" "password") | indent 14 }} + - name: CLIENT_RV + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmp-config-client-rv" "key" "password") | indent 14 }} + - name: RA_IAK + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-ra-iak" "key" "password") | indent 14 }} + - name: RA_RV + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmp-config-ra-rv" "key" "password") | indent 14 }} +{{- end }} + containers: + - name: {{ include "common.name" . }} + image: {{ .Values.repository }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{ include "common.containerPorts" . | nindent 10 }} + env: + - name: HTTPS_PORT + value: "{{ .Values.envs.httpsPort }}" + - name: KEYSTORE_PATH + value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.keystore.jksName }}" + - name: KEYSTORE_P12_PATH + value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.keystore.p12Name }}" + - name: TRUSTSTORE_PATH + value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.truststore.jksName }}" + - name: ROOT_CERT + value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.truststore.crtName }}" + - name: KEYSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 14 }} + - name: TRUSTSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 14 }} + livenessProbe: + exec: + command: + - /bin/bash + - -c + - {{ .Values.liveness.command }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + readinessProbe: + exec: + command: + - /bin/bash + - -c + - {{ .Values.readiness.command }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - name: {{ .Values.cmpServers.volume.name }} + mountPath: {{ .Values.cmpServers.volume.mountPath }} + readOnly: false + - name: {{ .Values.tls.server.volume.name }} + mountPath: {{ .Values.tls.server.volume.mountPath }} + readOnly: true + resources: {{ include "common.resources" . | nindent 12 }} +{{ end -}} diff --git a/kubernetes/aaf/components/aaf-cert-service/templates/secret.yaml b/kubernetes/aaf/components/aaf-cert-service/templates/secret.yaml new file mode 100644 index 0000000000..ac92f56487 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/templates/secret.yaml @@ -0,0 +1,56 @@ +# Copyright © 2020, Nokia +# Modifications Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.global.cmpv2Enabled }} +{{ include "common.secretFast" . }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.cmpServers.secret.name }} +type: Opaque +data: +{{ if .Values.global.addTestingComponents }} + {{ (.Files.Glob "resources/test/cmpServers.json").AsSecrets }} +{{ else }} + {{ (.Files.Glob "resources/default/cmpServers.json").AsSecrets }} +{{ end }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.global.aaf.certServiceClient.secret.name | default .Values.tls.client.secret.defaultName }} +type: Opaque +data: + certServiceClient-keystore.jks: + {{ (.Files.Glob "resources/certServiceClient-keystore.jks").AsSecrets }} + truststore.jks: + {{ (.Files.Glob "resources/truststore.jks").AsSecrets }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.tls.server.secret.name }} +type: Opaque +data: + certServiceServer-keystore.jks: + {{ (.Files.Glob "resources/certServiceServer-keystore.jks").AsSecrets }} + certServiceServer-keystore.p12: + {{ (.Files.Glob "resources/certServiceServer-keystore.p12").AsSecrets }} + truststore.jks: + {{ (.Files.Glob "resources/truststore.jks").AsSecrets }} + root.crt: + {{ (.Files.Glob "resources/root.crt").AsSecrets }} +{{ end -}} \ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-cert-service/templates/service.yaml b/kubernetes/aaf/components/aaf-cert-service/templates/service.yaml new file mode 100644 index 0000000000..60e2afa41d --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/templates/service.yaml @@ -0,0 +1,17 @@ +# Copyright © 2020, Nokia +# Modifications Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.global.cmpv2Enabled }} + {{ include "common.service" . }} +{{ end -}} \ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-cert-service/values.yaml b/kubernetes/aaf/components/aaf-cert-service/values.yaml new file mode 100644 index 0000000000..17b0b758cd --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/values.yaml @@ -0,0 +1,160 @@ +# Copyright © 2020, Nokia +# Modifications Copyright © 2020, Nordix Foundation, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Global +global: + envsubstImage: dibi/envsubst + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + +# Service configuration +service: + type: ClusterIP + ports: + - name: http + port: 8443 + port_protocol: http + + +# Deployment configuration +repository: nexus3.onap.org:10001 +image: onap/org.onap.aaf.certservice.aaf-certservice-api:1.0.0 +pullPolicy: Always +replicaCount: 1 + +liveness: + initialDelaySeconds: 60 + periodSeconds: 10 + command: curl https://localhost:$HTTPS_PORT/actuator/health --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD +readiness: + initialDelaySeconds: 30 + periodSeconds: 10 + command: curl https://localhost:$HTTPS_PORT/ready --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD + +flavor: small +resources: + small: + limits: + cpu: 0.5 + memory: 1Gi + requests: + cpu: 0.2 + memory: 512Mi + large: + limits: + cpu: 1 + memory: 2Gi + requests: + cpu: 0.4 + memory: 1Gi + unlimited: {} + + +# Application configuration +cmpServers: + secret: + name: aaf-cert-service-secret + volume: + name: aaf-cert-service-volume + mountPath: /etc/onap/aaf/certservice + +tls: + server: + secret: + name: aaf-cert-service-server-tls-secret + volume: + name: aaf-cert-service-server-tls-volume + mountPath: /etc/onap/aaf/certservice/certs/ + client: + secret: + defaultName: aaf-cert-service-client-tls-secret + +envs: + keystore: + jksName: certServiceServer-keystore.jks + p12Name: certServiceServer-keystore.p12 + truststore: + jksName: truststore.jks + crtName: root.crt + httpsPort: 8443 + +# External secrets with credentials can be provided to override default credentials defined below, +# by uncommenting and filling appropriate *ExternalSecret value +credentials: + tls: + keystorePassword: secret + truststorePassword: secret + #keystorePasswordExternalSecret: + #truststorePasswordExternalSecret: + # Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled + cmp: + #clientIakExternalSecret: + #clientRvExternalSecret: + #raIakExternalSecret: + #raRvExternalSecret: + client: {} + # iak: mypassword + # rv: unused + ra: {} + # iak: mypassword + # rv: unused + +secrets: + - uid: keystore-password + name: '{{ include "common.release" . }}-keystore-password' + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.tls.keystorePasswordExternalSecret) . }}' + password: '{{ .Values.credentials.tls.keystorePassword }}' + passwordPolicy: required + - uid: truststore-password + name: '{{ include "common.release" . }}-truststore-password' + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.tls.truststorePasswordExternalSecret) . }}' + password: '{{ .Values.credentials.tls.truststorePassword }}' + passwordPolicy: required + # Below values are relevant only if global addTestingComponents flag is enabled + - uid: ejbca-server-client-iak + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientIakExternalSecret) . }}' + password: '{{ .Values.credentials.cmp.client.iak }}' + - uid: cmp-config-client-rv + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientRvExternalSecret) . }}' + password: '{{ .Values.credentials.cmp.client.rv }}' + - uid: ejbca-server-ra-iak + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raIakExternalSecret) . }}' + password: '{{ .Values.credentials.cmp.ra.iak }}' + - uid: cmp-config-ra-rv + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raRvExternalSecret) . }}' + password: '{{ .Values.credentials.cmp.ra.rv }}' diff --git a/kubernetes/aaf/components/aaf-cm/.helmignore b/kubernetes/aaf/components/aaf-cm/.helmignore new file mode 100644 index 0000000000..daebc7da77 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cm/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aaf/components/aaf-cm/Chart.yaml b/kubernetes/aaf/components/aaf-cm/Chart.yaml new file mode 100644 index 0000000000..ed453f7ac7 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cm/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T, ZTE +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAF Certificate Manager +name: aaf-cm +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-cm/requirements.yaml b/kubernetes/aaf/components/aaf-cm/requirements.yaml new file mode 100644 index 0000000000..08ef7fe836 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cm/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: aaf-templates + version: ~6.x-0 + repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/components/aaf-cm/templates/NOTES.txt b/kubernetes/aaf/components/aaf-cm/templates/NOTES.txt new file mode 100644 index 0000000000..bd74a42cd5 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cm/templates/NOTES.txt @@ -0,0 +1,33 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/aaf/components/aaf-cm/templates/deployment.yaml b/kubernetes/aaf/components/aaf-cm/templates/deployment.yaml new file mode 100644 index 0000000000..5074c8bc08 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cm/templates/deployment.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/components/aaf-cm/templates/ingress.yaml b/kubernetes/aaf/components/aaf-cm/templates/ingress.yaml new file mode 100644 index 0000000000..40b4bba0ce --- /dev/null +++ b/kubernetes/aaf/components/aaf-cm/templates/ingress.yaml @@ -0,0 +1,4 @@ + +{{ include "common.ingress" . }} + + diff --git a/kubernetes/aaf/components/aaf-cm/templates/service.yaml b/kubernetes/aaf/components/aaf-cm/templates/service.yaml new file mode 100644 index 0000000000..e54c4f3057 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cm/templates/service.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/aaf/components/aaf-cm/values.yaml b/kubernetes/aaf/components/aaf-cm/values.yaml new file mode 100644 index 0000000000..0997c7db41 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cm/values.yaml @@ -0,0 +1,106 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 AT&T, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + aaf: + config: + image: onap/aaf/aaf_config:2.1.23 + + +flavor: small + +################################################################# +# Application configuration defaults. +################################################################# +# application image +replicaCount: 1 + +binary: cm + +sequence_order: + - service + - locate + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 30 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: api + +readiness: + initialDelaySeconds: 5 + periodSeconds: 10 + port: api + +service: + name: aaf-cm + type: ClusterIP + ports: + - name: api + protocol: http + port: 8150 + +ingress: + enabled: false + service: + - baseaddr: "aafcm" + name: "aaf-cm" + port: 8150 + config: + ssl: "redirect" + +# Configure resource requests and limits +resources: + small: + limits: + cpu: 400m + memory: 300Mi + requests: + cpu: 1m + memory: 200Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 40m + memory: 600Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-fs/.helmignore b/kubernetes/aaf/components/aaf-fs/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/aaf/components/aaf-fs/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aaf/components/aaf-fs/Chart.yaml b/kubernetes/aaf/components/aaf-fs/Chart.yaml new file mode 100644 index 0000000000..211c4c28de --- /dev/null +++ b/kubernetes/aaf/components/aaf-fs/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAF File Server +name: aaf-fs +version: 6.0.0 \ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-fs/requirements.yaml b/kubernetes/aaf/components/aaf-fs/requirements.yaml new file mode 100644 index 0000000000..08ef7fe836 --- /dev/null +++ b/kubernetes/aaf/components/aaf-fs/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: aaf-templates + version: ~6.x-0 + repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/components/aaf-fs/templates/NOTES.txt b/kubernetes/aaf/components/aaf-fs/templates/NOTES.txt new file mode 100644 index 0000000000..bd74a42cd5 --- /dev/null +++ b/kubernetes/aaf/components/aaf-fs/templates/NOTES.txt @@ -0,0 +1,33 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/aaf/components/aaf-fs/templates/deployment.yaml b/kubernetes/aaf/components/aaf-fs/templates/deployment.yaml new file mode 100644 index 0000000000..c36750809c --- /dev/null +++ b/kubernetes/aaf/components/aaf-fs/templates/deployment.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/components/aaf-fs/templates/ingress.yaml b/kubernetes/aaf/components/aaf-fs/templates/ingress.yaml new file mode 100644 index 0000000000..40b4bba0ce --- /dev/null +++ b/kubernetes/aaf/components/aaf-fs/templates/ingress.yaml @@ -0,0 +1,4 @@ + +{{ include "common.ingress" . }} + + diff --git a/kubernetes/aaf/components/aaf-fs/templates/service.yaml b/kubernetes/aaf/components/aaf-fs/templates/service.yaml new file mode 100644 index 0000000000..e54c4f3057 --- /dev/null +++ b/kubernetes/aaf/components/aaf-fs/templates/service.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/aaf/components/aaf-fs/values.yaml b/kubernetes/aaf/components/aaf-fs/values.yaml new file mode 100644 index 0000000000..9bffb95724 --- /dev/null +++ b/kubernetes/aaf/components/aaf-fs/values.yaml @@ -0,0 +1,107 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 AT&T, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + aaf: + config: + image: onap/aaf/aaf_config:2.1.23 + +flavor: small + +################################################################# +# Application configuration defaults. +################################################################# +# application image +pullPolicy: Always + +replicaCount: 1 + +binary: fs + +sequence_order: + - service + - locate + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 120 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: api + +readiness: + initialDelaySeconds: 5 + periodSeconds: 10 + port: api + +service: + name: aaf-fs + type: ClusterIP + ports: + - name: api + port: 8096 + protocol: http + +ingress: + enabled: false + service: + - baseaddr: "aaffs" + name: "aaf-fs" + port: 8096 + config: + ssl: "none" + +# Configure resource requests and limits +resources: + small: + limits: + cpu: 200m + memory: 110Mi + requests: + cpu: 1m + memory: 80Mi + large: + limits: + cpu: 500m + memory: 700Mi + requests: + cpu: 100m + memory: 400Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-gui/.helmignore b/kubernetes/aaf/components/aaf-gui/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/aaf/components/aaf-gui/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aaf/components/aaf-gui/Chart.yaml b/kubernetes/aaf/components/aaf-gui/Chart.yaml new file mode 100644 index 0000000000..7e81a70759 --- /dev/null +++ b/kubernetes/aaf/components/aaf-gui/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAF GUI +name: aaf-gui +version: 6.0.0 \ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-gui/requirements.yaml b/kubernetes/aaf/components/aaf-gui/requirements.yaml new file mode 100644 index 0000000000..08ef7fe836 --- /dev/null +++ b/kubernetes/aaf/components/aaf-gui/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: aaf-templates + version: ~6.x-0 + repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/components/aaf-gui/templates/NOTES.txt b/kubernetes/aaf/components/aaf-gui/templates/NOTES.txt new file mode 100644 index 0000000000..bd74a42cd5 --- /dev/null +++ b/kubernetes/aaf/components/aaf-gui/templates/NOTES.txt @@ -0,0 +1,33 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/aaf/components/aaf-gui/templates/deployment.yaml b/kubernetes/aaf/components/aaf-gui/templates/deployment.yaml new file mode 100644 index 0000000000..c36750809c --- /dev/null +++ b/kubernetes/aaf/components/aaf-gui/templates/deployment.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/components/aaf-gui/templates/ingress.yaml b/kubernetes/aaf/components/aaf-gui/templates/ingress.yaml new file mode 100644 index 0000000000..40b4bba0ce --- /dev/null +++ b/kubernetes/aaf/components/aaf-gui/templates/ingress.yaml @@ -0,0 +1,4 @@ + +{{ include "common.ingress" . }} + + diff --git a/kubernetes/aaf/components/aaf-gui/templates/service.yaml b/kubernetes/aaf/components/aaf-gui/templates/service.yaml new file mode 100644 index 0000000000..e54c4f3057 --- /dev/null +++ b/kubernetes/aaf/components/aaf-gui/templates/service.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/aaf/components/aaf-gui/values.yaml b/kubernetes/aaf/components/aaf-gui/values.yaml new file mode 100644 index 0000000000..8639d6c0f0 --- /dev/null +++ b/kubernetes/aaf/components/aaf-gui/values.yaml @@ -0,0 +1,107 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 AT&T, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + aaf: + config: + image: onap/aaf/aaf_config:2.1.23 + +flavor: small +################################################################# +# Application configuration defaults. +################################################################# +# application image +pullPolicy: Always + +replicaCount: 1 + +binary: gui + +sequence_order: + - service + - locate + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 30 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: gui + +readiness: + initialDelaySeconds: 5 + periodSeconds: 10 + port: gui + +service: + name: aaf-gui + type: NodePort + ports: + - name: gui + protocol: http + port: 8200 + nodePort: 51 + +ingress: + enabled: false + service: + - baseaddr: "aafgui" + name: "aaf-gui" + port: 8200 + config: + ssl: "redirect" + +# Configure resource requests and limits +resources: + small: + limits: + cpu: 200m + memory: 280Mi + requests: + cpu: 1m + memory: 170Mi + large: + limits: + cpu: 200m + memory: 1Gi + requests: + cpu: 100m + memory: 500Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-hello/.helmignore b/kubernetes/aaf/components/aaf-hello/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/aaf/components/aaf-hello/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aaf/components/aaf-hello/Chart.yaml b/kubernetes/aaf/components/aaf-hello/Chart.yaml new file mode 100644 index 0000000000..71b3242558 --- /dev/null +++ b/kubernetes/aaf/components/aaf-hello/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAF Hello +name: aaf-hello +version: 6.0.0 \ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-hello/requirements.yaml b/kubernetes/aaf/components/aaf-hello/requirements.yaml new file mode 100644 index 0000000000..08ef7fe836 --- /dev/null +++ b/kubernetes/aaf/components/aaf-hello/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: aaf-templates + version: ~6.x-0 + repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/components/aaf-hello/templates/NOTES.txt b/kubernetes/aaf/components/aaf-hello/templates/NOTES.txt new file mode 100644 index 0000000000..ef4d8e7d23 --- /dev/null +++ b/kubernetes/aaf/components/aaf-hello/templates/NOTES.txt @@ -0,0 +1,14 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + diff --git a/kubernetes/aaf/components/aaf-hello/templates/deployment.yaml b/kubernetes/aaf/components/aaf-hello/templates/deployment.yaml new file mode 100644 index 0000000000..891b829f43 --- /dev/null +++ b/kubernetes/aaf/components/aaf-hello/templates/deployment.yaml @@ -0,0 +1,60 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: {{ include "common.aaf-config" (dict "aafRoot" .Values.aaf_init "dot" .) | nindent 6 }} +# CONTAINER Definition + containers: + - name: {{ include "common.name" . }} + command: ["bash","-c","cd /opt/app/aaf && if [ ! -d /opt/app/osaaf/etc ]; then cp -Rf etc logs /opt/app/osaaf; fi && exec bin/hello"] + image: {{ .Values.global.repository }}/{{.Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{ include "common.containerPorts" . | nindent 10 }} + volumeMounts: {{ include "common.aaf-config-volume-mountpath" . | nindent 8 }} + - mountPath: /etc/localtime + name: localtime + readOnly: true + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{- end }} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} + {{- end }} + volumes: {{ include "common.aaf-config-volumes" (dict "aafRoot" .Values.aaf_init "dot" .) | nindent 6 }} + - name: localtime + hostPath: + path: /etc/localtime + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/components/aaf-hello/templates/ingress.yaml b/kubernetes/aaf/components/aaf-hello/templates/ingress.yaml new file mode 100644 index 0000000000..40b4bba0ce --- /dev/null +++ b/kubernetes/aaf/components/aaf-hello/templates/ingress.yaml @@ -0,0 +1,4 @@ + +{{ include "common.ingress" . }} + + diff --git a/kubernetes/aaf/components/aaf-hello/templates/secret.yaml b/kubernetes/aaf/components/aaf-hello/templates/secret.yaml new file mode 100644 index 0000000000..f8c32e0670 --- /dev/null +++ b/kubernetes/aaf/components/aaf-hello/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/aaf/components/aaf-hello/templates/service.yaml b/kubernetes/aaf/components/aaf-hello/templates/service.yaml new file mode 100644 index 0000000000..8f80ee12a2 --- /dev/null +++ b/kubernetes/aaf/components/aaf-hello/templates/service.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/aaf/components/aaf-hello/values.yaml b/kubernetes/aaf/components/aaf-hello/values.yaml new file mode 100644 index 0000000000..df3abec67c --- /dev/null +++ b/kubernetes/aaf/components/aaf-hello/values.yaml @@ -0,0 +1,105 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +global: + aafEnabled: true + +flavor: small + +################################################################# +# Application configuration defaults. +################################################################# +# application image +aaf_init: + # You might want this in your own app. For AAF, we store in global + # replicas: 1 + fqi: aaf@aaf.osaaf.org +# This MUST match what is put in AAF's "Artifact" for Certificates + fqdn: aaf-hello +# What is put in Locator for External Access + public_fqdn: aaf.osaaf.org + cadi_latitude: "38.0" + cadi_longitude: "-72.0" + credsPath: /opt/app/osaaf/local + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + secret_uid: &aaf_secret_uid nbi-aaf-deploy-creds + permission_user: 1000 + permission_group: 999 + +replicaCount: 0 + +image: onap/aaf/aaf_hello:2.1.23 + +service: + name: aaf-hello + type: ClusterIP + ports: + - name: api + protocol: http + port: 8130 + +nodeSelector: {} + +affinity: {} + +secrets: + - uid: *aaf_secret_uid + type: basicAuth + externalSecret: '{{ ternary (tpl (default "" .Values.aaf_init.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}' + login: '{{ .Values.aaf_init.aafDeployFqi }}' + password: '{{ .Values.aaf_init.aafDeployPass }}' + passwordPolicy: required + +# probe configuration parameters +liveness: + initialDelaySeconds: 30 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: api + +readiness: + initialDelaySeconds: 5 + periodSeconds: 10 + port: api + +ingress: + enabled: false + service: + - baseaddr: "aafhello" + name: "aaf-hello" + port: 8130 + config: + ssl: "none" + +# Configure resource requests and limits +resources: + small: + limits: + cpu: 200m + memory: 500Mi + requests: + cpu: 10m + memory: 200Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 20m + memory: 500Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-locate/.helmignore b/kubernetes/aaf/components/aaf-locate/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/aaf/components/aaf-locate/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aaf/components/aaf-locate/Chart.yaml b/kubernetes/aaf/components/aaf-locate/Chart.yaml new file mode 100644 index 0000000000..3133191280 --- /dev/null +++ b/kubernetes/aaf/components/aaf-locate/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAF Locate +name: aaf-locate +version: 6.0.0 \ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-locate/requirements.yaml b/kubernetes/aaf/components/aaf-locate/requirements.yaml new file mode 100644 index 0000000000..08ef7fe836 --- /dev/null +++ b/kubernetes/aaf/components/aaf-locate/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: aaf-templates + version: ~6.x-0 + repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/components/aaf-locate/templates/NOTES.txt b/kubernetes/aaf/components/aaf-locate/templates/NOTES.txt new file mode 100644 index 0000000000..bd74a42cd5 --- /dev/null +++ b/kubernetes/aaf/components/aaf-locate/templates/NOTES.txt @@ -0,0 +1,33 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/aaf/components/aaf-locate/templates/deployment.yaml b/kubernetes/aaf/components/aaf-locate/templates/deployment.yaml new file mode 100644 index 0000000000..5074c8bc08 --- /dev/null +++ b/kubernetes/aaf/components/aaf-locate/templates/deployment.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/components/aaf-locate/templates/ingress.yaml b/kubernetes/aaf/components/aaf-locate/templates/ingress.yaml new file mode 100644 index 0000000000..1b33c1f8d1 --- /dev/null +++ b/kubernetes/aaf/components/aaf-locate/templates/ingress.yaml @@ -0,0 +1,2 @@ + +{{ include "common.ingress" . }} diff --git a/kubernetes/aaf/components/aaf-locate/templates/service.yaml b/kubernetes/aaf/components/aaf-locate/templates/service.yaml new file mode 100644 index 0000000000..e54c4f3057 --- /dev/null +++ b/kubernetes/aaf/components/aaf-locate/templates/service.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/aaf/components/aaf-locate/values.yaml b/kubernetes/aaf/components/aaf-locate/values.yaml new file mode 100644 index 0000000000..7bcf10dabb --- /dev/null +++ b/kubernetes/aaf/components/aaf-locate/values.yaml @@ -0,0 +1,104 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 AT&T, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + aaf: + config: + image: onap/aaf/aaf_config:2.1.23 + + +flavor: small +################################################################# +# Application configuration defaults. +################################################################# +# application image +replicaCount: 1 + +binary: locate + +sequence_order: + - service + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 30 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: api + +readiness: + initialDelaySeconds: 5 + periodSeconds: 10 + port: api + +service: + name: aaf-locate + type: ClusterIP + ports: + - name: api + protocol: http + port: 8095 + +ingress: + enabled: false + service: + - baseaddr: "aaflocate" + name: "aaf-locate" + port: 8095 + config: + ssl: "redirect" + +# Configure resource requests and limits +resources: + small: + limits: + cpu: 500m + memory: 320Mi + requests: + cpu: 1m + memory: 210Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 40m + memory: 500Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-oauth/.helmignore b/kubernetes/aaf/components/aaf-oauth/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/aaf/components/aaf-oauth/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aaf/components/aaf-oauth/Chart.yaml b/kubernetes/aaf/components/aaf-oauth/Chart.yaml new file mode 100644 index 0000000000..a64a17c7b1 --- /dev/null +++ b/kubernetes/aaf/components/aaf-oauth/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAF OAuth +name: aaf-oauth +version: 6.0.0 \ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-oauth/requirements.yaml b/kubernetes/aaf/components/aaf-oauth/requirements.yaml new file mode 100644 index 0000000000..08ef7fe836 --- /dev/null +++ b/kubernetes/aaf/components/aaf-oauth/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: aaf-templates + version: ~6.x-0 + repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/components/aaf-oauth/templates/NOTES.txt b/kubernetes/aaf/components/aaf-oauth/templates/NOTES.txt new file mode 100644 index 0000000000..bd74a42cd5 --- /dev/null +++ b/kubernetes/aaf/components/aaf-oauth/templates/NOTES.txt @@ -0,0 +1,33 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/aaf/components/aaf-oauth/templates/deployment.yaml b/kubernetes/aaf/components/aaf-oauth/templates/deployment.yaml new file mode 100644 index 0000000000..5074c8bc08 --- /dev/null +++ b/kubernetes/aaf/components/aaf-oauth/templates/deployment.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/components/aaf-oauth/templates/ingress.yaml b/kubernetes/aaf/components/aaf-oauth/templates/ingress.yaml new file mode 100644 index 0000000000..1b33c1f8d1 --- /dev/null +++ b/kubernetes/aaf/components/aaf-oauth/templates/ingress.yaml @@ -0,0 +1,2 @@ + +{{ include "common.ingress" . }} diff --git a/kubernetes/aaf/components/aaf-oauth/templates/service.yaml b/kubernetes/aaf/components/aaf-oauth/templates/service.yaml new file mode 100644 index 0000000000..e54c4f3057 --- /dev/null +++ b/kubernetes/aaf/components/aaf-oauth/templates/service.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/aaf/components/aaf-oauth/values.yaml b/kubernetes/aaf/components/aaf-oauth/values.yaml new file mode 100644 index 0000000000..8771041778 --- /dev/null +++ b/kubernetes/aaf/components/aaf-oauth/values.yaml @@ -0,0 +1,107 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 AT&T, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + aaf: + config: + image: onap/aaf/aaf_config:2.1.23 + + +flavor: small + +################################################################# +# Application configuration defaults. +################################################################# +# application image + +replicaCount: 1 + +binary: oauth + +sequence_order: + - service + - locate + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 30 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: api + +readiness: + initialDelaySeconds: 5 + periodSeconds: 10 + port: api + +service: + name: aaf-oauth + type: ClusterIP + ports: + - name: api + protocol: http + port: 8140 + +ingress: + enabled: false + service: + - baseaddr: "aafoauth" + name: "aaf-oauth" + port: 8140 + config: + ssl: "redirect" + +# Configure resource requests and limits +resources: + small: + limits: + cpu: 40m + memory: 320Mi + requests: + cpu: 1m + memory: 210Mi + large: + limits: + cpu: 400m + memory: 600Mi + requests: + cpu: 40m + memory: 200Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-service/.helmignore b/kubernetes/aaf/components/aaf-service/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/aaf/components/aaf-service/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aaf/components/aaf-service/Chart.yaml b/kubernetes/aaf/components/aaf-service/Chart.yaml new file mode 100644 index 0000000000..187e33ac6f --- /dev/null +++ b/kubernetes/aaf/components/aaf-service/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAF Service +name: aaf-service +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-service/requirements.yaml b/kubernetes/aaf/components/aaf-service/requirements.yaml new file mode 100644 index 0000000000..08ef7fe836 --- /dev/null +++ b/kubernetes/aaf/components/aaf-service/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: aaf-templates + version: ~6.x-0 + repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/components/aaf-service/templates/deployment.yaml b/kubernetes/aaf/components/aaf-service/templates/deployment.yaml new file mode 100644 index 0000000000..5074c8bc08 --- /dev/null +++ b/kubernetes/aaf/components/aaf-service/templates/deployment.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "aaf.deployment" . }} diff --git a/kubernetes/aaf/components/aaf-service/templates/ingress.yaml b/kubernetes/aaf/components/aaf-service/templates/ingress.yaml new file mode 100644 index 0000000000..40b4bba0ce --- /dev/null +++ b/kubernetes/aaf/components/aaf-service/templates/ingress.yaml @@ -0,0 +1,4 @@ + +{{ include "common.ingress" . }} + + diff --git a/kubernetes/aaf/components/aaf-service/templates/service.yaml b/kubernetes/aaf/components/aaf-service/templates/service.yaml new file mode 100644 index 0000000000..e54c4f3057 --- /dev/null +++ b/kubernetes/aaf/components/aaf-service/templates/service.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Orange +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/aaf/components/aaf-service/values.yaml b/kubernetes/aaf/components/aaf-service/values.yaml new file mode 100644 index 0000000000..d924bb4f54 --- /dev/null +++ b/kubernetes/aaf/components/aaf-service/values.yaml @@ -0,0 +1,106 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications © 2020 AT&T, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + aaf: + config: + image: onap/aaf/aaf_config:2.1.23 + + +flavor: small + +################################################################# +# Application configuration defaults. +################################################################# +# application image + +replicaCount: 1 + +binary: service + +sequence_order: + - cass + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 30 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: api + +readiness: + initialDelaySeconds: 5 + periodSeconds: 10 + port: api + +service: + name: aaf-service + type: ClusterIP + ports: + - name: api + port: 8100 + protocol: http + +ingress: + enabled: false + service: + - baseaddr: "aafservice" + name: "aaf-service" + port: 8100 + config: + ssl: "redirect" + +# Configure resource requests and limits +resources: + small: + limits: + cpu: 250m + memory: 360Mi + requests: + cpu: 10m + memory: 250Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 40m + memory: 300Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-sms/Chart.yaml b/kubernetes/aaf/components/aaf-sms/Chart.yaml new file mode 100644 index 0000000000..557894f456 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Secret Management Service +name: aaf-sms +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml new file mode 100644 index 0000000000..2dc3d49b66 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Secret Management Service Quorum Client +name: aaf-sms-quorumclient +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json new file mode 100644 index 0000000000..3a43f00019 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json @@ -0,0 +1,7 @@ +{ + "url":"https://aaf-sms.{{ include "common.namespace" . }}:10443", + "cafile": "/quorumclient/certs/aaf_root_ca.cer", + "clientcert":"client.cert", + "clientkey":"client.key", + "timeout":"10s" +} \ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml new file mode 100644 index 0000000000..02f1080f29 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml @@ -0,0 +1,26 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} \ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml new file mode 100644 index 0000000000..d855ae6fdf --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml @@ -0,0 +1,45 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- $global := . }} +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +{{- if eq "True" (include "common.needPV" .) }} +{{- range $i := until (int $global.Values.replicaCount)}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" $global }}-data-{{ $i }} + namespace: {{ include "common.namespace" $global }} + labels: + app: {{ include "common.name" $global }} + chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" + release: "{{ include "common.release" $global }}" + heritage: "{{ $global.Release.Service }}" + name: {{ include "common.fullname" $global }} +spec: + capacity: + storage: {{ $global.Values.persistence.size}} + accessModes: + - {{ $global.Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" $global }}-data" + hostPath: + path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} +{{if ne $i (int $global.Values.replicaCount) }} +--- +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml new file mode 100644 index 0000000000..1c6cc933f5 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml @@ -0,0 +1,107 @@ +# Copyright 2018 Intel Corporation, Inc +# Modifications © 2020 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + serviceName: + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{- if .Values.persistence.enabled }} + initContainers: + - name: fix-permission + command: + - /bin/sh + args: + - -c + - | + chmod -R 775 /quorumclient/auth + chown -R 100:1000 /quorumclient/auth + image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /quorumclient/auth + name: {{ include "common.fullname" . }}-data +{{- end }} + containers: + - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + name: {{ include "common.name" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/quorumclient/bin/quorumclient"] + workingDir: /quorumclient/ + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /quorumclient/config.json + name: {{ include "common.name" .}} + subPath: config.json +{{- if .Values.persistence.enabled }} + - mountPath: /quorumclient/auth + name: {{ include "common.fullname" . }}-data +{{- end }} + resources: +{{ include "common.resources" . | indent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name : {{ include "common.name" . }} + configMap: + name: {{ include "common.fullname" . }} + items: + - key: config.json + path: config.json + mode: 0755 +{{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: {{ include "common.fullname" . }}-data + labels: + name: {{ include "common.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ include "common.release" . }}" + heritage: "{{ .Release.Service }}" + spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + storageClassName: {{ include "common.storageClass" . }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- end }} diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/values.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/values.yaml new file mode 100644 index 0000000000..1459624536 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/values.yaml @@ -0,0 +1,71 @@ +# Copyright 2018 Intel Corporation, Inc +# Modifications © 2020 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/aaf/smsquorumclient:4.0.2 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +# Example: +# default number of instances +replicaCount: 3 + +nodeSelector: {} + +affinity: {} + +persistence: + enabled: true + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 10Mi + mountPath: /dockerdata-nfs + mountSubPath: sms/quorum/data + +ingress: + enabled: false + +flavor: small + +# Configure resource requests and limits +resources: + small: + limits: + cpu: 40m + memory: 40Mi + requests: + cpu: 1m + memory: 10Mi + large: + limits: + cpu: 400m + memory: 700Mi + requests: + cpu: 10m + memory: 100Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/Chart.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/Chart.yaml new file mode 100644 index 0000000000..074958ff70 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Chart to launch Vault as SMS backend +name: aaf-sms-vault +appVersion: 0.9.5 +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml new file mode 100644 index 0000000000..2c70c23e03 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml @@ -0,0 +1,41 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-vault + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: + config.json: | + {{ .Values.config.vault | toJson }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-consul + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: + config.json: | + {{ .Values.config.consul | toJson }} diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml new file mode 100644 index 0000000000..d855ae6fdf --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml @@ -0,0 +1,45 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- $global := . }} +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +{{- if eq "True" (include "common.needPV" .) }} +{{- range $i := until (int $global.Values.replicaCount)}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" $global }}-data-{{ $i }} + namespace: {{ include "common.namespace" $global }} + labels: + app: {{ include "common.name" $global }} + chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" + release: "{{ include "common.release" $global }}" + heritage: "{{ $global.Release.Service }}" + name: {{ include "common.fullname" $global }} +spec: + capacity: + storage: {{ $global.Values.persistence.size}} + accessModes: + - {{ $global.Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" $global }}-data" + hostPath: + path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} +{{if ne $i (int $global.Values.replicaCount) }} +--- +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/service.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/service.yaml new file mode 100644 index 0000000000..a3a7591b02 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/service.yaml @@ -0,0 +1,39 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + - name: {{ .Values.service.portName }} + {{if eq .Values.service.type "NodePort" -}} + port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }} + {{- else -}} + port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + {{- end}} + protocol: TCP + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml new file mode 100644 index 0000000000..4023106091 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml @@ -0,0 +1,115 @@ +# Copyright 2018 Intel Corporation, Inc +# Modifications © 2020 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + serviceName: + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: +{{- if .Values.persistence.enabled }} + initContainers: + - name: fix-permission + command: + - /bin/sh + args: + - -c + - | + chmod -R 775 /consul/data + chown -R 100:1000 /consul/data + image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /consul/data + name: {{ include "common.fullname" . }}-data +{{- end }} + containers: + - image: "{{ include "common.repository" . }}/{{ .Values.image.vault }}" + name: {{ include "common.name" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + args: ["server"] + ports: + - containerPort: {{ .Values.service.internalPort }} + volumeMounts: + - mountPath: /vault/config/config.json + name: {{ include "common.fullname" . }}-vault + subPath: config.json + - mountPath: /etc/localtime + name: localtime + readOnly: true + resources: +{{ include "common.resources" . | indent 10 }} + - image: "{{ include "common.repository" . }}/{{ .Values.image.consul }}" + name: {{ include "common.name" . }}-backend + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + args: ["agent","-server","-bind","0.0.0.0","-bootstrap-expect=1","-config-file","/consul/config/config.json"] + ports: + - name: http + containerPort: 8500 + volumeMounts: +{{- if .Values.persistence.enabled }} + - mountPath: /consul/data + name: {{ include "common.fullname" . }}-data +{{- end }} + - mountPath: /consul/config/config.json + name: {{ include "common.fullname" . }}-consulconfiguration + subPath: config.json + - mountPath: /etc/localtime + name: localtime + readOnly: true + resources: +{{ include "common.resources" . | indent 10 }} + volumes: + - name: {{ include "common.fullname" . }}-consulconfiguration + configMap: + name: {{ include "common.fullname" . }}-consul + - name: {{ include "common.fullname" . }}-vault + configMap: + name: {{ include "common.fullname" . }}-vault + - name: localtime + hostPath: + path: /etc/localtime + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: {{ include "common.fullname" . }}-data + labels: + name: {{ include "common.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ include "common.release" . }}" + heritage: "{{ .Release.Service }}" + spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + storageClassName: {{ include "common.storageClass" . }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- end }} diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/values.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/values.yaml new file mode 100644 index 0000000000..7787f0b85d --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/values.yaml @@ -0,0 +1,111 @@ +# Copyright 2018 Intel Corporation, Inc +# Modifications © 2020 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + +# application image +repository: nexus3.onap.org:10001 +image: + consul: library/consul:1.7.1 + vault: library/vault:1.3.3 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +################################################################# +# Application configuration defaults. +################################################################# +config: + consul: + server: true + log_level: INFO + server: true + data_dir: '/consul/data' + ports: + http: 8500 + https: -1 + + vault: + storage: + consul: + address: localhost:8500 + path: smsvault + listener: + tcp: + address: '[::]:8200' + tls_disable: true + disable_mlock: true + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +persistence: + enabled: true + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 2Gi + mountPath: /dockerdata-nfs + mountSubPath: sms/consul/data + +service: + type: ClusterIP + name: aaf-sms-db + portName: aaf-sms-db + internalPort: 8200 + externalPort: 8200 + +ingress: + enabled: false + +flavor: small + +# Configure resource requests and limits +resources: + small: + limits: + cpu: 40m + memory: 40Mi + requests: + cpu: 10m + memory: 25Mi + large: + limits: + cpu: 400m + memory: 700Mi + requests: + cpu: 10m + memory: 100Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-sms/requirements.yaml b/kubernetes/aaf/components/aaf-sms/requirements.yaml new file mode 100644 index 0000000000..7152c37ff0 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/components/aaf-sms/resources/certs/intermediate_root_ca.pem b/kubernetes/aaf/components/aaf-sms/resources/certs/intermediate_root_ca.pem new file mode 100644 index 0000000000..7939846bf0 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/resources/certs/intermediate_root_ca.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB +RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN +MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG +A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL +neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d +o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3 +nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV +v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO +15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw +gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV +M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/ +BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B +AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q +ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl +u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+ ++pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/ +QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht +8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX +kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3 +aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky +uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w +tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep +BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k= +-----END CERTIFICATE----- diff --git a/kubernetes/aaf/components/aaf-sms/resources/config/has.json b/kubernetes/aaf/components/aaf-sms/resources/config/has.json new file mode 100644 index 0000000000..679b5189de --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/resources/config/has.json @@ -0,0 +1,44 @@ +{ + "domain": { + "name": "has", + "secrets": [ + { + "name": "aai", + "values": { + "username": "${AAI_USER}", + "password": "${AAI_PASS}" + } + }, + { + "name": "conductor_api", + "values": { + "username": "${CONDUCTOR_USER}", + "password": "${CONDUCTOR_PASS}" + } + }, + { + "name": "sdnc", + "values": { + "username": "${SDNC_USER}", + "password": "${SDNC_PASS}" + } + }, + { + "name": "music_api", + "values": { + "aafuser": "${MUSIC_USER}", + "aafpass": "${MUSIC_PASS}", + "aafns": "conductor" + } + }, + { + "name": "aaf_api", + "values": { + "username": "${AAF_USER}", + "password": "${AAF_PASS}", + "aaf_conductor_user": "oof@oof.onap.org" + } + } + ] + } +} diff --git a/kubernetes/aaf/components/aaf-sms/resources/config/osdf.json b/kubernetes/aaf/components/aaf-sms/resources/config/osdf.json new file mode 100644 index 0000000000..add0808701 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/resources/config/osdf.json @@ -0,0 +1,105 @@ +{ + "domain": { + "name": "osdf", + "secrets": [ + { + "name": "so", + "values": { + "UserName": "${SO_USER}", + "Password": "${SO_PASS}" + } + }, + { + "name": "conductor", + "values": { + "UserName": "${CONDUCTOR_USER}", + "Password": "${CONDUCTOR_PASS}" + } + }, + { + "name": "policyPlatform", + "values": { + "UserName": "${POLICY_PLAT_USER}", + "Password": "${POLICY_PLAT_PASS}" + } + }, + { + "name": "policyClient", + "values": { + "UserName": "${POLICY_CLI_USER}", + "Password": "${POLICY_CLI_PASS}" + } + }, + { + "name": "dmaap", + "values": { + "UserName": "NA", + "Password": "NA" + } + }, + { + "name": "sdc", + "values": { + "UserName": "NA", + "Password": "NA" + } + }, + { + "name": "osdfPlacement", + "values": { + "UserName": "${OSDF_PLACEMENT_USER}", + "Password": "${OSDF_PLACEMENT_PASS}" + } + }, + { + "name": "osdfPlacementSO", + "values": { + "UserName": "${OSDF_PLACEMENT_SO_USER}", + "Password": "${OSDF_PLACEMENT_SO_PASS}" + } + }, + { + "name": "osdfPlacementVFC", + "values": { + "UserName": "${OSDF_PLACEMENT_VFC_USER}", + "Password": "${OSDF_PLACEMENT_VFC_PASS}" + } + }, + { + "name": "osdfCMScheduler", + "values": { + "UserName": "${OSDF_CM_SCHEDULER_USER}", + "Password": "${OSDF_CM_SCHEDULER_PASS}" + } + }, + { + "name": "configDb", + "values": { + "UserName": "${CONFIG_DB_USER}", + "Password": "${CONFIG_DB_PASS}" + } + }, + { + "name": "pciHMS", + "values": { + "UserName": "", + "Password": "" + } + }, + { + "name": "osdfPCIOpt", + "values": { + "UserName": "${OSDF_PCI_OPT_USER}", + "Password": "${OSDF_PCI_OPT_PASS}" + } + }, + { + "name": "osdfOptEngine", + "values": { + "UserName": "${OSDF_OPT_ENGINE_USER}", + "Password": "${OSDF_OPT_ENGINE_PASS}" + } + } + ] + } +} diff --git a/kubernetes/aaf/components/aaf-sms/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sms/templates/configmap.yaml new file mode 100644 index 0000000000..a74fe277b7 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/templates/configmap.yaml @@ -0,0 +1,42 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: + smsconfig.json: | + {{ .Values.config | toJson }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-preload + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-preload + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/aaf/components/aaf-sms/templates/deployment.yaml b/kubernetes/aaf/components/aaf-sms/templates/deployment.yaml new file mode 100644 index 0000000000..bb409f33c5 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/templates/deployment.yaml @@ -0,0 +1,144 @@ +# Copyright 2018 Intel Corporation, Inc +# Modifications © 2020 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 8 }} + # Currently intermediate certificate is not given by AAF CM so we need + # to give it "by hand" + {{- if .Values.global.aafEnabled }} + - name: {{ include "common.fullname" . }}-add-intermediate-cert + command: + - /bin/sh + args: + - -c + - | + cat /int-certs/intermediate_root_ca.pem >> {{ .Values.certInitializer.mountPath }}/local/org.onap.aaf-sms.crt + image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }} + - mountPath: /int-certs + name: {{ include "common.fullname" . }}-int-certs + readOnly: true + {{- end }} + - name: {{ include "common.fullname" . }}-fix-permission + command: + - /bin/sh + args: + - -c + - | + chmod -R 775 /sms/auth + chown -R 1000:1000 /sms/auth + image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /sms/auth + name: {{ include "common.fullname" . }}-auth + - name: {{ include "common.name" . }}-readiness + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - "aaf-sms-vault" + - --container-name + - "aaf-sms-vault-backend" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + containers: + - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }} + command: ["/sms/bin/sms"] + workingDir: /sms/ + ports: + - containerPort: {{ .Values.service.internalPort }} + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + httpGet: + port: {{ .Values.service.internalPort }} + scheme: HTTPS + path: /v1/sms/quorum/status + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + httpGet: + port: {{ .Values.service.internalPort }} + scheme: HTTPS + path: /v1/sms/quorum/status + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /sms/smsconfig.json + name: {{ include "common.name" .}} + subPath: smsconfig.json + - mountPath: /sms/auth + name: {{ include "common.fullname" . }}-auth + resources: +{{ include "common.resources" . | indent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} + - name: localtime + hostPath: + path: /etc/localtime + - name : {{ include "common.name" . }} + configMap: + name: {{ include "common.fullname" . }} + {{- if .Values.global.aafEnabled }} + - name: {{ include "common.fullname" . }}-int-certs + secret: + secretName: {{ include "common.fullname" . }}-int-certs + {{- end }} + - name: {{ include "common.fullname" . }}-auth + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }} + {{- else }} + emptyDir: {} + {{- end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/components/aaf-sms/templates/job.yaml b/kubernetes/aaf/components/aaf-sms/templates/job.yaml new file mode 100644 index 0000000000..315d068676 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/templates/job.yaml @@ -0,0 +1,202 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-preload + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + - command: + - sh + args: + - -c + - "export AAI_PASS=${AAI_PASS_PLAIN}; + export CONDUCTOR_PASS=${CONDUCTOR_PASS_PLAIN}; + export SDNC_PASS=${SDNC_PASS_PLAIN}; + export MUSIC_PASS=${MUSIC_PASS_PLAIN}; + export AAF_PASS=${AAF_PASS_PLAIN}; + export POLICY_PLAT_PASS=${POLICY_PLAT_PASS_PLAIN}; + export POLICY_CLI_PASS=${POLICY_CLI_PASS_PLAIN}; + export OSDF_PLACEMENT_PASS=${OSDF_PLACEMENT_PASS_PLAIN}; + export OSDF_PLACEMENT_SO_PASS=${OSDF_PLACEMENT_SO_PASS_PLAIN}; + export OSDF_PLACMENET_VFC_PASS=${OSDF_PLACEMENT_VFC_PASS_PLAIN}; + export OSDF_CM_SCHEDULER_PASS=${OSDF_CM_SCHEDULER_PASS_PLAIN}; + export CONFIG_DB_PASS=${CONFIG_DB_PASS_PLAIN}; + export OSDF_PCI_OPT_PASS=${OSDF_PCI_OPT_PASS_PLAIN}; + export OSDF_OPT_ENGINE_PASS=${OSDF_OPT_ENGINE_PASS_PLAIN}; + export SO_PASS=${SO_PASS_PLAIN}; + cd /config-input; + for PFILE in `find . -not -type d | grep -v -F ..`; do + envsubst <${PFILE} >/config/${PFILE}; + done" + env: + - name: AAI_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-creds" "key" "login") | indent 10 }} + - name: AAI_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-creds" "key" "password") | indent 10 }} + + - name: CONDUCTOR_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "conductor-creds" "key" "login") | indent 10 }} + - name: CONDUCTOR_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "conductor-creds" "key" "password") | indent 10 }} + + - name: SDNC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "login") | indent 10 }} + - name: SDNC_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "password") | indent 10 }} + + - name: MUSIC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "music-creds" "key" "login") | indent 10 }} + - name: MUSIC_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "music-creds" "key" "password") | indent 10 }} + + - name: AAF_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "login") | indent 10 }} + - name: AAF_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "password") | indent 10 }} + + - name: POLICY_PLAT_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-plat-creds" "key" "login") | indent 10 }} + - name: POLICY_PLAT_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-plat-creds" "key" "password") | indent 10 }} + + - name: POLICY_CLI_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-cli-creds" "key" "login") | indent 10 }} + - name: POLICY_CLI_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-cli-creds" "key" "password") | indent 10 }} + + - name: OSDF_PLACEMENT_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-creds" "key" "login") | indent 10 }} + - name: OSDF_PLACEMENT_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-creds" "key" "password") | indent 10 }} + + - name: OSDF_PLACEMENT_SO_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-so-creds" "key" "login") | indent 10 }} + - name: OSDF_PLACEMENT_SO_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-so-creds" "key" "password") | indent 10 }} + + - name: OSDF_PLACEMENT_VFC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-vfc-creds" "key" "login") | indent 10 }} + - name: OSDF_PLACEMENT_VFC_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-vfc-creds" "key" "password") | indent 10 }} + + - name: OSDF_CM_SCHEDULER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-cm-scheduler-creds" "key" "login") | indent 10 }} + - name: OSDF_CM_SCHEDULER_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-cm-scheduler-creds" "key" "password") | indent 10 }} + + - name: CONFIG_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "config-db-creds" "key" "login") | indent 10 }} + - name: CONFIG_DB_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "config-db-creds" "key" "password") | indent 10 }} + + - name: OSDF_PCI_OPT_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-pci-opt-creds" "key" "login") | indent 10 }} + - name: OSDF_PCI_OPT_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-pci-opt-creds" "key" "password") | indent 10 }} + + - name: OSDF_OPT_ENGINE_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-opt-engine-creds" "key" "login") | indent 10 }} + - name: OSDF_OPT_ENGINE_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-opt-engine-creds" "key" "password") | indent 10 }} + + - name: SO_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-creds" "key" "login") | indent 10 }} + - name: SO_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-creds" "key" "password") | indent 10 }} + + volumeMounts: + - mountPath: /config-input + name: {{ include "common.name" . }}-preload-input + - mountPath: /config/ + name: {{ include "common.name" . }}-preload + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + command: + - /root/ready.py + args: + - --container-name + - "aaf-sms" + - --container-name + - "aaf-sms-quorumclient" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + containers: + - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-preload + command: + - "/sms/bin/preload" + - "-cacert" + - "{{ .Values.certInitializer.mountPath }}/local/{{ .Values.certInitializer.root_ca_name }}" + - "-jsondir" + - "/preload/config" + - "-serviceport" + - "{{ .Values.service.internalPort }}" + - "-serviceurl" + - "https://aaf-sms.{{ include "common.namespace" . }}" + workingDir: /sms + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /preload/config + name: {{ include "common.name" . }}-preload + resources: +{{ include "common.resources" . | indent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.name" . }}-preload-input + configMap: + name: {{ include "common.fullname" . }}-preload + - name: {{ include "common.name" . }}-preload + emptyDir: + medium: Memory + restartPolicy: OnFailure + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/components/aaf-sms/templates/pv.yaml b/kubernetes/aaf/components/aaf-sms/templates/pv.yaml new file mode 100644 index 0000000000..d06131feb5 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/templates/pv.yaml @@ -0,0 +1,40 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +{{- if eq "True" (include "common.needPV" .) }} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: {{ include "common.release" . }} + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} +spec: + capacity: + storage: {{ .Values.persistence.size}} + accessModes: + - {{ .Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" . }}-data" + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} +{{- end -}} +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sms/templates/pvc.yaml b/kubernetes/aaf/components/aaf-sms/templates/pvc.yaml new file mode 100644 index 0000000000..c46d50607c --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/templates/pvc.yaml @@ -0,0 +1,39 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ include "common.release" . }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + accessModes: + - {{ .Values.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.size }} + storageClassName: {{ include "common.storageClass" . }} +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sms/templates/secret.yaml b/kubernetes/aaf/components/aaf-sms/templates/secret.yaml new file mode 100644 index 0000000000..7a0213f16c --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/templates/secret.yaml @@ -0,0 +1,32 @@ +{{/* +# Copyright © 2020 Samsung Electronics, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} +--- +{{- if .Values.global.aafEnabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-int-certs + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} +{{- end }} diff --git a/kubernetes/aaf/components/aaf-sms/templates/service.yaml b/kubernetes/aaf/components/aaf-sms/templates/service.yaml new file mode 100644 index 0000000000..9c94202fe3 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/templates/service.yaml @@ -0,0 +1,39 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + - name: {{ .Values.service.PortName }} + {{if eq .Values.service.type "NodePort" -}} + port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }} + {{- else -}} + port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + {{- end}} + protocol: TCP + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} diff --git a/kubernetes/aaf/components/aaf-sms/values.yaml b/kubernetes/aaf/components/aaf-sms/values.yaml new file mode 100644 index 0000000000..dccf57ca96 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/values.yaml @@ -0,0 +1,257 @@ +# Copyright 2018 Intel Corporation, Inc +# Modifications © 2020 AT&T, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + persistence: {} + envsubstImage: dibi/envsubst + aafEnabled: true + +flavor: small + +################################################################# +# AAF part +################################################################# +certInitializer: + nameOverride: aaf-sms-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: aaf-sms + fqi: aaf-sms@aaf-sms.onap.org + public_fqdn: aaf-sms.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + mountPath: /opt/app/osaaf + keystore: truststoreONAPall.jks + keystore_pass: changeit + root_ca_alias: onaptestca + root_ca_name: aaf_root_ca.cer + permission_user: 1000 + permission_group: 1000 + aaf_add_config: > + cd {{ .Values.mountPath }}/local; + keytool -exportcert -rfc -file {{ .Values.root_ca_name }} -keystore {{ .Values.keystore }} + -alias {{ .Values.root_ca_alias }} -storepass {{ .Values.keystore_pass }}; + chown -R {{.Values.permission_user}}:{{.Values.permission_group}} + {{ .Values.mountPath }}; + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/aaf/sms:4.0.2 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +# Example: +config: + smsdbaddress: "http://aaf-sms-db:8200" + cafile: "/opt/app/osaaf/local/aaf_root_ca.cer" + servercert: "/opt/app/osaaf/local/org.onap.aaf-sms.crt" + serverkey: "/opt/app/osaaf/local/org.onap.aaf-sms.key" + password: "c2VjcmV0bWFuYWdlbWVudHNlcnZpY2VzZWNyZXRwYXNzd29yZA==" + +# subchart configuration +vault: + nameOverride: smsdb + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 30 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 30 + +service: + type: ClusterIP + name: aaf-sms + portName: aaf-sms + internalPort: 10443 + externalPort: 10443 + +persistence: + enabled: true + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 1Gi + mountPath: /dockerdata-nfs + mountSubPath: sms/auth + +ingress: + enabled: false + +secrets: + - uid: aai-creds + type: basicAuth + login: '{{ .Values.oofCreds.aaiUsername }}' + password: '{{ .Values.oofCreds.aaiPassword }}' + passwordPolicy: required + - uid: conductor-creds + type: basicAuth + login: '{{ .Values.oofCreds.conductorUsername }}' + password: '{{ .Values.oofCreds.conductorPassword }}' + passwordPolicy: required + - uid: sdnc-creds + type: basicAuth + login: '{{ .Values.oofCreds.sdncUsername }}' + password: '{{ .Values.oofCreds.sdncPassword }}' + passwordPolicy: required + - uid: music-creds + type: basicAuth + login: '{{ .Values.oofCreds.musicUsername }}' + password: '{{ .Values.oofCreds.musicPassword }}' + passwordPolicy: required + - uid: aaf-creds + type: basicAuth + login: '{{ .Values.oofCreds.aafUsername }}' + password: '{{ .Values.oofCreds.aafPassword }}' + passwordPolicy: required + - uid: policy-plat-creds + type: basicAuth + login: '{{ .Values.oofCreds.policyPlatUsername }}' + password: '{{ .Values.oofCreds.policyPlatPassword }}' + passwordPolicy: required + - uid: policy-cli-creds + type: basicAuth + login: '{{ .Values.oofCreds.policyCliUsername }}' + password: '{{ .Values.oofCreds.policyCliPassword }}' + passwordPolicy: required + - uid: osdf-placement-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfPlacementUsername }}' + password: '{{ .Values.oofCreds.osdfPlacementPassword }}' + passwordPolicy: required + - uid: osdf-placement-so-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfPlacementSOUsername }}' + password: '{{ .Values.oofCreds.osdfPlacementSOPassword }}' + passwordPolicy: required + - uid: osdf-placement-vfc-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfPlacementVFCUsername }}' + password: '{{ .Values.oofCreds.osdfPlacementVFCPassword }}' + passwordPolicy: required + - uid: osdf-cm-scheduler-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfCMSchedulerUsername }}' + password: '{{ .Values.oofCreds.osdfCMSchedulerPassword }}' + passwordPolicy: required + - uid: config-db-creds + type: basicAuth + login: '{{ .Values.oofCreds.configDbUsername }}' + password: '{{ .Values.oofCreds.configDbPassword }}' + passwordPolicy: required + - uid: osdf-pci-opt-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfPCIOptUsername }}' + password: '{{ .Values.oofCreds.osdfPCIOptPassword }}' + passwordPolicy: required + - uid: osdf-opt-engine-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfOptEngineUsername }}' + password: '{{ .Values.oofCreds.osdfOptEnginePassword }}' + passwordPolicy: required + - uid: so-creds + type: basicAuth + login: '{{ .Values.oofCreds.soUsername }}' + password: '{{ .Values.oofCreds.soPassword }}' + passwordPolicy: required + +oofCreds: + aaiUsername: oof@oof.onap.org + aaiPassword: demo123456! + + conductorUsername: admin1 + conductorPassword: plan.15 + + sdncUsername: admin + sdncPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + + musicUsername: conductor + musicPassword: c0nduct0r + + aafUsername: aaf_admin@people.osaaf.org + aafPassword: demo123456! + + policyPlatUsername: healthcheck + policyPlatPassword: zb!XztG34 + + policyCliUsername: healthcheck + policyCliPassword: zb!XztG34 + + osdfPlacementUsername: test + osdfPlacementPassword: testpwd + + osdfPlacementSOUsername: so_test + osdfPlacementSOPassword: so_testpwd + + osdfPlacementVFCUsername: vfc_test + osdfPlacementVFCPassword: vfc_testpwd + + osdfCMSchedulerUsername: test1 + osdfCMSchedulerPassword: testpwd1 + + configDbUsername: osdf + configDbPassword: passwd + + osdfPCIOptUsername: pci_test + osdfPCIOptPassword: pci_testpwd + + osdfOptEngineUsername: opt_test + osdfOptEnginePassword: opt_testpwd + + soUsername: apihBpmn + soPassword: password1$ + +# Configure resource requests and limits +resources: + small: + limits: + cpu: 100m + memory: 400Mi + requests: + cpu: 25m + memory: 10Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 25m + memory: 100Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-sshsm/Chart.yaml b/kubernetes/aaf/components/aaf-sshsm/Chart.yaml new file mode 100644 index 0000000000..d39b561905 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Hardware Security Components +name: aaf-sshsm +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-sshsm/README.md b/kubernetes/aaf/components/aaf-sshsm/README.md new file mode 100644 index 0000000000..a6f2e62cb9 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/README.md @@ -0,0 +1,24 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Helm Chart for ONAP Hardware Security Components + +This includes the following Kubernetes services: + +1. dist-center - A service that is used to create and distribute private keys +2. abrmd - A service that manages access to the TPM device + +# Service Dependencies + +All services depend on AAF \ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml new file mode 100644 index 0000000000..499b82caaf --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Trusted Platform Module Resource Manager +name: aaf-sshsm-abrmd +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml new file mode 100644 index 0000000000..8d1faf7e32 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml @@ -0,0 +1,25 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}} + +apiVersion: v1 +kind: ConfigMap +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} + +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml new file mode 100644 index 0000000000..23fe79d716 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml @@ -0,0 +1,75 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}} + +apiVersion: batch/v1 +kind: Job +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + backoffLimit: 2 + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + restartPolicy: Never + containers: + - name: {{ include "common.name" . }}-job + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/abrmd/bin/initialize_tpm.sh"] + workingDir: /abrmd/bin + securityContext: + privileged: true + env: + - name: TPM_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: ABRMD_DATA + value: /abrmd/data + volumeMounts: + - name: {{ include "common.fullname" . }}-data + mountPath: /abrmd/data + - name: {{ include "common.fullname" . }}-tpm-device + mountPath: /dev/tpm0 + - name: {{ include "common.fullname" . }}-tpmconfig + mountPath: "/abrmd/cred/" + readOnly: true + resources: {{ toYaml .Values.resources | nindent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} + {{- end -}} + {{- if .Values.global.tpm.enabled }} + {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} + {{- end -}} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} + {{- end }} + resources: {{ include "common.resources" . | nindent 10 }} + volumes: + - name: {{ include "common.fullname" . }}-data + persistentVolumeClaim: + claimName: {{ include "common.release" . }}-aaf-sshsm-data + - name: {{ include "common.fullname" . }}-tpm-device + hostPath: + path: /dev/tpm0 + - name: {{ include "common.fullname" . }}-tpmconfig + secret: + secretName: {{ include "common.release" . }}-aaf-sshsm + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" + +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml new file mode 100644 index 0000000000..c624ccfc4d --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml @@ -0,0 +1,89 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}} + +apiVersion: apps/v1 +kind: StatefulSet +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + serviceName: + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-job-complete + command: + - /root/job_complete.py + args: + - -j + - "{{ include "common.fullname" . }}-init" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi + containers: + - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + name: {{ include "common.name" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/abrmd/bin/run_abrmd.sh"] + workingDir: /abrmd/bin + securityContext: + privileged: true + volumeMounts: + - name: {{ include "common.fullname" . }}-dbus + mountPath: /var/run/dbus + - name: {{ include "common.fullname" . }}-tpm-device + mountPath: /dev/tpm0 + - mountPath: /etc/localtime + name: localtime + readOnly: true + resources: {{ include "common.resources" . | nindent 10 }} + nodeSelector: + {{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.global.tpm.enabled }} + {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} + {{- end -}} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-dbus + persistentVolumeClaim: + claimName: {{ include "common.release" . }}-aaf-sshsm-dbus + - name: {{ include "common.fullname" . }}-tpm-device + hostPath: + path: /dev/tpm0 + +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml new file mode 100644 index 0000000000..2a733632bf --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml @@ -0,0 +1,60 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/aaf/abrmd:4.0.0 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +# Example: +# default number of instances +replicaCount: 1 + +# TPM specific node selection is done at parent chart aaf-sshsm +nodeSelector: {} + +affinity: {} + +ingress: + enabled: false + +# Configure resource requests and limits +flavor: small +resources: + small: + limits: + cpu: 20m + memory: 50Mi + requests: + cpu: 10m + memory: 10Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 10m + memory: 100Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml new file mode 100644 index 0000000000..22ba3da019 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Trusted Platform Module Distribution Center +name: aaf-sshsm-distcenter +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml new file mode 100644 index 0000000000..99176fcdf6 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml @@ -0,0 +1,25 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.distcenter.enabled -}} + +apiVersion: v1 +kind: ConfigMap +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} + +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml new file mode 100644 index 0000000000..fb48c7df4a --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml @@ -0,0 +1,106 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.distcenter.enabled -}} + +apiVersion: batch/v1 +kind: Job +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: {{ .Values.replicaCount }} + serviceName: + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + restartPolicy: Never + initContainers: +{{- if .Values.global.tpm.enabled }} + - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + command: + - /root/job_complete.py + args: + - -j + - "{{ include "common.release" . }}-aaf-sshsm-abrmd-init" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi +{{ else }} + - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-gen-passphrase + command: ["sh", "-c", "/usr/bin/openssl rand -base64 12 >/distcenter/data/passphrase"] + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: {{ include "common.fullname" . }}-data + mountPath: /distcenter/data + resources: + limits: + cpu: 1 + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi +{{- end }} + containers: + - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + name: {{ include "common.name" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/entrypoint.sh"] + workingDir: /distcenter + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: {{ include "common.fullname" . }}-data + mountPath: /distcenter/data + resources: {{ include "common.resources" . | nindent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-data + persistentVolumeClaim: + claimName: {{ include "common.release" . }}-aaf-sshsm + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" + +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml new file mode 100644 index 0000000000..bf0ef74be2 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml @@ -0,0 +1,19 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.distcenter.enabled -}} +{{ include "common.PV" . }} +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml new file mode 100644 index 0000000000..a13b7f353b --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml @@ -0,0 +1,19 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.distcenter.enabled -}} +{{ include "common.PVC" . }} +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml new file mode 100644 index 0000000000..94791be713 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml @@ -0,0 +1,69 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/aaf/distcenter:4.0.0 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +# Example: +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +persistence: + enabled: true + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 10Mi + mountPath: /dockerdata-nfs + mountSubPath: sshsm/distcenter/data + +ingress: + enabled: false + +# Configure resource requests and limits +flavor: small +resources: + small: + limits: + cpu: 20m + memory: 50Mi + requests: + cpu: 10m + memory: 10Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 10m + memory: 100Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml new file mode 100644 index 0000000000..b64e0c331a --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Trusted Platform Module Test CA Service +name: aaf-sshsm-testca +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml new file mode 100644 index 0000000000..a64f483d74 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml @@ -0,0 +1,131 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.testca.enabled -}} + +apiVersion: batch/v1 +kind: Job +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + restartPolicy: Never + initContainers: + - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-distcenter-ready + command: + - /root/job_complete.py + args: + - -j + - "{{ include "common.release" . }}-aaf-sshsm-distcenter" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi +{{- if .Values.global.tpm.enabled }} + - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-abrmd-ready + command: ["sh", "/sshsm/bin/abrmd_ready.sh", "300"] + workingDir: /testca/bin + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + volumeMounts: + - name: {{ include "common.fullname" . }}-dbus + mountPath: /var/run/dbus + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi +{{- end }} + containers: + - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + name: {{ include "common.name" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["./import.sh"] + workingDir: /testca/bin + env: +{{- if .Values.global.tpm.enabled }} + - name: TPM_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: DATA_FOLDER + value: /testca/data/host_$(TPM_NODE_NAME) +{{ else }} + - name: DATA_FOLDER + value: /testca/data +{{- end }} + - name: SECRETS_FOLDER + value: /testca/secrets + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: {{ include "common.fullname" . }}-data + mountPath: /testca/data + - name: {{ include "common.fullname" . }}-dbus + mountPath: /var/run/dbus + - name: {{ include "common.fullname" . }}-secrets + mountPath: /testca/secrets + readOnly: true + resources: {{ include "common.resources" . | nindent 10 }} + nodeSelector: + {{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.global.tpm.enabled }} + {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} + {{- end -}} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-data + persistentVolumeClaim: + claimName: {{ include "common.release" . }}-aaf-sshsm + - name: {{ include "common.fullname" . }}-dbus + persistentVolumeClaim: + claimName: {{ include "common.release" . }}-aaf-sshsm-dbus + - name: {{ include "common.fullname" . }}-secrets + secret: + secretName: {{ include "common.release" . }}-aaf-sshsm + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" + +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml new file mode 100644 index 0000000000..dd04c93bd7 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml @@ -0,0 +1,61 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# + +enabled: true + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/aaf/testcaservice:4.0.0 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +# Example: +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +ingress: + enabled: false + +# Configure resource requests and limits +flavor: small +resources: + small: + limits: + cpu: 50m + memory: 100Mi + requests: + cpu: 10m + memory: 10Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 10m + memory: 100Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-sshsm/requirements.yaml b/kubernetes/aaf/components/aaf-sshsm/requirements.yaml new file mode 100644 index 0000000000..0704a2c9df --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/components/aaf-sshsm/resources/config/prk_passwd b/kubernetes/aaf/components/aaf-sshsm/resources/config/prk_passwd new file mode 100644 index 0000000000..640b325898 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/resources/config/prk_passwd @@ -0,0 +1 @@ +cHJpbWFyeXBhc3N3b3JkCg== diff --git a/kubernetes/aaf/components/aaf-sshsm/resources/config/srk_handle b/kubernetes/aaf/components/aaf-sshsm/resources/config/srk_handle new file mode 100644 index 0000000000..b8b9d8ddb0 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/resources/config/srk_handle @@ -0,0 +1 @@ +MHg4MTAwMDAyMwo= diff --git a/kubernetes/aaf/components/aaf-sshsm/templates/pv-data.yaml b/kubernetes/aaf/components/aaf-sshsm/templates/pv-data.yaml new file mode 100644 index 0000000000..b566b11458 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/templates/pv-data.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.PV" (dict "dot" . "persistenceInfos" .Values.persistence.data) }} diff --git a/kubernetes/aaf/components/aaf-sshsm/templates/pv-dbus.yaml b/kubernetes/aaf/components/aaf-sshsm/templates/pv-dbus.yaml new file mode 100644 index 0000000000..b3e7f9fabd --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/templates/pv-dbus.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.PV" (dict "dot" . "suffix" "dbus" "persistenceInfos" .Values.persistence.dbus) }} diff --git a/kubernetes/aaf/components/aaf-sshsm/templates/pvc-data.yaml b/kubernetes/aaf/components/aaf-sshsm/templates/pvc-data.yaml new file mode 100644 index 0000000000..b8971cc03c --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/templates/pvc-data.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.PVC" (dict "dot" . "persistenceInfos" .Values.persistence.data) }} diff --git a/kubernetes/aaf/components/aaf-sshsm/templates/pvc-dbus.yaml b/kubernetes/aaf/components/aaf-sshsm/templates/pvc-dbus.yaml new file mode 100644 index 0000000000..7297d6f81d --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/templates/pvc-dbus.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.PVC" (dict "dot" . "suffix" "dbus" "persistenceInfos" .Values.persistence.dbus) }} diff --git a/kubernetes/aaf/components/aaf-sshsm/templates/secret.yaml b/kubernetes/aaf/components/aaf-sshsm/templates/secret.yaml new file mode 100644 index 0000000000..50b6f36cd3 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/templates/secret.yaml @@ -0,0 +1,22 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ (.Files.Glob "resources/config/*").AsSecrets | indent 2 }} \ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-sshsm/values.yaml b/kubernetes/aaf/components/aaf-sshsm/values.yaml new file mode 100644 index 0000000000..30fb0d2f2f --- /dev/null +++ b/kubernetes/aaf/components/aaf-sshsm/values.yaml @@ -0,0 +1,84 @@ +# Copyright 2018 Intel Corporation, Inc +# Modifications © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + tpm: + enabled: false + # if enabled, nodeselector will use the below + # values in the nodeselector section of the pod + nodeLabel: "tpm-node" + nodeLabelValue: "true" + abrmd: + enabled: true + distcenter: + enabled: true + testca: + enabled: true + persistence: {} + +persistence: + enabled: true + data: + enabled: true + size: 10Mi + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + mountSubPath: sshsm/data + dbus: + enabled: true + size: 10Mi + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + mountSubPath: sshsm/dbus + + + +# Configure resource requests and limits +resources: + small: + limits: + cpu: 20m + memory: 50Mi + requests: + cpu: 10m + memory: 10Mi + large: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 10m + memory: 100Mi + unlimited: {} diff --git a/kubernetes/aaf/components/aaf-templates/Chart.yaml b/kubernetes/aaf/components/aaf-templates/Chart.yaml new file mode 100644 index 0000000000..c8739e0105 --- /dev/null +++ b/kubernetes/aaf/components/aaf-templates/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2020 Orange +# Modifications Copyright © 2018 AT&T, Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Application Authorization Framework Templates +name: aaf-templates +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-templates/requirements.yaml b/kubernetes/aaf/components/aaf-templates/requirements.yaml new file mode 100644 index 0000000000..6afaa06e8a --- /dev/null +++ b/kubernetes/aaf/components/aaf-templates/requirements.yaml @@ -0,0 +1,18 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl b/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl new file mode 100644 index 0000000000..bf6931a8e3 --- /dev/null +++ b/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl @@ -0,0 +1,67 @@ +{*/ +# Copyright © 2020 AT&T, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/} + +{{- define "aaf.deployment" -}} +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: {{ include "aaf.initContainers" . | nindent 6 }} + containers: + - name: {{ include "common.name" . }} + workingDir: /opt/app/aaf + command: ["bin/{{ .Values.binary }}"] + image: {{ include "common.repository" . }}/{{.Values.global.aaf.image}} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{ include "common.containerPorts" . | nindent 10 }} + volumeMounts: + - mountPath: "/opt/app/osaaf" + name: aaf-config-vol + - mountPath: /etc/localtime + name: localtime + readOnly: true + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{.Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: aaf-config-vol + emptyDir: {} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{- end -}} diff --git a/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl b/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl new file mode 100644 index 0000000000..43c511fd6d --- /dev/null +++ b/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl @@ -0,0 +1,122 @@ +{*/ +# Copyright © 2020 AT&T, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/} + +{{- define "aaf.permissionFixer" -}} +- name: fix-permission + command: + - /bin/sh + args: + - -c + - | + chown -R 1000:1000 /opt/app/aaf + chown -R 1000:1000 /opt/app/osaaf + image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /opt/app/osaaf + name: aaf-config-vol + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi +{{- end -}} + +{{- define "aaf.podConfiguration" }} +- name: {{ include "common.name" . }}-config-container + image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/bash + args: + - -c + - | + cd /opt/app/aaf_config + bin/agent.sh + volumeMounts: + - mountPath: "/opt/app/osaaf" + name: aaf-config-vol + env: + - name: aaf_env + value: "{{ .Values.global.aaf.aaf_env }}" + - name: cadi_latitude + value: "{{ .Values.global.aaf.cadi_latitude }}" + - name: cadi_longitude + value: "{{ .Values.global.aaf.cadi_longitude }}" + - name: cadi_x509_issuers + value: "{{ .Values.global.aaf.cadi_x509_issuers }}" + - name: aaf_locate_url + value: "https://aaf-locate.{{ .Release.Namespace}}:8095" + - name: aaf_locator_container + value: "oom" + - name: aaf_release + value: "{{ .Values.global.aaf.aaf_release }}" + - name: aaf_locator_container_ns + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: aaf_locator_public_fqdn + value: "{{.Values.global.aaf.public_fqdn}}" + - name: aaf_locator_name + value: "{{.Values.global.aaf.aaf_locator_name}}" + - name: aaf_locator_name_oom + value: "{{.Values.global.aaf.aaf_locator_name_oom}}" + - name: cm_always_ignore_ips + value: "true" + - name: CASSANDRA_CLUSTER + value: "aaf-cass.{{ .Release.Namespace }}" + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi +{{- end -}} + +{{- define "aaf.initContainers" -}} +initContainers: +{{ include "aaf.permissionFixer" . }} +{{- if .Values.sequence_order }} +- name: {{ include "common.name" . }}-aaf-readiness + command: + - /root/ready.py + args: + {{- range $container := .Values.sequence_order }} + - --container-name + - aaf-{{ $container}} + {{- end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi +{{- end }} +{{ include "aaf.podConfiguration" . }} +{{- end }} diff --git a/kubernetes/aaf/components/aaf-templates/values.yaml b/kubernetes/aaf/components/aaf-templates/values.yaml new file mode 100644 index 0000000000..73efdc6132 --- /dev/null +++ b/kubernetes/aaf/components/aaf-templates/values.yaml @@ -0,0 +1,13 @@ +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. diff --git a/kubernetes/aaf/requirements.yaml b/kubernetes/aaf/requirements.yaml index 6a61926e9e..ccbe14c7a3 100644 --- a/kubernetes/aaf/requirements.yaml +++ b/kubernetes/aaf/requirements.yaml @@ -1,4 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +15,36 @@ # limitations under the License. dependencies: - - name: common + - name: aaf-cass version: ~6.x-0 - repository: '@local' \ No newline at end of file + repository: 'file://components/aaf-cass' + - name: aaf-cert-service + version: ~6.x-0 + repository: 'file://components/aaf-cert-service' + - name: aaf-cm + version: ~6.x-0 + repository: 'file://components/aaf-cm' + - name: aaf-fs + version: ~6.x-0 + repository: 'file://components/aaf-fs' + - name: aaf-gui + version: ~6.x-0 + repository: 'file://components/aaf-gui' + - name: aaf-hello + version: ~6.x-0 + repository: 'file://components/aaf-hello' + - name: aaf-locate + version: ~6.x-0 + repository: 'file://components/aaf-locate' + - name: aaf-oauth + version: ~6.x-0 + repository: 'file://components/aaf-oauth' + - name: aaf-service + version: ~6.x-0 + repository: 'file://components/aaf-service' + - name: aaf-sms + version: ~6.x-0 + repository: 'file://components/aaf-sms' + - name: aaf-sshsm + version: ~6.x-0 + repository: 'file://components/aaf-sshsm' diff --git a/kubernetes/aaf/templates/_deployment.tpl b/kubernetes/aaf/templates/_deployment.tpl deleted file mode 100644 index bf6931a8e3..0000000000 --- a/kubernetes/aaf/templates/_deployment.tpl +++ /dev/null @@ -1,67 +0,0 @@ -{*/ -# Copyright © 2020 AT&T, Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/} - -{{- define "aaf.deployment" -}} -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: {{ include "aaf.initContainers" . | nindent 6 }} - containers: - - name: {{ include "common.name" . }} - workingDir: /opt/app/aaf - command: ["bin/{{ .Values.binary }}"] - image: {{ include "common.repository" . }}/{{.Values.global.aaf.image}} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: {{ include "common.containerPorts" . | nindent 10 }} - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: aaf-config-vol - - mountPath: /etc/localtime - name: localtime - readOnly: true - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{.Values.liveness.port }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.readiness.port }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: {{ toYaml .Values.affinity | nindent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: aaf-config-vol - emptyDir: {} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" -{{- end -}} diff --git a/kubernetes/aaf/templates/_initContainers.tpl b/kubernetes/aaf/templates/_initContainers.tpl deleted file mode 100644 index 43c511fd6d..0000000000 --- a/kubernetes/aaf/templates/_initContainers.tpl +++ /dev/null @@ -1,122 +0,0 @@ -{*/ -# Copyright © 2020 AT&T, Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/} - -{{- define "aaf.permissionFixer" -}} -- name: fix-permission - command: - - /bin/sh - args: - - -c - - | - chown -R 1000:1000 /opt/app/aaf - chown -R 1000:1000 /opt/app/osaaf - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /opt/app/osaaf - name: aaf-config-vol - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 3m - memory: 20Mi -{{- end -}} - -{{- define "aaf.podConfiguration" }} -- name: {{ include "common.name" . }}-config-container - image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /bin/bash - args: - - -c - - | - cd /opt/app/aaf_config - bin/agent.sh - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: aaf-config-vol - env: - - name: aaf_env - value: "{{ .Values.global.aaf.aaf_env }}" - - name: cadi_latitude - value: "{{ .Values.global.aaf.cadi_latitude }}" - - name: cadi_longitude - value: "{{ .Values.global.aaf.cadi_longitude }}" - - name: cadi_x509_issuers - value: "{{ .Values.global.aaf.cadi_x509_issuers }}" - - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace}}:8095" - - name: aaf_locator_container - value: "oom" - - name: aaf_release - value: "{{ .Values.global.aaf.aaf_release }}" - - name: aaf_locator_container_ns - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: aaf_locator_public_fqdn - value: "{{.Values.global.aaf.public_fqdn}}" - - name: aaf_locator_name - value: "{{.Values.global.aaf.aaf_locator_name}}" - - name: aaf_locator_name_oom - value: "{{.Values.global.aaf.aaf_locator_name_oom}}" - - name: cm_always_ignore_ips - value: "true" - - name: CASSANDRA_CLUSTER - value: "aaf-cass.{{ .Release.Namespace }}" - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 3m - memory: 20Mi -{{- end -}} - -{{- define "aaf.initContainers" -}} -initContainers: -{{ include "aaf.permissionFixer" . }} -{{- if .Values.sequence_order }} -- name: {{ include "common.name" . }}-aaf-readiness - command: - - /root/ready.py - args: - {{- range $container := .Values.sequence_order }} - - --container-name - - aaf-{{ $container}} - {{- end }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 3m - memory: 20Mi -{{- end }} -{{ include "aaf.podConfiguration" . }} -{{- end }} -- cgit 1.2.3-korg