From: Sylvain Desbureaux Date: Wed, 16 Sep 2020 08:11:35 +0000 (+0000) Subject: Merge "[CONTRIB] Adjust EJBCA to issue certificates usable by servers." X-Git-Tag: 7.0.0~241 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=12020df05c2aabf7fd86c8393a2aba549584de1b;hp=ed6e62100249bf099ec8b90a8ad147532b40372b;p=oom.git Merge "[CONTRIB] Adjust EJBCA to issue certificates usable by servers." --- diff --git a/kubernetes/aai b/kubernetes/aai index 1990a02ce9..48ae4e9d7a 160000 --- a/kubernetes/aai +++ b/kubernetes/aai @@ -1 +1 @@ -Subproject commit 1990a02ce9295df7c94009401c24fa226a10f8e8 +Subproject commit 48ae4e9d7a9ef5f9e73f6a3c90fd808f086089f5 diff --git a/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml b/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml index f9c3377dd8..80c8fca37e 100755 --- a/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml +++ b/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml @@ -51,9 +51,9 @@ spec: - name: AUTH_TYPE value: {{ .Values.config.authType }} - name: API_USERNAME - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "login") | nindent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-credentials" "key" "login") | nindent 12 }} - name: API_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "password") | nindent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-credentials" "key" "password") | nindent 12 }} - name: LOG_FILE value: {{ .Values.config.logFile }} - name: ARTIFACT_MANAGER_PORT diff --git a/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh b/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh index 6c69694011..71f32e2eff 100755 --- a/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh +++ b/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh @@ -18,6 +18,11 @@ for arg; do esac done +prepare_password() +{ + echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g" +} + # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of @@ -36,7 +41,7 @@ file_env() { elif [ "${!fileVar:-}" ]; then val="$(< "${!fileVar}")" fi - val=`echo -n $val | sed -e "s/'/''/g"` + val=`prepare_password $val` export "$var"="$val" unset "$fileVar" } diff --git a/kubernetes/common/cassandra/templates/pv.yaml b/kubernetes/common/cassandra/templates/pv.yaml index 76a224ab5f..a0d998cd07 100644 --- a/kubernetes/common/cassandra/templates/pv.yaml +++ b/kubernetes/common/cassandra/templates/pv.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.replicaPV" . }} diff --git a/kubernetes/common/cassandra/templates/service.yaml b/kubernetes/common/cassandra/templates/service.yaml index 0b91076f82..8934d41c33 100644 --- a/kubernetes/common/cassandra/templates/service.yaml +++ b/kubernetes/common/cassandra/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, AT&T, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.headlessService" . }} diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml index 96139ce988..2bcafd9ade 100644 --- a/kubernetes/common/cassandra/templates/statefulset.yaml +++ b/kubernetes/common/cassandra/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, AT&T, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml index c453f11c85..6734e0be81 100644 --- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml +++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml @@ -144,7 +144,7 @@ {{- define "common.certInitializer._volumeMount" -}} {{- $dot := default . .dot -}} {{- $initRoot := default $dot.Values.certInitializer .initRoot -}} -- mountPath: {{ $initRoot.mountPath }} +- mountPath: {{ $initRoot.appMountPath }} name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }} {{- end -}} diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml index 271e410069..642fe7799b 100644 --- a/kubernetes/common/certInitializer/values.yaml +++ b/kubernetes/common/certInitializer/values.yaml @@ -51,6 +51,7 @@ cadi_latitude: "38.0" cadi_longitude: "-72.0" aaf_add_config: "" mountPath: "/opt/app/osaaf" +appMountPath: "/opt/app/osaaf" importCustomCertsEnabled: false truststoreMountpath: "" truststoreOutputFileName: truststore.jks diff --git a/kubernetes/common/common/templates/_aafconfig.tpl b/kubernetes/common/common/templates/_aafconfig.tpl index afc402f648..b1021ab9d7 100644 --- a/kubernetes/common/common/templates/_aafconfig.tpl +++ b/kubernetes/common/common/templates/_aafconfig.tpl @@ -117,9 +117,9 @@ - name: aaf_locator_app_ns value: "{{ $aafRoot.app_ns }}" - name: DEPLOY_FQI - {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "login") | indent 6 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "login") | indent 6 }} - name: DEPLOY_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "password") | indent 6 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "password") | indent 6 }} #Note: want to put this on Nodes, eventually - name: cadi_longitude value: "{{ default "52.3" $aafRoot.cadi_longitude }}" diff --git a/kubernetes/common/common/templates/_createPassword.tpl b/kubernetes/common/common/templates/_createPassword.tpl index bfa96daf64..bfd0999e16 100644 --- a/kubernetes/common/common/templates/_createPassword.tpl +++ b/kubernetes/common/common/templates/_createPassword.tpl @@ -32,6 +32,9 @@ {{ else if eq "testRelease" (include "common.release" .) }} {{/* Special case for chart liniting. DON"T NAME YOUR PRODUCTION RELEASE testRelease */}} {{- printf "testRelease" -}} + {{ else if eq "test-release" .Release.Name }} + {{/* Special case for chart linting in helm3. DON"T NAME YOUR PRODUCTION RELEASE test-release */}} + {{- printf "testRelease" -}} {{ else }} {{ fail "masterPassword not provided" }} {{ end }} diff --git a/kubernetes/common/dgbuilder/templates/ingress.yaml b/kubernetes/common/dgbuilder/templates/ingress.yaml index 0cd8cfbd36..4392308e38 100644 --- a/kubernetes/common/dgbuilder/templates/ingress.yaml +++ b/kubernetes/common/dgbuilder/templates/ingress.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,5 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +*/}} {{ include "common.ingress" . }} diff --git a/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml index 9e826ae311..583c2d7429 100644 --- a/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml +++ b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.enabled }} {{- range $kind, $enabled := .Values.hooks }} {{- if $enabled }} diff --git a/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml b/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml index dc2a430922..2af57aae77 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.enabled }} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml index ea769d1291..b9e2c05d1a 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.enabled }} {{ $role := "curator" -}} {{ $suffix := $role -}} diff --git a/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml b/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml index 6fe032d818..628cdd1d73 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if and .Values.enabled .Values.psp.create }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy diff --git a/kubernetes/common/elasticsearch/components/curator/templates/role.yaml b/kubernetes/common/elasticsearch/components/curator/templates/role.yaml index 0d189f448b..f124a44c85 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/role.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/role.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if and .Values.enabled .Values.rbac.enabled }} kind: Role apiVersion: rbac.authorization.k8s.io/v1 diff --git a/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml b/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml index b112468dc3..f10b14231f 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if and .Values.enabled .Values.rbac.enabled }} kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml index 0bd4ae0999..a1732cfedc 100644 --- a/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml +++ b/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if and .Values.enabled .Values.serviceAccount.create .Values.rbac.enabled }} apiVersion: v1 kind: ServiceAccount diff --git a/kubernetes/common/elasticsearch/components/data/templates/pv.yaml b/kubernetes/common/elasticsearch/components/data/templates/pv.yaml index c713ec81ac..133984c800 100644 --- a/kubernetes/common/elasticsearch/components/data/templates/pv.yaml +++ b/kubernetes/common/elasticsearch/components/data/templates/pv.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}} diff --git a/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml index 2ac3880886..4a8ef08946 100644 --- a/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml +++ b/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount diff --git a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml index aeb14a1b61..98d533d4e2 100644 --- a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml +++ b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet {{ $role := "data" -}} diff --git a/kubernetes/common/elasticsearch/components/master/templates/pv.yaml b/kubernetes/common/elasticsearch/components/master/templates/pv.yaml index c713ec81ac..133984c800 100644 --- a/kubernetes/common/elasticsearch/components/master/templates/pv.yaml +++ b/kubernetes/common/elasticsearch/components/master/templates/pv.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}} diff --git a/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml index 05a3af37f2..323b9fc318 100644 --- a/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml +++ b/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.serviceAccount.create }} diff --git a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml index 626747f075..6744f75f26 100644 --- a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml +++ b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet diff --git a/kubernetes/common/elasticsearch/components/master/templates/svc.yaml b/kubernetes/common/elasticsearch/components/master/templates/svc.yaml index 8d66ef082e..ca94e242a4 100644 --- a/kubernetes/common/elasticsearch/components/master/templates/svc.yaml +++ b/kubernetes/common/elasticsearch/components/master/templates/svc.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,9 +12,10 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ $role := "master" -}} {{ $labels := (dict "role" $role) -}} {{ $matchLabels := (dict "role" $role) }} -{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }} \ No newline at end of file +{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }} diff --git a/kubernetes/common/elasticsearch/templates/_helpers.tpl b/kubernetes/common/elasticsearch/templates/_helpers.tpl index fdbe82f855..6e745bd560 100644 --- a/kubernetes/common/elasticsearch/templates/_helpers.tpl +++ b/kubernetes/common/elasticsearch/templates/_helpers.tpl @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. diff --git a/kubernetes/common/elasticsearch/templates/configmap-es.yaml b/kubernetes/common/elasticsearch/templates/configmap-es.yaml index 38234da0cf..7138e4e094 100644 --- a/kubernetes/common/elasticsearch/templates/configmap-es.yaml +++ b/kubernetes/common/elasticsearch/templates/configmap-es.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.config }} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml index 8ec38626e6..cf9ef73e52 100644 --- a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml +++ b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment {{ $role := "coordinating-only" -}} diff --git a/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml b/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml index 610c7d68c1..d7fd447846 100644 --- a/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml +++ b/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ $role := "coordinating-only" -}} {{ $labels := (dict "role" $role) -}} diff --git a/kubernetes/common/elasticsearch/templates/discovery-svc.yaml b/kubernetes/common/elasticsearch/templates/discovery-svc.yaml index fa79c29eca..9750be7b80 100644 --- a/kubernetes/common/elasticsearch/templates/discovery-svc.yaml +++ b/kubernetes/common/elasticsearch/templates/discovery-svc.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- $matchLabels := (dict "discovery" (include "elasticsearch.clustername" .) "nameNoMatch" "useDiscoveryService") }} {{ include "common.headlessService" (dict "matchLabels" $matchLabels "dot" .) }} diff --git a/kubernetes/common/elasticsearch/templates/secrets.yaml b/kubernetes/common/elasticsearch/templates/secrets.yaml index 359e8975e1..b8cd0686c4 100644 --- a/kubernetes/common/elasticsearch/templates/secrets.yaml +++ b/kubernetes/common/elasticsearch/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada # Copyright © 2019 Samsung Electronics # @@ -12,4 +13,5 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/common/elasticsearch/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/templates/serviceaccount.yaml index 49ad504da6..a9b54882f1 100644 --- a/kubernetes/common/elasticsearch/templates/serviceaccount.yaml +++ b/kubernetes/common/elasticsearch/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount diff --git a/kubernetes/common/etcd/templates/pv.yaml b/kubernetes/common/etcd/templates/pv.yaml index ed1344d4c1..ac5b7b975d 100644 --- a/kubernetes/common/etcd/templates/pv.yaml +++ b/kubernetes/common/etcd/templates/pv.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- $global := . }} {{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} diff --git a/kubernetes/common/etcd/templates/service.yaml b/kubernetes/common/etcd/templates/service.yaml index 4268dd6d2c..04fc93af00 100644 --- a/kubernetes/common/etcd/templates/service.yaml +++ b/kubernetes/common/etcd/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright 2019 Intel Corporation Inc # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml index fcab51cb59..c45648f757 100644 --- a/kubernetes/common/etcd/templates/statefulset.yaml +++ b/kubernetes/common/etcd/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Intel Corporation Inc # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: StatefulSet metadata: diff --git a/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh index 42c5c89726..678761736a 100755 --- a/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh +++ b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh @@ -32,8 +32,9 @@ if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql fi -function prepare_password { - echo -n $1 | sed -e "s/'/''/g" +prepare_password() +{ + echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g" } mysql_root_password=`prepare_password $MYSQL_ROOT_PASSWORD` diff --git a/kubernetes/common/mariadb-init/templates/_mariadb.tpl b/kubernetes/common/mariadb-init/templates/_mariadb.tpl index af9a4f5f02..5563fe714d 100644 --- a/kubernetes/common/mariadb-init/templates/_mariadb.tpl +++ b/kubernetes/common/mariadb-init/templates/_mariadb.tpl @@ -1,5 +1,6 @@ {{/* # Copyright © 2019 Orange +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,3 +21,15 @@ {{- define "mariadbInit.mariadbClusterSecret" -}} {{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride)) -}} {{- end -}} + +{{- define "mariadbInit._updateSecrets" -}} + {{- if not .Values.secretsUpdated }} + {{- $global := . }} + {{- range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }} + {{- $item := dict "uid" $db "type" "basicAuth" "externalSecret" (default "" $dbInfos.externalSecret) "login" (default "" $dbInfos.user) "password" (default "" $dbInfos.password) "passwordPolicy" "required" }} + {{- $newList := append $global.Values.secrets $item }} + {{- $_ := set $global.Values "secrets" $newList }} + {{- end -}} + {{ $_ := set $global.Values "secretsUpdated" true }} + {{- end -}} +{{- end -}} diff --git a/kubernetes/common/mariadb-init/templates/configmap.yaml b/kubernetes/common/mariadb-init/templates/configmap.yaml index 0144ec1907..d021d60b8d 100644 --- a/kubernetes/common/mariadb-init/templates/configmap.yaml +++ b/kubernetes/common/mariadb-init/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Orange # Modifications Copyright © 2018 AT&T # @@ -12,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml index 3149f94611..cccb118787 100644 --- a/kubernetes/common/mariadb-init/templates/job.yaml +++ b/kubernetes/common/mariadb-init/templates/job.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Orange # Copyright © 2020 Samsung Electronics # @@ -12,6 +13,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} + +{{ include "mariadbInit._updateSecrets" . -}} apiVersion: batch/v1 kind: Job @@ -38,7 +42,7 @@ spec: - /app/ready.py args: - --container-name - - {{ .Values.global.mariadbGalera.nameOverride }} + - {{ default .Values.global.mariadbGalera.nameOverride .Values.mariadbGalera.containerName }} env: - name: NAMESPACE valueFrom: @@ -56,21 +60,21 @@ spec: - /db_init/db_init.sh env: - name: DB_HOST - value: "{{ .Values.global.mariadbGalera.nameOverride }}" + value: "{{ default .Values.global.mariadbGalera.nameOverride .Values.mariadbGalera.serviceName }}" - name: DB_PORT - value: "{{ .Values.global.mariadbGalera.servicePort }}" + value: "{{ default .Values.global.mariadbGalera.servicePort .Values.mariadbGalera.servicePort }}" - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }} - name: {{ printf "MYSQL_USER_%s" .Values.config.mysqlDatabase | upper }} - {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "login") | indent 10 }} - name: {{ printf "MYSQL_PASSWORD_%s" .Values.config.mysqlDatabase | upper }} - {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "password") | indent 10 }} {{- $root := . }} {{ range $db, $_values := .Values.config.mysqlAdditionalDatabases }} - name: {{ printf "MYSQL_USER_%s" $db | upper }} - {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "login") | indent 10 }} - name: {{ printf "MYSQL_PASSWORD_%s" $db | upper }} - {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "password") | indent 10 }} {{ end }} volumeMounts: - mountPath: /etc/localtime diff --git a/kubernetes/common/mariadb-init/templates/secret.yaml b/kubernetes/common/mariadb-init/templates/secret.yaml index 71a89d019b..a9d9e0b704 100644 --- a/kubernetes/common/mariadb-init/templates/secret.yaml +++ b/kubernetes/common/mariadb-init/templates/secret.yaml @@ -1,4 +1,6 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada, Orange +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,27 +13,8 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -{{- define "mariadb-init._update-secrets" -}} - {{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }} -{{ printf "- uid: %s" $db }} -{{ printf " type: basicAuth" }} - {{- if $dbInfos.externalSecret }} -{{ printf " externalSecret: %s" $dbInfos.externalSecret }} - {{- end }} -{{ printf " login: %s" $dbInfos.user }} -{{ printf " password: %s" $dbInfos.password }} -{{ printf " passwordPolicy: required" }} - {{- end -}} -{{- end -}} +{{ include "mariadbInit._updateSecrets" . -}} -{{ $global := . }} -{{ $secretsString := .Values.secrets | toYaml | indent 2 }} -{{ $additionalSecretsString := (include "mariadb-init._update-secrets" .) | indent 2 }} -{{ $finalSecretsString := (cat "\nsecrets:\n" $secretsString $additionalSecretsString) | replace " -" " -" }} -{{ $finalSecrets := ($finalSecretsString | fromYaml).secrets }} - -{{ $newValues := set $global.Values "secrets" $finalSecrets }} -{{ $tmpGlobal := set $global "Values" $newValues }} - -{{ include "common.secret" $tmpGlobal }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/common/mariadb-init/values.yaml b/kubernetes/common/mariadb-init/values.yaml index 0f6d4f8a1e..dd5d208190 100644 --- a/kubernetes/common/mariadb-init/values.yaml +++ b/kubernetes/common/mariadb-init/values.yaml @@ -32,8 +32,8 @@ global: secrets: - uid: root-password type: password - externalSecret: '{{ tpl (default (include "mariadbInit.mariadbClusterSecret" .) .Values.global.mariadbGalera.userRootSecret) . }}' - password: '{{ tpl (default "" .global.mariadbGalera.userRootPassword) . }}' + externalSecret: '{{ tpl (ternary (default "" .Values.mariadbGalera.userRootSecret) (default (include "mariadbInit.mariadbClusterSecret" .) .Values.global.mariadbGalera.userRootSecret) (not (empty (default "" .Values.mariadbGalera.serviceName)))) . }}' + password: '{{ tpl (ternary (default "" .Values.mariadbGalera.userRootPassword) (default "" .Values.global.mariadbGalera.userRootPassword) (not (empty (default "" .Values.mariadbGalera.serviceName)))) . }}' - uid: '{{ .Values.config.mysqlDatabase }}' type: basicAuth externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}' @@ -51,6 +51,15 @@ pullPolicy: IfNotPresent # Set it if you want to change the name of the different components # nameOverride: +mariadbGalera: {} +# serviceName: some-name +# containerName: some-name +# servicePort: 3306 +# userRootPassword: some-password +# userRootSecret: some-secret-name +# userRootSecretKey: password + + config: userPassword: Ci@shsOd3pky1Vji userName: u5WZ1GMSIS1wHZF diff --git a/kubernetes/common/mongo/templates/statefulset.yaml b/kubernetes/common/mongo/templates/statefulset.yaml index 111bc80586..abc71b3133 100644 --- a/kubernetes/common/mongo/templates/statefulset.yaml +++ b/kubernetes/common/mongo/templates/statefulset.yaml @@ -36,10 +36,15 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: +{{ include "common.podSecurityContext" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ .Values.dockerHubRepository }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - docker-entrypoint.sh + args: + - --nounixsocket env: - name: MONGO_INITDB_DATABASE value: "{{ .Values.config.dbName }}" @@ -68,6 +73,7 @@ spec: mountPath: /var/lib/mongo resources: {{ include "common.resources" . | indent 12 }} +{{ include "common.containerSecurityContext" . | indent 10 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} diff --git a/kubernetes/common/mongo/values.yaml b/kubernetes/common/mongo/values.yaml index d272f706ea..d8988c3ae7 100644 --- a/kubernetes/common/mongo/values.yaml +++ b/kubernetes/common/mongo/values.yaml @@ -83,6 +83,10 @@ service: rpcbindPort: 111 rpcbindUdpPort: 111 +securityContext: + user_id: 999 + group_id: 999 + ingress: enabled: false diff --git a/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml b/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml index fbdac61a9e..5ae944a568 100644 --- a/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml +++ b/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml @@ -26,17 +26,6 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - {{ .Chart.Name }} - topologyKey: kubernetes.io/hostname serviceName: {{ include "common.servicename" . }} replicas: {{ .Values.replicaCount }} selector: @@ -133,5 +122,3 @@ spec: requests: storage: {{ .Values.persistence.size | quote }} {{- end }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/common/music/charts/music/templates/configmap.yaml b/kubernetes/common/music/charts/music/templates/configmap.yaml index 4023f343df..d42cf2e7e0 100644 --- a/kubernetes/common/music/charts/music/templates/configmap.yaml +++ b/kubernetes/common/music/charts/music/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017-2020 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/common/music/charts/music/templates/deployment.yaml b/kubernetes/common/music/charts/music/templates/deployment.yaml index 81c3c2049d..63b5ab0974 100644 --- a/kubernetes/common/music/charts/music/templates/deployment.yaml +++ b/kubernetes/common/music/charts/music/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017-2020 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment @@ -77,7 +79,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} resources: -{{ toYaml .Values.resources | indent 12 }} +{{ include "common.resources" . | indent 12 }} env: - name: SPRING_OPTS value: "{{ .Values.springOpts }}" diff --git a/kubernetes/common/music/charts/music/templates/secrets.yaml b/kubernetes/common/music/charts/music/templates/secrets.yaml index 5d5f5bb397..15791a85d7 100644 --- a/kubernetes/common/music/charts/music/templates/secrets.yaml +++ b/kubernetes/common/music/charts/music/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 AT&T, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/common/music/charts/music/templates/service.yaml b/kubernetes/common/music/charts/music/templates/service.yaml index ca774c9b5b..3bd32a9419 100644 --- a/kubernetes/common/music/charts/music/templates/service.yaml +++ b/kubernetes/common/music/charts/music/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017-2020 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,5 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.service" . }} diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl index 456aa32bc0..9ce9b88644 100644 --- a/kubernetes/common/postgres/templates/_deployment.tpl +++ b/kubernetes/common/postgres/templates/_deployment.tpl @@ -30,7 +30,6 @@ metadata: heritage: {{ $dot.Release.Service }} name: "{{ index $dot.Values "container" "name" $pgMode }}" spec: - serviceName: {{ $dot.Values.service.name }} replicas: 1 selector: matchLabels: diff --git a/kubernetes/common/postgres/templates/configmap.yaml b/kubernetes/common/postgres/templates/configmap.yaml index 26ba390040..e8bfd1194a 100644 --- a/kubernetes/common/postgres/templates/configmap.yaml +++ b/kubernetes/common/postgres/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2019 Amdocs, Bell Canada, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml index 64268abb33..28d974c815 100644 --- a/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml @@ -36,13 +36,13 @@ spec: {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{ ( index .Values.service.ports 0).port }} + port: {{ include "common.getPort" (dict "global" . "name" "http") }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: tcpSocket: - port: {{ ( index .Values.service.ports 0).port }} + port: {{ include "common.getPort" (dict "global" . "name" "http") }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml index 8756d57516..8b8c16c287 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml +++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml @@ -217,6 +217,7 @@ + \ No newline at end of file diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml index dba613c33c..73446ee3ec 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml @@ -402,6 +402,7 @@ + \ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml b/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml index f02a2db764..ad2ce2b92a 100644 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml +++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml @@ -20,11 +20,6 @@ - - ERROR - ACCEPT - DENY - %d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n diff --git a/kubernetes/esr/charts/esr-server/resources/config/logback.xml b/kubernetes/esr/charts/esr-server/resources/config/logback.xml index c647f3d1e1..fcc9f250d9 100644 --- a/kubernetes/esr/charts/esr-server/resources/config/logback.xml +++ b/kubernetes/esr/charts/esr-server/resources/config/logback.xml @@ -15,35 +15,38 @@ # limitations under the License. --> - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + - - - + + + - + + + @@ -57,7 +60,7 @@ - 256 + ${queueSize} @@ -73,7 +76,7 @@ - 256 + ${queueSize} @@ -93,16 +96,16 @@ - 256 + ${queueSize} - ${debugLogDirectory}/${debugLogName}.log + ${logDirectory}/${debugLogName}.log - ${debugLogDirectory}/${debugLogName}.log.%d + ${logDirectory}/${debugLogName}.log.%d ${debugPattern} @@ -110,11 +113,17 @@ - 256 + ${queueSize} true + + + ${consolePattern} + + + @@ -127,9 +136,9 @@ - + + - - + \ No newline at end of file diff --git a/kubernetes/esr/charts/esr-server/values.yaml b/kubernetes/esr/charts/esr-server/values.yaml index 6008f1f747..0177690e80 100644 --- a/kubernetes/esr/charts/esr-server/values.yaml +++ b/kubernetes/esr/charts/esr-server/values.yaml @@ -64,6 +64,17 @@ service: ingress: enabled: false +log: + componentName: esr + subcomponentName: esr-server + debug: true + scan: + enabled: false + logDir: /var/log/onap + queueSize: 256 + root: + level: INFO + resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little diff --git a/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml b/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml index af0b2b975c..3781d96328 100644 --- a/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml +++ b/kubernetes/msb/charts/msb-discovery/resources/config/logback.xml @@ -41,6 +41,12 @@ + + + ${errorPattern} + + + ${logDirectory}/${auditLogName}.log @@ -125,6 +131,7 @@ + diff --git a/kubernetes/msb/charts/msb-eag/resources/config/logback.xml b/kubernetes/msb/charts/msb-eag/resources/config/logback.xml index 49d5e64896..6dc4443d6e 100644 --- a/kubernetes/msb/charts/msb-eag/resources/config/logback.xml +++ b/kubernetes/msb/charts/msb-eag/resources/config/logback.xml @@ -41,6 +41,12 @@ + + + ${errorPattern} + + + ${logDirectory}/${auditLogName}.log @@ -125,6 +131,7 @@ + diff --git a/kubernetes/msb/charts/msb-iag/resources/config/logback.xml b/kubernetes/msb/charts/msb-iag/resources/config/logback.xml index bceefc500c..65ff43485a 100644 --- a/kubernetes/msb/charts/msb-iag/resources/config/logback.xml +++ b/kubernetes/msb/charts/msb-iag/resources/config/logback.xml @@ -41,6 +41,12 @@ + + + ${errorPattern} + + + ${logDirectory}/${auditLogName}.log @@ -125,6 +131,7 @@ + diff --git a/kubernetes/multicloud/charts/multicloud-k8s/values.yaml b/kubernetes/multicloud/charts/multicloud-k8s/values.yaml index 2cdbba77c0..b9fa617d94 100644 --- a/kubernetes/multicloud/charts/multicloud-k8s/values.yaml +++ b/kubernetes/multicloud/charts/multicloud-k8s/values.yaml @@ -73,6 +73,23 @@ mongo: mountSubPath: multicloud-k8s/mongo/data enabled: true disableNfsProvisioner: true + flavor: &storage_flavor large + resources: &storage_resources + small: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 10m + memory: 75Mi + large: + limits: + cpu: 200m + memory: 1Gi + requests: + cpu: 50m + memory: 300Mi + unlimited: {} #etcd chart overrides for k8splugin etcd: @@ -82,6 +99,8 @@ etcd: persistence: mountSubPath: multicloud-k8s/etcd/data enabled: true + flavor: *storage_flavor + resources: *storage_resources # No persistence right now as we rely on Mongo to handle that persistence: diff --git a/kubernetes/oof/Makefile b/kubernetes/oof/Makefile index e27258aafc..a116386dce 100644 --- a/kubernetes/oof/Makefile +++ b/kubernetes/oof/Makefile @@ -15,3 +15,7 @@ make-has: cd charts && helm dep up oof-has cd charts && helm dep up oof-cmso + +clean: + @find . -type f -name '*.tgz' -delete + @find . -type f -name '*.lock' -delete diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml index 15ce71b716..2f12eec5c0 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 AT&T +# Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -48,6 +49,20 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness + - name: {{ include "common.name" . }}-db-config-readiness + command: + - /app/ready.py + args: + - -j + - "{{ include "common.release" . }}-cmso-db-config-config-job" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-chown command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"] image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" @@ -64,11 +79,11 @@ spec: - name: DB_PORT value: {{ .Values.config.db.port | quote}} - name: DB_USERNAME - value: {{ .Values.config.db.root }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}} - name: DB_SCHEMA value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}} terminationMessagePolicy: File volumeMounts: - name: {{ include "common.fullname" . }}-config @@ -85,11 +100,11 @@ spec: - name: DB_PORT value: {{ .Values.config.db.port | quote}} - name: DB_USERNAME - value: {{ .Values.config.db.root }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}} - name: DB_SCHEMA value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}} - name: JAVA_TRUSTSTORE value: /share/etc/certs/{{ .Values.global.truststoreFile }} - name: SSL_KEYSTORE diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml index 5de87f5be1..e511728261 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2019 AT&T +# Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -39,11 +40,6 @@ debugEnabled: false # Secrets metaconfig ################################################################# secrets: - - uid: cmso-db-root-password - type: password - password: '{{ .Values.config.db.rootPassword }}' - externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}' - policy: required - uid: cmso-db-user-secret type: basicAuth externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' @@ -88,7 +84,6 @@ service: config: db: port: 3306 - root: root # rootPassword: pass # rootPasswordExternalSecret: some secret # user: cmso-admin diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml index ff37e8f218..cb7a76f546 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml @@ -1,4 +1,5 @@ # Copyright (c) 2018 AT&T +# Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -48,6 +49,20 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness + - name: {{ include "common.name" . }}-db-config-readiness + command: + - /app/ready.py + args: + - -j + - "{{ include "common.release" . }}-cmso-db-config-config-job" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-chown command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"] image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" @@ -64,11 +79,11 @@ spec: - name: DB_PORT value: {{ .Values.config.db.port | quote}} - name: DB_USERNAME - value: {{ .Values.config.db.root }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}} - name: DB_SCHEMA value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}} terminationMessagePolicy: File volumeMounts: - name: {{ include "common.fullname" . }}-config diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml index f8326272c6..d086411704 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2018-2019 AT&T +# Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -39,11 +40,6 @@ debugEnabled: false # Secrets metaconfig ################################################################# secrets: - - uid: cmso-db-root-password - type: password - password: '{{ .Values.config.db.rootPassword }}' - externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}' - policy: required - uid: cmso-db-user-secret type: basicAuth externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' @@ -88,7 +84,6 @@ service: config: db: port: 3306 - root: root # rootPassword: pass # rootPasswordExternalSecret: some secret # user: cmso-admin diff --git a/kubernetes/oof/charts/oof-cmso/requirements.yaml b/kubernetes/oof/charts/oof-cmso/requirements.yaml index d95b2e76ae..e631333861 100644 --- a/kubernetes/oof/charts/oof-cmso/requirements.yaml +++ b/kubernetes/oof/charts/oof-cmso/requirements.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 AT&T +# Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,3 +23,6 @@ dependencies: - name: mariadb-galera version: ~6.x-0 repository: '@local' + - name: mariadb-init + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/oof/charts/oof-cmso/values.yaml b/kubernetes/oof/charts/oof-cmso/values.yaml index b1c3561538..d712965d59 100644 --- a/kubernetes/oof/charts/oof-cmso/values.yaml +++ b/kubernetes/oof/charts/oof-cmso/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 AT&T +# Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,24 +18,31 @@ ################################################################# secrets: - uid: cmso-db-root-password - name: '{{ include "common.release" . }}-cmso-db-root-password' + name: &rootPassword '{{ include "common.release" . }}-cmso-db-root-password' type: password password: '' policy: generate + - uid: cmso-service-db-secret + name: &serviceDbCreds '{{ include "common.release" . }}-cmso-service-db-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.service.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.service.userName }}' + password: '{{ .Values.config.db.service.userPassword }}' + passwordPolicy: generate - uid: cmso-db-secret - name: '{{ include "common.release" . }}-cmso-db-secret' + name: &optimizerDbCreds '{{ include "common.release" . }}-cmso-optimizer-db-secret' type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' - login: '{{ .Values.config.db.userName }}' - password: '{{ .Values.config.db.userPassword }}' + externalSecret: '{{ tpl (default "" .Values.config.db.optimizer.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.optimizer.userName }}' + password: '{{ .Values.config.db.optimizer.userPassword }}' passwordPolicy: generate mariadb-galera: replicaCount: 1 - nameOverride: cmso-db + nameOverride: &containerName cmso-db service: type: ClusterIP - name: oof-cmso-dbhost + name: &serviceName oof-cmso-dbhost portName: cmso-dbhost nfsprovisionerPrefix: cmso sdnctlPrefix: cmso @@ -43,9 +51,9 @@ mariadb-galera: enabled: true disableNfsProvisioner: true config: - mariadbRootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password' - userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret' - mysqlDatabase: cmso + mariadbRootPasswordExternalSecret: *rootPassword + # userCredentialsExternalSecret: *dbCreds + # mysqlDatabase: cmso externalConfig: | [mysqld] lower_case_table_names = 1 @@ -62,6 +70,20 @@ global: busyBoxImage: busybox:1.30 busyBoxRepository: docker.io +mariadb-init: + mariadbGalera: + containerName: *containerName + serviceName: *serviceName + servicePort: 3306 + userRootSecret: *rootPassword + config: + userCredentialsExternalSecret: *serviceDbCreds + mysqlDatabase: cmso + mysqlAdditionalDatabases: + optimizer: + externalSecret: *optimizerDbCreds + nameOverride: cmso-db-config + flavor: small config: @@ -69,15 +91,17 @@ config: logstashServiceName: log-ls logstashPort: 5044 db: - # userCredentialsExternalsecret: some secret - userName: cmso-admin - # userPassword: password + service: + # userCredentialsExternalsecret: some secret + userName: cmso-admin + # userPassword: password + optimizer: + userName: cmso-optimizer oof-cmso-service: config: db: - userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret' - rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password' + userCredentialsExternalSecret: *serviceDbCreds host: oof-cmso-dbhost container: cmso-db mysqlDatabase: cmso @@ -85,8 +109,7 @@ oof-cmso-service: oof-cmso-optimizer: config: db: - userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret' - rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password' + userCredentialsExternalSecret: *optimizerDbCreds host: oof-cmso-dbhost container: cmso-db mysqlDatabase: optimizer diff --git a/kubernetes/oof/charts/oof-has/templates/job-healthcheck.yaml b/kubernetes/oof/charts/oof-has/templates/job-healthcheck.yaml index c006eebf05..393a6bbf2e 100755 --- a/kubernetes/oof/charts/oof-has/templates/job-healthcheck.yaml +++ b/kubernetes/oof/charts/oof-has/templates/job-healthcheck.yaml @@ -76,7 +76,7 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: healthcheck.json resources: -{{ toYaml .Values.resources | indent 10 }} +{{ include "common.resources" . | indent 10 }} nodeSelector: {{- if .Values.nodeSelector }} {{ toYaml .Values.nodeSelector | indent 8 }} diff --git a/kubernetes/oof/charts/oof-has/templates/job-onboard.yaml b/kubernetes/oof/charts/oof-has/templates/job-onboard.yaml index 22cb5a17eb..a82435bccc 100755 --- a/kubernetes/oof/charts/oof-has/templates/job-onboard.yaml +++ b/kubernetes/oof/charts/oof-has/templates/job-onboard.yaml @@ -81,7 +81,7 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: onboard.json resources: -{{ toYaml .Values.resources | indent 10 }} +{{ include "common.resources" . | indent 10 }} nodeSelector: {{- if .Values.nodeSelector }} {{ toYaml .Values.nodeSelector | indent 8 }} diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml index 79fed0c79c..e149aa596a 100755 --- a/kubernetes/policy/components/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml @@ -52,7 +52,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-apex-pdp:2.4.0 +image: onap/policy-apex-pdp:2.4.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-api/templates/deployment.yaml b/kubernetes/policy/components/policy-api/templates/deployment.yaml index f4360063be..5774344fd3 100755 --- a/kubernetes/policy/components/policy-api/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-api/templates/deployment.yaml @@ -64,7 +64,6 @@ spec: {{- if .Values.global.aafEnabled }} command: ["bash","-c"] args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ - cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\ /opt/app/policy/api/bin/policy-api.sh /opt/app/policy/api/etc/mounted/config.json"] {{- else }} command: ["/opt/app/policy/api/bin/policy-api.sh"] diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml index e6f68cba99..a94031ac95 100755 --- a/kubernetes/policy/components/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@ -84,7 +84,7 @@ certInitializer: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-api:2.3.0 +image: onap/policy-api:2.3.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-distribution/templates/deployment.yaml b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml index add085f94d..414d617f77 100755 --- a/kubernetes/policy/components/policy-distribution/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml @@ -76,7 +76,6 @@ spec: {{- if .Values.global.aafEnabled }} command: ["bash","-c"] args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ - cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\ /opt/app/policy/distribution/bin/policy-dist.sh /opt/app/policy/distribution/etc/mounted/config.json"] {{- else }} command: ["/opt/app/policy/distribution/bin/policy-dist.sh"] diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml index e437de06aa..9d20941773 100755 --- a/kubernetes/policy/components/policy-distribution/values.yaml +++ b/kubernetes/policy/components/policy-distribution/values.yaml @@ -70,7 +70,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-distribution:2.4.0 +image: onap/policy-distribution:2.4.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf index 184ae9aee7..a0f5ceb777 100755 --- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf @@ -57,6 +57,7 @@ PDPD_CONFIGURATION_PARTITION_KEY= POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP POLICY_PDP_PAP_GROUP=defaultGroup +POLICY_PDP_PAP_POLICYTYPES=onap.policies.controlloop.operational.common.Drools # Symmetric Key for encoded sensitive data diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf b/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf index bb2b90c1a7..17efdbc44e 100755 --- a/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf @@ -16,7 +16,10 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +{{- if not .Values.global.aafEnabled }} KEYSTORE_PASSWD={{.Values.keystore.password}} +{{- end }} + TRUSTSTORE_PASSWD={{.Values.truststore.password}} TELEMETRY_USER={{.Values.telemetry.user}} diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/secrets.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/secrets.yaml index 7fb84b5ddc..29f2ef2215 100755 --- a/kubernetes/policy/components/policy-drools-pdp/templates/secrets.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/secrets.yaml @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} --- apiVersion: v1 kind: Secret diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml index eb1ef4203a..1498d273b2 100755 --- a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml @@ -74,6 +74,7 @@ spec: command: ["bash","-c"] args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \ source {{ .Values.certInitializer.credsPath }}/.ci; fi;\ + cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\ /opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"] ports: - containerPort: {{ .Values.service.externalPort }} @@ -94,9 +95,9 @@ spec: - name: REPLICAS value: "{{ .Values.replicaCount }}" - name: SQL_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} - name: SQL_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml index 8a8e3c23a4..5e8c8be179 100755 --- a/kubernetes/policy/components/policy-drools-pdp/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -39,7 +39,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pdpd-cl:1.7.0 +image: onap/policy-pdpd-cl:1.7.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml index 57812d4add..f07ed4a7ba 100755 --- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml @@ -78,7 +78,6 @@ spec: {{- if .Values.global.aafEnabled }} command: ["bash","-c"] args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ - cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\ /opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/config.json"] {{- else }} command: ["/opt/app/policy/pap/bin/policy-pap.sh"] diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index 34e322ce76..008fefd1a9 100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -98,7 +98,7 @@ certInitializer: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pap:2.3.0 +image: onap/policy-pap:2.3.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml index fe8c74d4cc..a4d060ccfe 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml @@ -86,7 +86,6 @@ spec: {{- if .Values.global.aafEnabled }} command: ["bash","-c"] args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ - cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\ /opt/app/policy/pdpx/bin/policy-pdpx.sh /opt/app/policy/pdpx/etc/mounted/config.json"] {{- else }} command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"] diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index e7984fb9cc..81196e1236 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -89,7 +89,7 @@ certInitializer: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-xacml-pdp:2.3.0 +image: onap/policy-xacml-pdp:2.3.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml index aea18a604e..463877b96a 100755 --- a/kubernetes/policy/templates/job.yaml +++ b/kubernetes/policy/templates/job.yaml @@ -65,6 +65,8 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: MYSQL_PORT value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}" + resources: +{{ include "common.resources" . }} restartPolicy: Never volumes: - name: {{ include "common.fullname" . }}-config diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index b337383485..714f9d928c 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -69,7 +69,7 @@ policy-distribution: enabled: true db: *dbSecretsHook policy-nexus: - enabled: true + enabled: false ################################################################# # DB configuration defaults. @@ -122,3 +122,23 @@ mariadb-galera: [mysqld] lower_case_table_names = 1 +# Resource Limit flavor -By Default using small +# Segregation for Different environment (small, large, or unlimited) +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} + diff --git a/kubernetes/sdc/Makefile b/kubernetes/sdc/Makefile new file mode 100644 index 0000000000..f2670c552d --- /dev/null +++ b/kubernetes/sdc/Makefile @@ -0,0 +1,50 @@ +# Copyright © 2020 Samsung Electronics, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/pv.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/templates/pv.yaml deleted file mode 100644 index bc110c3b0f..0000000000 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/pv.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{/* -# ================================================================================ -# Copyright (C) 2019, Nordix Foundation. All rights reserved. -# ================================================================================ -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{- if and .Values.persistence.enabled (not .Values.cert.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) -}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.cert.persistence.size}} - accessModes: - - {{ .Values.cert.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.cert.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" . }}-data" - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.cert.persistence.mountSubPath }} -{{- end -}} -{{- end -}} diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/pvc.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/templates/pvc.yaml deleted file mode 100644 index 006d736b63..0000000000 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/pvc.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{/* -# ================================================================================ -# Copyright (C) 2019, Nordix Foundation. All rights reserved. -# ================================================================================ -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{- if and .Values.cert.persistence.enabled (not .Values.cert.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-cert - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.cert.persistence.annotations }} - annotations: -{{ toYaml .Values.cert.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.cert.persistence.accessMode }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.cert.persistence.size }} -{{- end -}} diff --git a/kubernetes/sdc/components/Makefile b/kubernetes/sdc/components/Makefile new file mode 100644 index 0000000000..8d3bf2be4f --- /dev/null +++ b/kubernetes/sdc/components/Makefile @@ -0,0 +1,50 @@ +# Copyright © 2020 Samsung Electronics, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/sdc/charts/sdc-be/.helmignore b/kubernetes/sdc/components/sdc-be/.helmignore similarity index 100% rename from kubernetes/sdc/charts/sdc-be/.helmignore rename to kubernetes/sdc/components/sdc-be/.helmignore diff --git a/kubernetes/sdc/charts/sdc-be/Chart.yaml b/kubernetes/sdc/components/sdc-be/Chart.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-be/Chart.yaml rename to kubernetes/sdc/components/sdc-be/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-be/requirements.yaml b/kubernetes/sdc/components/sdc-be/requirements.yaml new file mode 100644 index 0000000000..b1d52ae32a --- /dev/null +++ b/kubernetes/sdc/components/sdc-be/requirements.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: '@local' \ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-be/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-be/resources/config/logging/logback.xml similarity index 100% rename from kubernetes/sdc/charts/sdc-be/resources/config/logging/logback.xml rename to kubernetes/sdc/components/sdc-be/resources/config/logging/logback.xml diff --git a/kubernetes/sdc/charts/sdc-be/templates/NOTES.txt b/kubernetes/sdc/components/sdc-be/templates/NOTES.txt similarity index 100% rename from kubernetes/sdc/charts/sdc-be/templates/NOTES.txt rename to kubernetes/sdc/components/sdc-be/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-be/templates/configmap.yaml b/kubernetes/sdc/components/sdc-be/templates/configmap.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-be/templates/configmap.yaml rename to kubernetes/sdc/components/sdc-be/templates/configmap.yaml diff --git a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml similarity index 82% rename from kubernetes/sdc/charts/sdc-be/templates/deployment.yaml rename to kubernetes/sdc/components/sdc-be/templates/deployment.yaml index 78f2912021..e2329d7ca5 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml @@ -22,7 +22,7 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - name: {{ include "common.name" . }}-readiness command: - /app/ready.py @@ -51,34 +51,46 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{- if .Values.global.aafEnabled }} - name: {{ include "common.name" . }}-update-config image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - sh args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" - env: - - name: KEYSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: keystore_password - - name: TRUSTSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: truststore_password - volumeMounts: + - "-c" + - | + export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export KEYSTORE_PASS=$cadi_keystore_password_p12 + export KEYMANAGER_PASS=$cadi_keystore_password_p12 + export TRUSTSTORE_PASS=$cadi_truststore_password + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output + cd /config-input && \ + for PFILE in `find . -not -type d | grep -v -F ..` + do + envsubst <${PFILE} >/config-output/${PFILE} + chmod 0755 /config-output/${PFILE} + done + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - name: {{ include "common.fullname" . }}-environments mountPath: /config-input/ - name: sdc-environments-output mountPath: /config-output/ + {{- end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - "-c" + - | + sed -i '/trustStorePassword/d' ${JETTY_BASE}/startup.sh + ${JETTY_BASE}/startup.sh + {{- end }} ports: {{ include "common.containerPorts" . | nindent 10 }} {{ if eq .Values.liveness.enabled true }} livenessProbe: @@ -100,7 +112,7 @@ spec: resources: {{ include "common.resources" . | nindent 12 }} env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} - name: cassandra_ssl_enabled @@ -112,10 +124,10 @@ spec: volumeMounts: - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime @@ -142,13 +154,10 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime - - name: sdc-cert - secret: - secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap diff --git a/kubernetes/sdc/charts/sdc-be/templates/ingress.yaml b/kubernetes/sdc/components/sdc-be/templates/ingress.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-be/templates/ingress.yaml rename to kubernetes/sdc/components/sdc-be/templates/ingress.yaml diff --git a/kubernetes/sdc/charts/sdc-be/templates/job.yaml b/kubernetes/sdc/components/sdc-be/templates/job.yaml similarity index 98% rename from kubernetes/sdc/charts/sdc-be/templates/job.yaml rename to kubernetes/sdc/components/sdc-be/templates/job.yaml index 8a5f2fae18..d9c3e510eb 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/job.yaml @@ -56,7 +56,7 @@ spec: mountPath: /var/lib/jetty/logs env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: HOST_IP valueFrom: fieldRef: diff --git a/kubernetes/sdc/charts/sdc-be/templates/service.yaml b/kubernetes/sdc/components/sdc-be/templates/service.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-be/templates/service.yaml rename to kubernetes/sdc/components/sdc-be/templates/service.yaml diff --git a/kubernetes/sdc/charts/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml similarity index 68% rename from kubernetes/sdc/charts/sdc-be/values.yaml rename to kubernetes/sdc/components/sdc-be/values.yaml index a2f1f0c93c..03894869e4 100644 --- a/kubernetes/sdc/charts/sdc-be/values.yaml +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -21,6 +21,18 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + aafEnabled: true + cassandra: + #This flag allows SDC to instantiate its own cluster, serviceName + #should be sdc-cs if this flag is enabled + localCluster: false + #The cassandra service name to connect to (default: shared cassandra service) + serviceName: cassandra + #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled + #to match with its own cluster replica + replicaCount: 3 + clusterName: cassandra + dataCenter: Pod ################################################################# # Application configuration defaults. @@ -34,6 +46,33 @@ pullPolicy: Always # flag to enable debugging - application support required debugEnabled: false +#environment file +env: + name: AUTO + +certInitializer: + nameOverride: sdc-be-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: sdc + fqi: sdc@sdc.onap.org + public_fqdn: sdc.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + addconfig: true + keystoreFile: "org.onap.sdc.p12" + truststoreFile: "org.onap.sdc.trust.jks" + permission_user: 352070 + permission_group: 35953 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop + +################################################################# +# SDC Config part +################################################################# config: javaOptions: "-Xmx1536m -Xms1536m" cassandraSslEnabled: "false" diff --git a/kubernetes/sdc/charts/sdc-cs/.helmignore b/kubernetes/sdc/components/sdc-cs/.helmignore similarity index 100% rename from kubernetes/sdc/charts/sdc-cs/.helmignore rename to kubernetes/sdc/components/sdc-cs/.helmignore diff --git a/kubernetes/sdc/charts/sdc-cs/Chart.yaml b/kubernetes/sdc/components/sdc-cs/Chart.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-cs/Chart.yaml rename to kubernetes/sdc/components/sdc-cs/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-cs/requirements.yaml b/kubernetes/sdc/components/sdc-cs/requirements.yaml new file mode 100644 index 0000000000..5969143629 --- /dev/null +++ b/kubernetes/sdc/components/sdc-cs/requirements.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' \ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-cs/templates/NOTES.txt b/kubernetes/sdc/components/sdc-cs/templates/NOTES.txt similarity index 100% rename from kubernetes/sdc/charts/sdc-cs/templates/NOTES.txt rename to kubernetes/sdc/components/sdc-cs/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-cs/templates/job.yaml b/kubernetes/sdc/components/sdc-cs/templates/job.yaml similarity index 98% rename from kubernetes/sdc/charts/sdc-cs/templates/job.yaml rename to kubernetes/sdc/components/sdc-cs/templates/job.yaml index ff32a87588..0c98d67be4 100644 --- a/kubernetes/sdc/charts/sdc-cs/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-cs/templates/job.yaml @@ -62,7 +62,7 @@ spec: mountPath: /home/sdc/chef-solo/cache env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: RELEASE value: {{ .Values.config.release }} - name: SDC_USER diff --git a/kubernetes/sdc/charts/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml similarity index 85% rename from kubernetes/sdc/charts/sdc-cs/values.yaml rename to kubernetes/sdc/components/sdc-cs/values.yaml index 5cf3065a09..0738ca755d 100644 --- a/kubernetes/sdc/charts/sdc-cs/values.yaml +++ b/kubernetes/sdc/components/sdc-cs/values.yaml @@ -21,6 +21,17 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + cassandra: + #This flag allows SDC to instantiate its own cluster, serviceName + #should be sdc-cs if this flag is enabled + localCluster: false + #The cassandra service name to connect to (default: shared cassandra service) + serviceName: cassandra + #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled + #to match with its own cluster replica + replicaCount: 3 + clusterName: cassandra + dataCenter: Pod ################################################################# # Application configuration defaults. @@ -37,6 +48,10 @@ config: maxHeapSize: "1536M" heapNewSize: "512M" +#environment file +env: + name: AUTO + # default number of instances replicaCount: 1 diff --git a/kubernetes/sdc/charts/sdc-dcae-be/.helmignore b/kubernetes/sdc/components/sdc-dcae-be/.helmignore similarity index 100% rename from kubernetes/sdc/charts/sdc-dcae-be/.helmignore rename to kubernetes/sdc/components/sdc-dcae-be/.helmignore diff --git a/kubernetes/sdc/charts/sdc-dcae-be/Chart.yaml b/kubernetes/sdc/components/sdc-dcae-be/Chart.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-dcae-be/Chart.yaml rename to kubernetes/sdc/components/sdc-dcae-be/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-dcae-be/requirements.yaml b/kubernetes/sdc/components/sdc-dcae-be/requirements.yaml new file mode 100644 index 0000000000..b1d52ae32a --- /dev/null +++ b/kubernetes/sdc/components/sdc-dcae-be/requirements.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: '@local' \ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-dcae-be/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-dcae-be/resources/config/logging/logback.xml similarity index 100% rename from kubernetes/sdc/charts/sdc-dcae-be/resources/config/logging/logback.xml rename to kubernetes/sdc/components/sdc-dcae-be/resources/config/logging/logback.xml diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/NOTES.txt b/kubernetes/sdc/components/sdc-dcae-be/templates/NOTES.txt similarity index 100% rename from kubernetes/sdc/charts/sdc-dcae-be/templates/NOTES.txt rename to kubernetes/sdc/components/sdc-dcae-be/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/configmap.yaml b/kubernetes/sdc/components/sdc-dcae-be/templates/configmap.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-dcae-be/templates/configmap.yaml rename to kubernetes/sdc/components/sdc-dcae-be/templates/configmap.yaml diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-dcae-be/templates/deployment.yaml similarity index 82% rename from kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml rename to kubernetes/sdc/components/sdc-dcae-be/templates/deployment.yaml index a8e9403ef4..4ddb229876 100644 --- a/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-dcae-be/templates/deployment.yaml @@ -33,7 +33,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - name: {{ include "common.name" . }}-readiness command: - /app/ready.py @@ -62,34 +62,46 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{- if .Values.global.aafEnabled }} - name: {{ include "common.name" . }}-update-config image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - sh + - sh args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" - env: - - name: KEYSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: keystore_password - - name: TRUSTSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: truststore_password - volumeMounts: + - "-c" + - | + export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export KEYSTORE_PASS=$cadi_keystore_password_p12 + export KEYMANAGER_PASS=$cadi_keystore_password_p12 + export TRUSTSTORE_PASS=$cadi_truststore_password + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output + cd /config-input && \ + for PFILE in `find . -not -type d | grep -v -F ..` + do + envsubst <${PFILE} >/config-output/${PFILE} + chmod 0755 /config-output/${PFILE} + done + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: {{ include "common.fullname" . }}-environments mountPath: /config-input/ - name: sdc-environments-output mountPath: /config-output/ + {{- end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - "-c" + - | + sed -i '/trustStorePassword/d' ${JETTY_BASE}/startup.sh + ${JETTY_BASE}/startup.sh + {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} @@ -109,7 +121,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} - name: HOST_IP @@ -119,10 +131,10 @@ spec: volumeMounts: - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime @@ -160,13 +172,10 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime - - name: sdc-cert - secret: - secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/job.yaml b/kubernetes/sdc/components/sdc-dcae-be/templates/job.yaml similarity index 98% rename from kubernetes/sdc/charts/sdc-dcae-be/templates/job.yaml rename to kubernetes/sdc/components/sdc-dcae-be/templates/job.yaml index 5be29eee97..d85c6bf491 100644 --- a/kubernetes/sdc/charts/sdc-dcae-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-dcae-be/templates/job.yaml @@ -55,7 +55,7 @@ spec: mountPath: /var/lib/jetty/chef-solo/environments env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: HOST_IP valueFrom: fieldRef: diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/service.yaml b/kubernetes/sdc/components/sdc-dcae-be/templates/service.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-dcae-be/templates/service.yaml rename to kubernetes/sdc/components/sdc-dcae-be/templates/service.yaml diff --git a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml b/kubernetes/sdc/components/sdc-dcae-be/values.yaml similarity index 76% rename from kubernetes/sdc/charts/sdc-dcae-be/values.yaml rename to kubernetes/sdc/components/sdc-dcae-be/values.yaml index ece8ed5426..351c88c70d 100644 --- a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml +++ b/kubernetes/sdc/components/sdc-dcae-be/values.yaml @@ -20,6 +20,30 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + aafEnabled: true + +################################################################# +# AAF Part +################################################################# +certInitializer: + nameOverride: sdc-dcae-be-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: sdc + fqi: sdc@sdc.onap.org + public_fqdn: sdc.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + addconfig: true + keystoreFile: "org.onap.sdc.p12" + truststoreFile: "org.onap.sdc.trust.jks" + permission_user: 352070 + permission_group: 35953 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop ################################################################# # Application configuration defaults. @@ -33,6 +57,10 @@ backendInitImage: onap/dcae-tools:1.3.4 # flag to enable debugging - application support required debugEnabled: false +#environment file +env: + name: AUTO + config: javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-be/logback-spring.xml cassandraSslEnabled: "false" diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/Chart.yaml b/kubernetes/sdc/components/sdc-dcae-dt/Chart.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-dcae-dt/Chart.yaml rename to kubernetes/sdc/components/sdc-dcae-dt/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-dcae-dt/requirements.yaml b/kubernetes/sdc/components/sdc-dcae-dt/requirements.yaml new file mode 100644 index 0000000000..b1d52ae32a --- /dev/null +++ b/kubernetes/sdc/components/sdc-dcae-dt/requirements.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: '@local' \ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-dcae-dt/resources/config/logging/logback.xml similarity index 100% rename from kubernetes/sdc/charts/sdc-dcae-dt/resources/config/logging/logback.xml rename to kubernetes/sdc/components/sdc-dcae-dt/resources/config/logging/logback.xml diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/NOTES.txt b/kubernetes/sdc/components/sdc-dcae-dt/templates/NOTES.txt similarity index 100% rename from kubernetes/sdc/charts/sdc-dcae-dt/templates/NOTES.txt rename to kubernetes/sdc/components/sdc-dcae-dt/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/configmap.yaml b/kubernetes/sdc/components/sdc-dcae-dt/templates/configmap.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-dcae-dt/templates/configmap.yaml rename to kubernetes/sdc/components/sdc-dcae-dt/templates/configmap.yaml diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml b/kubernetes/sdc/components/sdc-dcae-dt/templates/deployment.yaml similarity index 84% rename from kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml rename to kubernetes/sdc/components/sdc-dcae-dt/templates/deployment.yaml index e3f1b5da1e..58410ecf66 100644 --- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-dcae-dt/templates/deployment.yaml @@ -33,7 +33,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - name: {{ include "common.name" . }}-readiness command: - /app/ready.py @@ -62,30 +62,33 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{- if .Values.global.aafEnabled }} - name: {{ include "common.name" . }}-update-config image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - sh + - sh args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" - env: - - name: KEYSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: keystore_password - - name: TRUSTSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: truststore_password - volumeMounts: + - "-c" + - | + export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export KEYSTORE_PASS=$cadi_keystore_password_p12 + export KEYMANAGER_PASS=$cadi_keystore_password_p12 + export TRUSTSTORE_PASS=$cadi_truststore_password + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output + cd /config-input && \ + for PFILE in `find . -not -type d | grep -v -F ..` + do + envsubst <${PFILE} >/config-output/${PFILE} + chmod 0755 /config-output/${PFILE} + done + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: {{ include "common.fullname" . }}-environments mountPath: /config-input/ - name: sdc-environments-output mountPath: /config-output/ + {{- end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -108,7 +111,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} - name: HOST_IP @@ -118,10 +121,10 @@ spec: volumeMounts: - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime @@ -155,13 +158,10 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime - - name: sdc-cert - secret: - secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/ingress.yaml b/kubernetes/sdc/components/sdc-dcae-dt/templates/ingress.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-dcae-dt/templates/ingress.yaml rename to kubernetes/sdc/components/sdc-dcae-dt/templates/ingress.yaml diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/service.yaml b/kubernetes/sdc/components/sdc-dcae-dt/templates/service.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-dcae-dt/templates/service.yaml rename to kubernetes/sdc/components/sdc-dcae-dt/templates/service.yaml diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml b/kubernetes/sdc/components/sdc-dcae-dt/values.yaml similarity index 73% rename from kubernetes/sdc/charts/sdc-dcae-dt/values.yaml rename to kubernetes/sdc/components/sdc-dcae-dt/values.yaml index 96ba894fbf..17826716f6 100644 --- a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml +++ b/kubernetes/sdc/components/sdc-dcae-dt/values.yaml @@ -20,6 +20,30 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + aafEnabled: true + +################################################################# +# AAF Part +################################################################# +certInitializer: + nameOverride: sdc-dcae-dt-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: sdc + fqi: sdc@sdc.onap.org + public_fqdn: sdc.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + addconfig: true + keystoreFile: "org.onap.sdc.p12" + truststoreFile: "org.onap.sdc.trust.jks" + permission_user: 352070 + permission_group: 35953 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop ################################################################# # Application configuration defaults. @@ -31,6 +55,10 @@ pullPolicy: IfNotPresent config: javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-dt/logback-spring.xml +#environment file +env: + name: AUTO + # default number of instances replicaCount: 1 diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/.helmignore b/kubernetes/sdc/components/sdc-dcae-fe/.helmignore similarity index 100% rename from kubernetes/sdc/charts/sdc-dcae-fe/.helmignore rename to kubernetes/sdc/components/sdc-dcae-fe/.helmignore diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/Chart.yaml b/kubernetes/sdc/components/sdc-dcae-fe/Chart.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-dcae-fe/Chart.yaml rename to kubernetes/sdc/components/sdc-dcae-fe/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-dcae-fe/requirements.yaml b/kubernetes/sdc/components/sdc-dcae-fe/requirements.yaml new file mode 100644 index 0000000000..b1d52ae32a --- /dev/null +++ b/kubernetes/sdc/components/sdc-dcae-fe/requirements.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: '@local' \ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-dcae-fe/resources/config/logging/logback.xml similarity index 100% rename from kubernetes/sdc/charts/sdc-dcae-fe/resources/config/logging/logback.xml rename to kubernetes/sdc/components/sdc-dcae-fe/resources/config/logging/logback.xml diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/NOTES.txt b/kubernetes/sdc/components/sdc-dcae-fe/templates/NOTES.txt similarity index 100% rename from kubernetes/sdc/charts/sdc-dcae-fe/templates/NOTES.txt rename to kubernetes/sdc/components/sdc-dcae-fe/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/configmap.yaml b/kubernetes/sdc/components/sdc-dcae-fe/templates/configmap.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-dcae-fe/templates/configmap.yaml rename to kubernetes/sdc/components/sdc-dcae-fe/templates/configmap.yaml diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-dcae-fe/templates/deployment.yaml similarity index 85% rename from kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml rename to kubernetes/sdc/components/sdc-dcae-fe/templates/deployment.yaml index 4f3f700084..f916ce5337 100644 --- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-dcae-fe/templates/deployment.yaml @@ -33,7 +33,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - name: {{ include "common.name" . }}-readiness command: - /app/ready.py @@ -62,30 +62,33 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{- if .Values.global.aafEnabled }} - name: {{ include "common.name" . }}-update-config image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - sh + - sh args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" - env: - - name: KEYSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: keystore_password - - name: TRUSTSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: truststore_password - volumeMounts: + - "-c" + - | + export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export KEYSTORE_PASS=$cadi_keystore_password_p12 + export KEYMANAGER_PASS=$cadi_keystore_password_p12 + export TRUSTSTORE_PASS=$cadi_truststore_password + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output + cd /config-input && \ + for PFILE in `find . -not -type d | grep -v -F ..` + do + envsubst <${PFILE} >/config-output/${PFILE} + chmod 0755 /config-output/${PFILE} + done + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: {{ include "common.fullname" . }}-environments mountPath: /config-input/ - name: sdc-environments-output mountPath: /config-output/ + {{- end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -108,7 +111,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} - name: HOST_IP @@ -118,10 +121,10 @@ spec: volumeMounts: - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime @@ -159,13 +162,10 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime - - name: sdc-cert - secret: - secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/ingress.yaml b/kubernetes/sdc/components/sdc-dcae-fe/templates/ingress.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-dcae-fe/templates/ingress.yaml rename to kubernetes/sdc/components/sdc-dcae-fe/templates/ingress.yaml diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-dcae-fe/templates/service.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-dcae-fe/templates/service.yaml rename to kubernetes/sdc/components/sdc-dcae-fe/templates/service.yaml diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml b/kubernetes/sdc/components/sdc-dcae-fe/values.yaml similarity index 75% rename from kubernetes/sdc/charts/sdc-dcae-fe/values.yaml rename to kubernetes/sdc/components/sdc-dcae-fe/values.yaml index f4a9dfb08f..f4d06454a3 100644 --- a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-dcae-fe/values.yaml @@ -20,6 +20,30 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + aafEnabled: true + +################################################################# +# AAF Part +################################################################# +certInitializer: + nameOverride: sdc-dcae-fe-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: sdc + fqi: sdc@sdc.onap.org + public_fqdn: sdc.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + addconfig: true + keystoreFile: "org.onap.sdc.p12" + truststoreFile: "org.onap.sdc.trust.jks" + permission_user: 352070 + permission_group: 35953 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop ################################################################# # Application configuration defaults. @@ -31,6 +55,10 @@ pullPolicy: Always config: javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-fe/logback-spring.xml +#environment file +env: + name: AUTO + # default number of instances replicaCount: 1 diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/.helmignore b/kubernetes/sdc/components/sdc-dcae-tosca-lab/.helmignore similarity index 100% rename from kubernetes/sdc/charts/sdc-dcae-tosca-lab/.helmignore rename to kubernetes/sdc/components/sdc-dcae-tosca-lab/.helmignore diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/Chart.yaml b/kubernetes/sdc/components/sdc-dcae-tosca-lab/Chart.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-dcae-tosca-lab/Chart.yaml rename to kubernetes/sdc/components/sdc-dcae-tosca-lab/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-dcae-tosca-lab/requirements.yaml b/kubernetes/sdc/components/sdc-dcae-tosca-lab/requirements.yaml new file mode 100644 index 0000000000..5969143629 --- /dev/null +++ b/kubernetes/sdc/components/sdc-dcae-tosca-lab/requirements.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' \ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/NOTES.txt b/kubernetes/sdc/components/sdc-dcae-tosca-lab/templates/NOTES.txt similarity index 100% rename from kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/NOTES.txt rename to kubernetes/sdc/components/sdc-dcae-tosca-lab/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/deployment.yaml b/kubernetes/sdc/components/sdc-dcae-tosca-lab/templates/deployment.yaml similarity index 99% rename from kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/deployment.yaml rename to kubernetes/sdc/components/sdc-dcae-tosca-lab/templates/deployment.yaml index 0c886a0b08..6eb1b3bae4 100644 --- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-dcae-tosca-lab/templates/deployment.yaml @@ -71,7 +71,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} - name: HOST_IP diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/service.yaml b/kubernetes/sdc/components/sdc-dcae-tosca-lab/templates/service.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/service.yaml rename to kubernetes/sdc/components/sdc-dcae-tosca-lab/templates/service.yaml diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/values.yaml b/kubernetes/sdc/components/sdc-dcae-tosca-lab/values.yaml similarity index 98% rename from kubernetes/sdc/charts/sdc-dcae-tosca-lab/values.yaml rename to kubernetes/sdc/components/sdc-dcae-tosca-lab/values.yaml index ec5dc98893..c714ec81ee 100644 --- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/values.yaml +++ b/kubernetes/sdc/components/sdc-dcae-tosca-lab/values.yaml @@ -36,6 +36,10 @@ config: javaOptions: -XX:MaxPermSize=256m -Xmx1024m cassandraSslEnabled: "false" +#environment file +env: + name: AUTO + # default number of instances replicaCount: 1 diff --git a/kubernetes/sdc/charts/sdc-fe/.helmignore b/kubernetes/sdc/components/sdc-fe/.helmignore similarity index 100% rename from kubernetes/sdc/charts/sdc-fe/.helmignore rename to kubernetes/sdc/components/sdc-fe/.helmignore diff --git a/kubernetes/sdc/charts/sdc-fe/Chart.yaml b/kubernetes/sdc/components/sdc-fe/Chart.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-fe/Chart.yaml rename to kubernetes/sdc/components/sdc-fe/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-fe/requirements.yaml b/kubernetes/sdc/components/sdc-fe/requirements.yaml new file mode 100644 index 0000000000..b1d52ae32a --- /dev/null +++ b/kubernetes/sdc/components/sdc-fe/requirements.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: '@local' \ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-fe/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-fe/resources/config/logging/logback.xml similarity index 100% rename from kubernetes/sdc/charts/sdc-fe/resources/config/logging/logback.xml rename to kubernetes/sdc/components/sdc-fe/resources/config/logging/logback.xml diff --git a/kubernetes/sdc/charts/sdc-fe/resources/config/plugins/plugins-configuration.yaml b/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-fe/resources/config/plugins/plugins-configuration.yaml rename to kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml diff --git a/kubernetes/sdc/charts/sdc-fe/templates/NOTES.txt b/kubernetes/sdc/components/sdc-fe/templates/NOTES.txt similarity index 100% rename from kubernetes/sdc/charts/sdc-fe/templates/NOTES.txt rename to kubernetes/sdc/components/sdc-fe/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-fe/templates/configmap.yaml b/kubernetes/sdc/components/sdc-fe/templates/configmap.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-fe/templates/configmap.yaml rename to kubernetes/sdc/components/sdc-fe/templates/configmap.yaml diff --git a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml similarity index 82% rename from kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml rename to kubernetes/sdc/components/sdc-fe/templates/deployment.yaml index 8b3d4e7e44..0571f4bb5d 100644 --- a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml @@ -34,7 +34,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - name: {{ include "common.name" . }}-job-completion image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" @@ -49,34 +49,46 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{- if .Values.global.aafEnabled }} - name: {{ include "common.name" . }}-update-config image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - sh + - sh args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" - env: - - name: KEYSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: keystore_password - - name: TRUSTSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: truststore_password - volumeMounts: + - "-c" + - | + export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export KEYSTORE_PASS=$cadi_keystore_password_p12 + export KEYMANAGER_PASS=$cadi_keystore_password_p12 + export TRUSTSTORE_PASS=$cadi_truststore_password + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output + cd /config-input && \ + for PFILE in `find . -not -type d | grep -v -F ..` + do + envsubst <${PFILE} >/config-output/${PFILE} + chmod 0755 /config-output/${PFILE} + done + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: {{ include "common.fullname" . }}-environments mountPath: /config-input/ - name: sdc-environments-output mountPath: /config-output/ + {{- end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - "-c" + - | + sed -i '/trustStorePassword/d' ${JETTY_BASE}/startup.sh + ${JETTY_BASE}/startup.sh + {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} @@ -98,7 +110,7 @@ spec: {{ include "common.resources" . | indent 12 }} env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: HOST_IP valueFrom: fieldRef: @@ -108,10 +120,10 @@ spec: volumeMounts: - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime @@ -141,13 +153,10 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime - - name: sdc-cert - secret: - secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap diff --git a/kubernetes/sdc/charts/sdc-fe/templates/ingress.yaml b/kubernetes/sdc/components/sdc-fe/templates/ingress.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-fe/templates/ingress.yaml rename to kubernetes/sdc/components/sdc-fe/templates/ingress.yaml diff --git a/kubernetes/sdc/charts/sdc-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-fe/templates/service.yaml similarity index 97% rename from kubernetes/sdc/charts/sdc-fe/templates/service.yaml rename to kubernetes/sdc/components/sdc-fe/templates/service.yaml index 2133990b60..efcde572a3 100644 --- a/kubernetes/sdc/charts/sdc-fe/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/service.yaml @@ -37,7 +37,7 @@ metadata: spec: type: {{ .Values.service.type }} ports: - {{ if not .Values.global.security.disableHttp }} + {{ if not .Values.security.disableHttp }} # setting http port only if enabled {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} diff --git a/kubernetes/sdc/charts/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml similarity index 78% rename from kubernetes/sdc/charts/sdc-fe/values.yaml rename to kubernetes/sdc/components/sdc-fe/values.yaml index 63c8ce7e72..e9ff284ffe 100644 --- a/kubernetes/sdc/charts/sdc-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-fe/values.yaml @@ -21,6 +21,30 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + aafEnabled: true + +################################################################# +# AAF Part +################################################################# +certInitializer: + nameOverride: sdc-fe-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: sdc + fqi: sdc@sdc.onap.org + public_fqdn: sdc.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + addconfig: true + keystoreFile: "org.onap.sdc.p12" + truststoreFile: "org.onap.sdc.trust.jks" + permission_user: 352070 + permission_group: 35953 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop ################################################################# # Application configuration defaults. @@ -40,6 +64,13 @@ config: workflow_discovery_url: "https://sdc-wfd-fe:8443/workflows" workflow_source_url: "https://sdc.workflow.plugin.simpledemo.onap.org:30256/workflows/" +#environment file +env: + name: AUTO + +security: + disableHttp: true + # default number of instances replicaCount: 1 diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/.helmignore b/kubernetes/sdc/components/sdc-onboarding-be/.helmignore similarity index 100% rename from kubernetes/sdc/charts/sdc-onboarding-be/.helmignore rename to kubernetes/sdc/components/sdc-onboarding-be/.helmignore diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/Chart.yaml b/kubernetes/sdc/components/sdc-onboarding-be/Chart.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-onboarding-be/Chart.yaml rename to kubernetes/sdc/components/sdc-onboarding-be/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-onboarding-be/requirements.yaml b/kubernetes/sdc/components/sdc-onboarding-be/requirements.yaml new file mode 100644 index 0000000000..aad984e8d9 --- /dev/null +++ b/kubernetes/sdc/components/sdc-onboarding-be/requirements.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-onboarding-be/resources/config/logging/logback.xml similarity index 100% rename from kubernetes/sdc/charts/sdc-onboarding-be/resources/config/logging/logback.xml rename to kubernetes/sdc/components/sdc-onboarding-be/resources/config/logging/logback.xml diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/NOTES.txt b/kubernetes/sdc/components/sdc-onboarding-be/templates/NOTES.txt similarity index 100% rename from kubernetes/sdc/charts/sdc-onboarding-be/templates/NOTES.txt rename to kubernetes/sdc/components/sdc-onboarding-be/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/configmap.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/configmap.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-onboarding-be/templates/configmap.yaml rename to kubernetes/sdc/components/sdc-onboarding-be/templates/configmap.yaml diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml similarity index 79% rename from kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml rename to kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml index f2baa1fd90..6f1e2a9b61 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml @@ -34,7 +34,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - name: {{ include "common.name" . }}-job-completion image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" @@ -49,43 +49,33 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{- if .Values.global.aafEnabled }} - name: {{ include "common.name" . }}-update-config image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - sh + - sh args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done" - env: - - name: KEYSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: keystore_password - - name: TRUSTSTORE_PASS - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-sdc-cs-secrets - key: truststore_password - volumeMounts: + - "-c" + - | + export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export KEYSTORE_PASS=$cadi_keystore_password_p12 + export KEYMANAGER_PASS=$cadi_keystore_password_p12 + export TRUSTSTORE_PASS=$cadi_truststore_password + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output + cd /config-input && \ + for PFILE in `find . -not -type d | grep -v -F ..` + do + envsubst <${PFILE} >/config-output/${PFILE} + chmod 0755 /config-output/${PFILE} + done + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: {{ include "common.fullname" . }}-environments mountPath: /config-input/ - name: sdc-environments-output mountPath: /config-output/ - - name: volume-permissions - image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /bin/sh - - -c - - | - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert - securityContext: - runAsUser: 0 - volumeMounts: - - name: {{ include "common.fullname" . }}-cert-storage - mountPath: "/onboard/cert" + {{- end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -113,11 +103,11 @@ spec: {{ include "common.resources" . | indent 12 }} env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} - name: SDC_CLUSTER_NAME - value: "SDC-CS-{{ .Values.global.env.name }}" + value: "SDC-CS-{{ .Values.env.name }}" - name: cassandra_ssl_enabled value: {{ .Values.config.cassandraSslEnabled | quote }} - name: HOST_IP @@ -135,10 +125,10 @@ spec: volumeMounts: - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/environments/ - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - - name: sdc-cert + - name: sdc-environments-output mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - name: {{ include "common.fullname" . }}-localtime @@ -149,8 +139,6 @@ spec: - name: {{ include "common.fullname" . }}-logback mountPath: /tmp/logback.xml subPath: logback.xml - - name: {{ include "common.fullname" . }}-cert-storage - mountPath: "{{ .Values.cert.certDir }}" lifecycle: postStart: exec: @@ -167,13 +155,10 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime - - name: sdc-cert - secret: - secretName: sdc-cert - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap @@ -190,8 +175,5 @@ spec: emptyDir: { medium: "Memory" } - name: {{ include "common.fullname" . }}-logs emptyDir: {} - - name: {{ include "common.fullname" . }}-cert-storage - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }}-cert imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/job.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml similarity index 98% rename from kubernetes/sdc/charts/sdc-onboarding-be/templates/job.yaml rename to kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml index 39758bc943..936c7c41b5 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml @@ -56,7 +56,7 @@ spec: mountPath: /home/sdc/chef-solo/environments/ env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: HOST_IP valueFrom: fieldRef: diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/service.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-onboarding-be/templates/service.yaml rename to kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml similarity index 73% rename from kubernetes/sdc/charts/sdc-onboarding-be/values.yaml rename to kubernetes/sdc/components/sdc-onboarding-be/values.yaml index f42b500376..2e5d91e76b 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml @@ -21,6 +21,42 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + aafEnabled: true + persistence: {} + cassandra: + #This flag allows SDC to instantiate its own cluster, serviceName + #should be sdc-cs if this flag is enabled + localCluster: false + #The cassandra service name to connect to (default: shared cassandra service) + serviceName: cassandra + #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled + #to match with its own cluster replica + replicaCount: 3 + clusterName: cassandra + dataCenter: Pod + +################################################################# +# AAF Part +################################################################# +certInitializer: + nameOverride: sdc-onboarding-be-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: sdc + fqi: sdc@sdc.onap.org + public_fqdn: sdc.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + addconfig: true + keystoreFile: "org.onap.sdc.p12" + truststoreFile: "org.onap.sdc.trust.jks" + permission_user: 352070 + permission_group: 35953 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop ################################################################# # Application configuration defaults. @@ -38,6 +74,10 @@ config: javaOptions: "-Xmx1g -Xms1g" cassandraSslEnabled: "false" +#environment file +env: + name: AUTO + # default number of instances replicaCount: 1 diff --git a/kubernetes/sdc/charts/sdc-wfd-be/.helmignore b/kubernetes/sdc/components/sdc-wfd-be/.helmignore similarity index 100% rename from kubernetes/sdc/charts/sdc-wfd-be/.helmignore rename to kubernetes/sdc/components/sdc-wfd-be/.helmignore diff --git a/kubernetes/sdc/charts/sdc-wfd-be/Chart.yaml b/kubernetes/sdc/components/sdc-wfd-be/Chart.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-wfd-be/Chart.yaml rename to kubernetes/sdc/components/sdc-wfd-be/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-wfd-be/requirements.yaml b/kubernetes/sdc/components/sdc-wfd-be/requirements.yaml new file mode 100644 index 0000000000..b1d52ae32a --- /dev/null +++ b/kubernetes/sdc/components/sdc-wfd-be/requirements.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: '@local' \ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/NOTES.txt b/kubernetes/sdc/components/sdc-wfd-be/templates/NOTES.txt similarity index 100% rename from kubernetes/sdc/charts/sdc-wfd-be/templates/NOTES.txt rename to kubernetes/sdc/components/sdc-wfd-be/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/_helper.tpl b/kubernetes/sdc/components/sdc-wfd-be/templates/_helper.tpl similarity index 100% rename from kubernetes/sdc/charts/sdc-wfd-be/templates/_helper.tpl rename to kubernetes/sdc/components/sdc-wfd-be/templates/_helper.tpl diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml similarity index 82% rename from kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml rename to kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml index 92fe5f22af..b188cdae98 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml @@ -34,7 +34,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} {{- if .Values.initJob.enabled }} - name: {{ include "common.name" . }}-job-completion image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" @@ -55,6 +55,20 @@ spec: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - "-c" + - | + export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export SERVER_SSL_KEY_PASSWORD=$cadi_keystore_password_p12 + export KEYMANAGER_PASS=$cadi_keystore_password_p12 + export SERVER_SSL_TRUST_PASSWORD=$cadi_truststore_password + export SERVER_SSL_KEYSTORE_PATH={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} + export SERVER_SSL_TRUSTSTORE_PATH={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} + ./startup.sh + {{- end }} ports: - containerPort: {{ template "wfd-be.internalPort" . }} # disable liveness probe when breakpoints set in debugger @@ -106,28 +120,9 @@ spec: value: "{{ .Values.config.serverSSLEnabled }}" - name: SERVER_SSL_KEYSTORE_TYPE value: "{{ .Values.config.serverSSLKeyStoreType }}" - - name: SERVER_SSL_KEYSTORE_PATH - value: "{{ .Values.config.serverSSLKeyStorePath }}" - - name: SERVER_SSL_KEY_PASSWORD - valueFrom: - secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: keystore_password} - name: SERVER_SSL_TRUSTSTORE_TYPE value: "{{ .Values.config.serverSSLTrustStoreType }}" - - name: SERVER_SSL_TRUSTSTORE_PATH - value: "{{ .Values.config.serverSSLTrustStorePath }}" - - name: SERVER_SSL_TRUST_PASSWORD - valueFrom: - secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: truststore_password} - volumeMounts: - - name: sdc-cert - mountPath: /keystore - subPath: org.onap.sdc.p12 - - name: sdc-cert - mountPath: /truststore - subPath: org.onap.sdc.trust.jks - volumes: - - name: sdc-cert - secret: - secretName: sdc-cert + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/ingress.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-wfd-be/templates/ingress.yaml rename to kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml rename to kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/service.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-wfd-be/templates/service.yaml rename to kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/components/sdc-wfd-be/values.yaml similarity index 71% rename from kubernetes/sdc/charts/sdc-wfd-be/values.yaml rename to kubernetes/sdc/components/sdc-wfd-be/values.yaml index 4ab95048ca..da5ae38ad5 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/values.yaml @@ -21,6 +21,41 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + aafEnabled: true + cassandra: + #This flag allows SDC to instantiate its own cluster, serviceName + #should be sdc-cs if this flag is enabled + localCluster: false + #The cassandra service name to connect to (default: shared cassandra service) + serviceName: cassandra + #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled + #to match with its own cluster replica + replicaCount: 3 + clusterName: cassandra + dataCenter: Pod + +################################################################# +# AAF Part +################################################################# +certInitializer: + nameOverride: sdc-wfd-be-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: sdc + fqi: sdc@sdc.onap.org + public_fqdn: sdc.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + addconfig: true + keystoreFile: "org.onap.sdc.p12" + truststoreFile: "org.onap.sdc.trust.jks" + permission_user: 352070 + permission_group: 35953 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop ################################################################# # Application configuration defaults. @@ -38,22 +73,19 @@ config: javaOptions: "-Xmx1536m -Xms1536m" cassandraAuthenticationEnabled: true cassandraClientPort: 9042 - sdcProtocol: HTTPS sdcEndpoint: sdc-be:8443 sdcExternalUser: workflow - serverSSLEnabled: true - serverSSLKeyStoreType: jks - serverSSLKeyStorePath: /home/sdc/etc/keystore - serverSSLTrustStoreType: jks - serverSSLTrustStorePath: /home/sdc/etc/truststore - cassandraSSLEnabled: false cassandraTrustStorePath: /home/sdc/etc/truststore +# environment file +env: + name: AUTO + # default number of instances replicaCount: 1 @@ -82,7 +114,6 @@ service: externalPort2: 8443 nodePort: "57" # only one node port. set to http or https port depending on isHttpsEnabled property - ingress: enabled: false service: @@ -91,7 +122,7 @@ ingress: port: 8443 config: ssl: "redirect" - + resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/.helmignore b/kubernetes/sdc/components/sdc-wfd-fe/.helmignore similarity index 100% rename from kubernetes/sdc/charts/sdc-wfd-fe/.helmignore rename to kubernetes/sdc/components/sdc-wfd-fe/.helmignore diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/Chart.yaml b/kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-wfd-fe/Chart.yaml rename to kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml diff --git a/kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml b/kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml new file mode 100644 index 0000000000..b1d52ae32a --- /dev/null +++ b/kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: '@local' \ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/NOTES.txt b/kubernetes/sdc/components/sdc-wfd-fe/templates/NOTES.txt similarity index 100% rename from kubernetes/sdc/charts/sdc-wfd-fe/templates/NOTES.txt rename to kubernetes/sdc/components/sdc-wfd-fe/templates/NOTES.txt diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/_helper.tpl b/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl similarity index 100% rename from kubernetes/sdc/charts/sdc-wfd-fe/templates/_helper.tpl rename to kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml similarity index 66% rename from kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml rename to kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml index 061b765f9a..ad10480a3f 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml @@ -33,7 +33,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - name: {{ include "common.name" . }}-readiness command: - /app/ready.py @@ -48,10 +48,39 @@ spec: fieldPath: metadata.namespace image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + - name: {{ include "common.fullname" . }}-move-cert + command: + - /bin/sh + args: + - -c + - | + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /sdc-certs/{{ .Values.certInitializer.keystoreFile }} + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /sdc-certs/{{ .Values.certInitializer.truststoreFile }} + cp {{ .Values.certInitializer.credsPath }}/mycreds.prop /sdc-certs/mycreds.prop + image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + - name: sdc-certs + mountPath: /sdc-certs + {{- end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - "-c" + - | + export $(grep '^c' /sdc-certs/mycreds.prop | xargs -0) + export KEYSTORE_PASS=$cadi_keystore_password_p12 + export TRUSTSTORE_PASS=$cadi_truststore_password + export KEYSTORE_PATH=/etc/{{ .Values.certInitializer.keystoreFile }} + export TRUSTSTORE_PATH=/etc/{{ .Values.certInitializer.truststoreFile }} + ./startup.sh + {{- end }} ports: - containerPort: {{ template "wfd-fe.internalPort" . }} {{ if .Values.liveness.enabled }} @@ -68,7 +97,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: ENVNAME - value: {{ .Values.global.env.name }} + value: {{ .Values.env.name }} - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} - name: BACKEND @@ -76,16 +105,6 @@ spec: - name: IS_HTTPS value: "{{ .Values.config.isHttpsEnabled}}" {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }} - - name: KEYSTORE_PASS - valueFrom: - secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: keystore_password} - - name: TRUSTSTORE_PASS - valueFrom: - secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: truststore_password} - - name: TRUSTSTORE_PATH - value: "{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }}" - - name: KEYSTORE_PATH - value: "{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }}" - name: TRUST_ALL value: "{{ .Values.config.isTrustAll}}" {{ end }} @@ -93,12 +112,17 @@ spec: - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true - - name: sdc-cert - mountPath: /var/lib/jetty/etc/org.onap.sdc.p12 - subPath: org.onap.sdc.p12 - - name: sdc-cert - mountPath: /var/lib/jetty/etc/org.onap.sdc.trust.jks - subPath: org.onap.sdc.trust.jks + {{- if .Values.global.aafEnabled }} + - name: sdc-certs + mountPath: /sdc-certs + subpath: mycreds.prop + - name: sdc-certs + mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.keystoreFile }} + subPath: {{ .Values.certInitializer.keystoreFile }} + - name: sdc-certs + mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.truststoreFile }} + subPath: {{ .Values.certInitializer.truststoreFile }} + {{ end }} resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -121,13 +145,15 @@ spec: mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-data-filebeat mountPath: /usr/share/filebeat/data - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime - - name: sdc-cert - secret: - secretName: sdc-cert + {{- if .Values.global.aafEnabled }} + - name: sdc-certs + emptyDir: + medium: "Memory" + {{- end }} - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-sdc-filebeat-configmap diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/ingress.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/ingress.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-wfd-fe/templates/ingress.yaml rename to kubernetes/sdc/components/sdc-wfd-fe/templates/ingress.yaml diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml similarity index 100% rename from kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml rename to kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml similarity index 81% rename from kubernetes/sdc/charts/sdc-wfd-fe/values.yaml rename to kubernetes/sdc/components/sdc-wfd-fe/values.yaml index 1e6e3fe018..7bb1b24ad6 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml @@ -21,6 +21,30 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + aafEnabled: true + +################################################################# +# AAF Part +################################################################# +certInitializer: + nameOverride: sdc-wfd-fe-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: sdc + fqi: sdc@sdc.onap.org + public_fqdn: sdc.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + addconfig: true + keystoreFile: "org.onap.sdc.p12" + truststoreFile: "org.onap.sdc.trust.jks" + permission_user: 352070 + permission_group: 35953 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop ################################################################# # Application configuration defaults. @@ -40,11 +64,13 @@ config: # following flag decides whether to check the certificate on the outgoing proxy request or whether to trust all parties isTrustAll: true # https relevant settings. Change in case you have other trust files then default ones. + +#environment file +env: + name: AUTO + security: isDefaultStore: false - truststoreFilename: "org.onap.sdc.trust.jks" - keystoreFilename: "org.onap.sdc.p12" - storePath: "etc" # default number of instances replicaCount: 1 diff --git a/kubernetes/sdc/requirements.yaml b/kubernetes/sdc/requirements.yaml index 2ce7b9dc24..fc27a7b634 100644 --- a/kubernetes/sdc/requirements.yaml +++ b/kubernetes/sdc/requirements.yaml @@ -14,15 +14,39 @@ # limitations under the License. dependencies: - - name: common + - name: sdc-be version: ~6.x-0 - repository: '@local' - - - name: cassandra + repository: 'file://components/sdc-be' + - name: sdc-cs version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local' - condition: global.cassandra.localCluster - + repository: 'file://components/sdc-cs' + - name: sdc-fe + version: ~6.x-0 + repository: 'file://components/sdc-fe' + - name: sdc-onboarding-be + version: ~6.x-0 + repository: 'file://components/sdc-onboarding-be' + - name: sdc-wfd-be + version: ~6.x-0 + repository: 'file://components/sdc-wfd-be' + condition: sdc-wfd.enabled + - name: sdc-wfd-fe + version: ~6.x-0 + repository: 'file://components/sdc-wfd-fe' + condition: sdc-wfd.enabled + - name: sdc-dcae-be + version: ~6.x-0 + repository: 'file://components/sdc-dcae-be' + condition: sdc-dcaed.enabled + - name: sdc-dcae-dt + version: ~6.x-0 + repository: 'file://components/sdc-dcae-dt' + condition: sdc-dcaed.enabled + - name: sdc-dcae-tosca-lab + version: ~6.x-0 + repository: 'file://components/sdc-dcae-tosca-lab' + condition: sdc-dcaed.enabled + - name: sdc-dcae-fe + version: ~6.x-0 + repository: 'file://components/sdc-dcae-fe' + condition: sdc-dcaed.enabled \ No newline at end of file diff --git a/kubernetes/sdc/resources/cert/org.onap.sdc.p12 b/kubernetes/sdc/resources/cert/org.onap.sdc.p12 deleted file mode 100644 index 446856071b..0000000000 Binary files a/kubernetes/sdc/resources/cert/org.onap.sdc.p12 and /dev/null differ diff --git a/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks b/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks deleted file mode 100644 index e6686cc08c..0000000000 Binary files a/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks and /dev/null differ diff --git a/kubernetes/sdc/resources/config/environments/AUTO.json b/kubernetes/sdc/resources/config/environments/AUTO.json index 2bd165b723..b38b1f65aa 100755 --- a/kubernetes/sdc/resources/config/environments/AUTO.json +++ b/kubernetes/sdc/resources/config/environments/AUTO.json @@ -1,6 +1,6 @@ { - "name": "{{ .Values.global.env.name }}", - "description": "OpenSource-{{ .Values.global.env.name }}", + "name": "{{ .Values.env.name }}", + "description": "OpenSource-{{ .Values.env.name }}", "cookbook_versions": { "Deploy-SDandC": "= 1.0.0" }, @@ -107,7 +107,8 @@ }, "jetty": { "keystore_pwd": "${KEYSTORE_PASS}", - "truststore_pwd": "${TRUSTSTORE_PASS}" + "truststore_pwd": "${TRUSTSTORE_PASS}", + "keymanager_pwd": "${KEYMANAGER_PASS}" } } } diff --git a/kubernetes/sdc/templates/secrets.yaml b/kubernetes/sdc/templates/secrets.yaml index 6187104ce6..dd61412d40 100644 --- a/kubernetes/sdc/templates/secrets.yaml +++ b/kubernetes/sdc/templates/secrets.yaml @@ -36,17 +36,3 @@ data: keystore_password: "{{ .Values.global.secrets.keystore_password }}" # workflow wf_external_user_password: "{{ .Values.global.secrets.wf_external_user_password }}" ---- -apiVersion: v1 -kind: Secret -metadata: - name: sdc-cert - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/cert/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml index 2694b5de80..af0d2a9750 100644 --- a/kubernetes/sdc/values.yaml +++ b/kubernetes/sdc/values.yaml @@ -15,8 +15,6 @@ global: persistence: {} - env: - name: AUTO secrets: sdc_user: YXNkY191c2Vy sdc_password: QWExMjM0JV4h @@ -30,6 +28,7 @@ global: ubuntuInitImage: ubuntu-init:1.0.0 busyboxRepository: registry.hub.docker.com busyboxImage: library/busybox:latest + aafEnabled: true cassandra: #This flag allows SDC to instantiate its own cluster, serviceName #should be sdc-cs if this flag is enabled @@ -44,6 +43,11 @@ global: security: disableHttp: true envsubstImage: dibi/envsubst + +# Environment file +env: + name: AUTO + config: logstashServiceName: log-ls logstashPort: 5044 @@ -60,3 +64,9 @@ cassandra: persistence: mountSubPath: sdc/sdc-cs/CS enabled: true + +# dependency / sub-chart configuration +sdc-wfd: + enabled: true +sdc-dcaed: + enabled: true \ No newline at end of file diff --git a/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties new file mode 100644 index 0000000000..f114a9c65b --- /dev/null +++ b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties @@ -0,0 +1,35 @@ +TransportType=HTTPNOAUTH +Latitude =50.000000 +Longitude =-100.000000 +Version =1.0 +ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events +Environment =TEST +Partner = +routeOffer=MR1 +SubContextPath =/ +Protocol =http +MethodType =GET +username =UNUSED +password =UNUSED +contenttype =application/json +authKey=UNUSED +authDate=UNUSED +host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} +topic=RAN-Slice-Mgmt +group=users +id=sdnc1 +timeout=15000 +limit=1000 +filter= +AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler +AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler +AFT_DME2_REQ_TRACE_ON=true +AFT_ENVIRONMENT=AFTUAT +AFT_DME2_EP_CONN_TIMEOUT=15000 +AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000 +AFT_DME2_EP_READ_TIMEOUT_MS=50000 +sessionstickinessrequired=NO +DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt +sdnc.odl.user=${ODL_USER} +sdnc.odl.password=${ODL_PASSWORD} +sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations diff --git a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml index 4c288b2a6f..e3dfa869ee 100644 --- a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml @@ -104,6 +104,9 @@ spec: - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-oofpcipoc.properties name: properties subPath: dmaap-consumer-oofpcipoc.properties + - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-RANSlice.properties + name: properties + subPath: dmaap-consumer-RANSlice.properties resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index be4adf4bcd..aee6f25f87 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -187,7 +187,7 @@ config: numberGGLogFiles: 10 # enables sdnr functionality sdnr: - enabled: true + enabled: false # mode: web - SDNC contains device manager only plus dedicated webserver service for ODLUX (default), # mode: dm - SDNC contains sdnr device manager + ODLUX components mode: dm diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/Chart.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/Chart.yaml deleted file mode 100644 index c4fb9a49d5..0000000000 --- a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2020 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP SO ETSI NFVO NS LCM -name: so-etsi-nfvo-ns-lcm -version: 6.0.0 diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml deleted file mode 100644 index 13d72d891b..0000000000 --- a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright © 2020 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -aai: - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}} - version: v19 - endpoint: https://aai.{{ include "common.namespace" . }}:8443 -spring: - security: - usercredentials: - - username: ${ETSI_NFVO_USERNAME} - password: ${ETSI_NFVO_PASSWORD} - role: ETSI-NFVO-Client -server: - port: {{ .Values.containerPort }} - tomcat: - max-threads: 50 -mso: - key: {{ .Values.mso.key }} -so: - adapters: - sol003-adapter: - url: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1 - auth: {{ .Values.so.sol003.adapter.auth }} -etsi-catalog-manager: - base: - {{- if .Values.global.msbEnabled }} - endpoint: https://msb-iag:443/api - http: - client: - ssl: - trust-store: ${TRUSTSTORE} - trust-store-password: ${TRUSTSTORE_PASSWORD} - {{- else }} - endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api - {{- end }} diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/configmap.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/configmap.yaml deleted file mode 100644 index 3b2e50cd0c..0000000000 --- a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/configmap.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright © 2020 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: - LOG_PATH: {{ index .Values.logPath }} - APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-app-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/deployment.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/deployment.yaml deleted file mode 100644 index 0d16ded26d..0000000000 --- a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/deployment.yaml +++ /dev/null @@ -1,92 +0,0 @@ -# Copyright © 2020 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ index .Values.replicaCount }} - minReadySeconds: {{ index .Values.minReadySeconds }} - strategy: - type: {{ index .Values.updateStrategy.type }} - rollingUpdate: - maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} - maxSurge: {{ index .Values.updateStrategy.maxSurge }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }} - containers: - - name: {{ include "common.name" . }} - command: - - sh - args: - - -c - - export ETSI_NFVO_PASSWORD=`htpasswd -bnBC 10 "" $ETSI_NFVO_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`; ./start-app.sh - image: {{ include "common.repository" . }}/{{ .Values.image }} - resources: {{ include "common.resources" . | nindent 12 }} - env: - - name: TRUSTSTORE - value: {{ .Values.global.client.certs.truststore }} - - name: TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: trustStorePassword - {{- if eq .Values.global.security.aaf.enabled true }} - - name: KEYSTORE - value: {{ .Values.global.client.certs.keystore }} - - name: KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: keyStorePassword - {{- end }} - - name: ETSI_NFVO_USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "login") | indent 14 }} - - name: ETSI_NFVO_PASSWORD_INPUT - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "password") | indent 14 }} - envFrom: - - configMapRef: - name: {{ include "common.fullname" . }}-configmap - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 12 }} - - name: logs - mountPath: /app/logs - - name: config - mountPath: /app/config - readOnly: true - - name: {{ include "common.fullname" . }}-truststore - mountPath: /app/client - readonly: true - livenessProbe: - tcpSocket: - port: {{ index .Values.livenessProbe.port }} - initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} - periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} - successThreshold: {{ index .Values.livenessProbe.successThreshold}} - failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} - ports: {{ include "common.containerPorts" . | nindent 12 }} - volumes: {{ include "so.certificate.volumes" . | nindent 8 }} - - name: logs - emptyDir: {} - - name: config - configMap: - name: {{ include "common.fullname" . }}-app-configmap - - name: {{ include "common.fullname" . }}-truststore - secret: - secretName: {{ include "common.release" . }}-so-truststore-secret - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/ingress.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/ingress.yaml deleted file mode 100644 index 443e76b76e..0000000000 --- a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/ingress.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright © 2020 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.ingress" . }} diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/secret.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/secret.yaml deleted file mode 100644 index 493cfe5f88..0000000000 --- a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright © 2020 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/service.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/service.yaml deleted file mode 100644 index a1290de24b..0000000000 --- a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright © 2020 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.service" . }} diff --git a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/values.yaml b/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/values.yaml deleted file mode 100644 index 20f5de8a60..0000000000 --- a/kubernetes/so/charts/so-etsi-nfvo-ns-lcm/values.yaml +++ /dev/null @@ -1,105 +0,0 @@ -# Copyright © 2020 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefixExt: 304 - repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - persistence: - mountPath: /dockerdata-nfs - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: "so-onap-certs" - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' - - uid: etsi-nfvo-nslcm-creds - name: '{{ include "common.release" . }}-so-etsi-nfvo-nslcm-creds' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.etsi.nfvo.nslcm.credsExternalSecret) . }}' - login: '{{ .Values.etsi.nfvo.nslcm.username }}' - password: '{{ .Values.etsi.nfvo.nslcm.password }}' - -################################################################# -# Application configuration defaults. -################################################################# -repository: nexus3.onap.org:10001 -image: onap/so/so-etsi-nfvo-ns-lcm:1.7.1 -pullPolicy: Always - -etsi: - nfvo: - nslcm: - username: so-etsi-nfvo-ns-lcm -replicaCount: 1 -minReadySeconds: 10 -containerPort: 9095 -logPath: ./logs/so-etsi-nfvo-ns-lcm/ -app: so-etsi-nfvo-ns-lcm -service: - type: ClusterIP - name: so-etsi-nfvo-ns-lcm - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" - ports: - - name: nfvo-nslcm-port - port: 9095 -updateStrategy: - type: RollingUpdate - maxUnavailable: 1 - maxSurge: 1 -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - memory: 4Gi - cpu: 2000m - requests: - memory: 1Gi - cpu: 500m - large: - limits: - memory: 8Gi - cpu: 4000m - requests: - memory: 2Gi - cpu: 1000m - unlimited: {} -livenessProbe: - port: 9095 - initialDelaySeconds: 600 - periodSeconds: 60 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 3 -ingress: - enabled: false - service: - - baseaddr: "soetsinfvonslcm" - name: "so-etsi-nfvo-ns-lcm" - port: 9095 - config: - ssl: "redirect" -nodeSelector: {} -tolerations: [] -affinity: {} diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/resources/config/overrides/override.yaml index 88d805d81e..89b6ada3fd 100755 --- a/kubernetes/so/charts/so-ve-vnfm-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/resources/config/overrides/override.yaml @@ -13,7 +13,7 @@ # limitations under the License. server: - port: {{ (index .Values.service.ports 0).port }} + port: {{ include "common.getPort" (dict "global" . "name" "http") }} vevnfmadapter: endpoint: https://msb-iag:30283/api/{{ include "common.servicename" . }}/v1 diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml index d244f7abf5..0620a0b052 100755 --- a/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml @@ -50,7 +50,7 @@ service: "version": "v1", "url": "/", "protocol": "REST", - "port": "{{ (index .Values.service.ports 0).port }}", + "port": "{{ include "common.getPort" (dict "global" . "name" "http") }}", "visualRange": "1" } ]{{ end }} diff --git a/kubernetes/so/templates/secret.yaml b/kubernetes/so/templates/secret.yaml index bdcecddfa3..5e9a62f00d 100644 --- a/kubernetes/so/templates/secret.yaml +++ b/kubernetes/so/templates/secret.yaml @@ -13,4 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 8d037868a2..328f4f296e 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -449,17 +449,6 @@ so-vnfm-adapter: apiEnforcement: org.onap.so.vnfmAdapterPerm noAuthn: /manage/health -so-etsi-nfvo-ns-lcm: - certSecret: *so-certs - aai: - auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 - mso: - key: 07a7159d3bf51a0e53be7a8f89699be7 - so: - sol003: - adapter: - auth: Basic dm5mbTpwYXNzd29yZDEk - so-mariadb: db: rootPasswordExternalSecretLocalDb: *dbRootPassSecretName