From: Sylvain Desbureaux Date: Thu, 20 Feb 2020 08:18:05 +0000 (+0000) Subject: Merge "[OOF] Use common secret template for mariadb credentials" X-Git-Tag: 6.0.0~374 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=1c601a207ebdac9c3b14a6b5c035aa48a50ca5a1;hp=d74a65962b4ece0e89b0ef66912ce367a6187e15;p=oom.git Merge "[OOF] Use common secret template for mariadb credentials" --- diff --git a/INFO.yaml b/INFO.yaml index 06cad4718e..b440169e6b 100644 --- a/INFO.yaml +++ b/INFO.yaml @@ -29,8 +29,6 @@ meetings: time: '14:00 UTC' repositories: - 'oom' - - 'oom-offline-installer' - - 'oom-registrator' committers: - <<: *onap_releng_ptl - name: 'Alexis de Talhouët' @@ -87,6 +85,6 @@ tsc: approval: 'https://lists.onap.org/pipermail/onap-tsc' changes: - type: 'Addition' - name: 'Brian Freeman' - name: 'Yang Xu' - link: 'TBD' + name: 'Krzysztof Opasiak' + # yamllint disable-line rule:line-length + link: 'https://lists.onap.org/g/onap-tsc/topic/committer_promotion_request/70242499?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,70242499' diff --git a/kubernetes/aai b/kubernetes/aai index 764cd85147..23f076495d 160000 --- a/kubernetes/aai +++ b/kubernetes/aai @@ -1 +1 @@ -Subproject commit 764cd8514707c1630dbfa6792b8d15953d5b9a59 +Subproject commit 23f076495d36081f34a367067918d15fcc5ada8d diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/hazelcast.yaml b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/hazelcast.yaml new file mode 100755 index 0000000000..3a3a1ce095 --- /dev/null +++ b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/hazelcast.yaml @@ -0,0 +1,35 @@ +hazelcast: + cp-subsystem: + cp-member-count: {{ .Values.replicaCount }} + group-size: {{ .Values.cluster.groupSize }} + session-time-to-live-seconds: 10 + session-heartbeat-interval-seconds: 5 + missing-cp-member-auto-removal-seconds: 120 + fail-on-indeterminate-operation-state: false + raft-algorithm: + leader-election-timeout-in-millis: 2000 + leader-heartbeat-period-in-millis: 5000 + max-missed-leader-heartbeat-count: 5 + append-request-max-entry-count: 50 + commit-index-advance-count-to-snapshot: 1000 + uncommitted-entry-count-to-reject-new-appends: 100 + append-request-backoff-timeout-in-millis: 100 + network: + enabled: true + rest-api: + enabled: true + endpoint-groups: + HEALTH_CHECK: + enabled: true + CP: + enabled: true + join: + multicast: + enabled: false + kubernetes: + enabled: true + namespace: {{ include "common.namespace" . }} + service-name: {{ include "common.servicename" . }}-cluster + resolve-not-ready-addresses: true + # service-label-name: MY-SERVICE-LABEL-NAME + # service-label-value: MY-SERVICE-LABEL-VALUE diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml b/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml index a90e4d7b68..749e9a4637 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml @@ -24,6 +24,18 @@ metadata: heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} + strategy: + type: RollingUpdate + rollingUpdate: + # This allow a new pod to be ready before terminating the old one + # causing no downtime when replicas is set to 1 + maxUnavailable: 0 + + # maxSurge to 1 is very important for the hazelcast integration + # we only want one pod at a time to restart not multiple + # and break the hazelcast cluster. We should not use % maxSurge value + # ref : https://hazelcast.com/blog/rolling-upgrade-hazelcast-imdg-on-kubernetes/ + maxSurge: 1 template: metadata: labels: @@ -56,9 +68,23 @@ spec: env: - name: APP_CONFIG_HOME value: {{ .Values.config.appConfigDir }} + - name: USE_SCRIPT_COMPILE_CACHE + value: {{ .Values.config.useScriptCompileCache | quote }} + # Cluster should only be enabled when replicaCount is more than 2 and useScriptCompileCache is set to false otherwise it won't work properly + - name: CLUSTER_ENABLED + value: {{ if and (gt (int (.Values.replicaCount)) 2) (not .Values.config.useScriptCompileCache) }} {{ .Values.cluster.enabled | quote }} {{ else }} "false" {{ end }} + - name: CLUSTER_ID + value: {{ .Values.cluster.clusterName }} + - name: CLUSTER_NODE_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: CLUSTER_CONFIG_FILE + value: {{ .Values.config.appConfigDir }}/hazelcast.yaml ports: - containerPort: {{ .Values.service.http.internalPort }} - containerPort: {{ .Values.service.grpc.internalPort }} + - containerPort: {{ .Values.service.cluster.internalPort }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{ if .Values.liveness.enabled }} @@ -93,6 +119,9 @@ spec: - mountPath: {{ .Values.config.appConfigDir }}/logback.xml name: {{ include "common.fullname" . }}-config subPath: logback.xml + - mountPath: {{ .Values.config.appConfigDir }}/hazelcast.yaml + name: {{ include "common.fullname" . }}-config + subPath: hazelcast.yaml - mountPath: {{ .Values.config.appConfigDir }}/ONAP_RootCA.cer name: {{ include "common.fullname" . }}-config @@ -122,6 +151,8 @@ spec: path: application.properties - key: logback.xml path: logback.xml + - key: hazelcast.yaml + path: hazelcast.yaml - key: ONAP_RootCA.cer path: ONAP_RootCA.cer - name: {{ include "common.fullname" . }}-blueprints diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/service.yaml b/kubernetes/cds/charts/cds-blueprints-processor/templates/service.yaml index 411df8631c..a6a21a6a01 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/templates/service.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/templates/service.yaml @@ -56,3 +56,27 @@ spec: selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }}-cluster + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: +spec: + type: {{ .Values.service.cluster.type }} + ports: + - port: {{ .Values.service.cluster.externalPort }} + targetPort: {{ .Values.service.cluster.internalPort }} + {{- if eq .Values.service.cluster.type "NodePort"}} + nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.cluster.nodePort }} + {{- end}} + name: {{ .Values.service.cluster.portName | default "cluster" }} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} diff --git a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml index 781b5383fe..35661c29e9 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml @@ -47,6 +47,7 @@ debugEnabled: false # application configuration config: appConfigDir: /opt/app/onap/config + useScriptCompileCache: true # default number of instances replicaCount: 1 @@ -85,6 +86,11 @@ service: portName: blueprints-processor-grpc internalPort: 9111 externalPort: 9111 + cluster: + type: ClusterIP + portName: blueprints-processor-cluster + internalPort: 5701 + externalPort: 5701 persistence: volumeReclaimPolicy: Retain @@ -94,6 +100,17 @@ persistence: mountSubPath: cds/blueprints/deploy deployedBlueprint: /opt/app/onap/blueprints/deploy +cluster: + # Cannot have cluster enabled if the replicaCount is not at least 3 + # AND config value useScriptCompileCache is not set to false + enabled: false + + clusterName: cds-cluster + + # Defines the number of node to be part of the CP subsystem/raft algorithm. This value should be + # between 3 and 7 only. + groupSize: 3 + ingress: enabled: false service: diff --git a/kubernetes/common/dgbuilder/resources/scripts/customSettings.js b/kubernetes/common/dgbuilder/resources/config/customSettings.js similarity index 78% rename from kubernetes/common/dgbuilder/resources/scripts/customSettings.js rename to kubernetes/common/dgbuilder/resources/config/customSettings.js index 66b7b5ed15..42c2e5728b 100644 --- a/kubernetes/common/dgbuilder/resources/scripts/customSettings.js +++ b/kubernetes/common/dgbuilder/resources/config/customSettings.js @@ -26,31 +26,31 @@ module.exports={ "sharedDir": "releases/sdnc1.0/flows/shared", "userDir": "releases/sdnc1.0", "httpAuth": { - "user": "dguser", - "pass": "{{.Values.config.dgUserPassword}}" + "user": "${HTTP_USER}", + "pass": "${HTTP_PASSWORD}" }, "dbHost": "{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}", "dbPort": "3306", - "dbName": "sdnctl", - "dbUser": "sdnctl", - "dbPassword": "{{.Values.config.dbSdnctlPassword}}", + "dbName": "{{.Values.config.db.dbName}}", + "dbUser": "${DB_USER}", + "dbPassword": "${DB_PASSWORD}", "gitLocalRepository": "", "restConfUrl": "http://localhost:8181/restconf/operations/SLI-API:execute-graph", - "restConfUser": "admin", - "restConfPassword": "admin", + "restConfUser": "${REST_CONF_USER}", + "restConfPassword": "${REST_CONF_PASSWORD}", "formatXML": "Y", "formatJSON": "Y", "httpRoot": "/", "disableEditor": false, "httpAdminRoot": "/", "httpAdminAuth": { - "user": "dguser", - "pass": "{{.Values.config.dgUserPassword}}" + "user": "${HTTP_ADMIN_USER}", + "pass": "${HTTP_ADMIN_PASSWORD}" }, "httpNodeRoot": "/", "httpNodeAuth": { - "user": "dguser", - "pass": "{{.Values.config.dgUserPassword}}" + "user": "${HTTP_NODE_USER}", + "pass": "${HTTP_NODE_PASSWORD}" }, "uiHost": "0.0.0.0", "version": "0.9.1", diff --git a/kubernetes/common/dgbuilder/resources/config/svclogic.properties b/kubernetes/common/dgbuilder/resources/config/svclogic.properties index b780cafbcd..28612a270b 100644 --- a/kubernetes/common/dgbuilder/resources/config/svclogic.properties +++ b/kubernetes/common/dgbuilder/resources/config/svclogic.properties @@ -13,7 +13,7 @@ # limitations under the License. org.onap.ccsdk.sli.dbtype=jdbc -org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/sdnctl -org.onap.ccsdk.sli.jdbc.database=sdnctl -org.onap.ccsdk.sli.jdbc.user=sdnctl -org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}} +org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/{{.Values.config.db.dbName}} +org.onap.ccsdk.sli.jdbc.database={{.Values.config.db.dbName}} +org.onap.ccsdk.sli.jdbc.user=${DB_USER} +org.onap.ccsdk.sli.jdbc.password=${DB_PASSWORD} diff --git a/kubernetes/common/dgbuilder/resources/scripts/createReleaseDir.sh b/kubernetes/common/dgbuilder/resources/scripts/createReleaseDir.sh deleted file mode 100755 index b037058c2b..0000000000 --- a/kubernetes/common/dgbuilder/resources/scripts/createReleaseDir.sh +++ /dev/null @@ -1,149 +0,0 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#!/bin/bash -export PATH=$PATH:. -appDir=$(pwd) -if [ "$#" != 3 -a "$#" != 4 ] -then - echo "Usage $0 releaseDir loginId emailAddress [gitLocalRepository]" - echo "Note: Specify the gitLocalRepository path if you would want to be able to import flows from your local git repository" - exit -fi -if [ ! -e "releases" ] -then - mkdir releases -fi -releaseDir="$1" -name="Release $releaseDir" -loginId="$2" -emailid="$3" -dbHost="{{.Values.config.dbServiceName}}.{{.Release.Namespace}}" -dbPort="3306" -dbName="sdnctl" -dbUser="sdnctl" -dbPassword="{{.Values.config.dbSdnctlPassword}}" -gitLocalRepository="$4" - -lastPort=$(find "releases/" -name "customSettings.js" |xargs grep uiPort|cut -d: -f2|sed -e s/,//|sort|tail -1) -echo $lastPort|grep uiPort >/dev/null 2>&1 -if [ "$?" == "0" ] -then -lastPort=$(find "releases/" -name "customSettings.js" |xargs grep uiPort|cut -d: -f3|sed -e s/,//|sort|tail -1) -fi -#echo $lastPort -if [ "${lastPort}" == "" ] -then - lastPort="3099" -fi -let nextPort=$(expr $lastPort+1) -#echo $nextPort -if [ ! -e "releases/$releaseDir" ] -then -mkdir releases/$releaseDir -cd releases/$releaseDir -mkdir flows -mkdir flows/shared -mkdir flows/shared/backups -mkdir html -mkdir xml -mkdir lib -mkdir lib/flows -mkdir logs -mkdir conf -mkdir codecloud -customSettingsFile="customSettings.js" -if [ ! -e "./$customSettingsFile" ] -then - echo "module.exports = {" >$customSettingsFile - echo " 'name' : '$name'," >>$customSettingsFile - echo " 'emailAddress' :'$emailid'," >>$customSettingsFile - echo " 'uiPort' :$nextPort," >>$customSettingsFile - echo " 'mqttReconnectTime': 15000," >>$customSettingsFile - echo " 'serialReconnectTime' : 15000," >>$customSettingsFile - echo " 'debugMaxLength': 1000," >>$customSettingsFile - echo " 'htmlPath': 'releases/$releaseDir/html/'," >>$customSettingsFile - echo " 'xmlPath': 'releases/$releaseDir/xml/'," >>$customSettingsFile - echo " 'flowFile' : 'releases/$releaseDir/flows/flows.json'," >>$customSettingsFile - echo " 'sharedDir': 'releases/$releaseDir/flows/shared'," >>$customSettingsFile - echo " 'userDir' : 'releases/$releaseDir'," >>$customSettingsFile - echo " 'httpAuth': {user:'$loginId',pass:'cc03e747a6afbbcbf8be7668acfebee5'}," >>$customSettingsFile - echo " 'dbHost': '$dbHost'," >>$customSettingsFile - echo " 'dbPort': '$dbPort'," >>$customSettingsFile - echo " 'dbName': '$dbName'," >>$customSettingsFile - echo " 'dbUser': '$dbUser'," >>$customSettingsFile - echo " 'dbPassword': '$dbPassword'," >>$customSettingsFile - echo " 'gitLocalRepository': '$gitLocalRepository'" >>$customSettingsFile - echo " 'restConfUrl': '$restConfUrl'," >>$customSettingsFile - echo " 'restConfUser': '$restConfUser'," >>$customSettingsFile - echo " 'restConfPassword': '$restConfPassword'," >>$customSettingsFile - echo " 'formatXML': '$formatXML'," >>$customSettingsFile - echo " 'formatJSON': '$formatJSON'," >>$customSettingsFile - echo " 'enableHttps': true" >>$customSettingsFile - echo " }" >>$customSettingsFile -fi - #echo "Created custom settings file $customSettingsFile" - echo "Done ....." -else - echo "ERROR:customSettings file $customSettingsFile already exists for $releaseDir" - exit -fi -#echo "Content of custom settings file" -#echo "============================================================================" -# cat $customSettingsFile -#echo "============================================================================" -svclogicPropFile="./conf/svclogic.properties" -if [ ! -d "${appDir}/yangFiles" ] -then - mkdir -p "${appDir}/yangFiles" -fi -if [ ! -d "${appDir}/generatedJS" ] -then - mkdir -p "${appDir}/generatedJS" -fi - -if [ ! -e "./$svclogicPropFile" ] -then - echo "org.onap.ccsdk.sli.dbtype=jdbc" >$svclogicPropFile - echo "org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{.Release.Namespace}}:3306/sdnctl" >>$svclogicPropFile - echo "org.onap.ccsdk.sli.jdbc.database=sdnctl" >>$svclogicPropFile - echo "org.onap.ccsdk.sli.jdbc.user=sdnctl" >>$svclogicPropFile - echo "org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}}" >>$svclogicPropFile -fi -if [ ! -e "${appDir}/flowShareUsers.js" ] -then - echo "module.exports = {\"flowShareUsers\":" >${appDir}/flowShareUsers.js - echo " [" >>${appDir}/flowShareUsers.js - echo " ]" >>${appDir}/flowShareUsers.js - echo "}" >>${appDir}/flowShareUsers.js -fi -grep "$releaseDir" ${appDir}/flowShareUsers.js >/dev/null 2>&1 -if [ "$?" != "0" ] -then - num_of_lines=$(cat ${appDir}/flowShareUsers.js|wc -l) - if [ $num_of_lines -gt 4 ] - then - content=$(head -n -2 ${appDir}/flowShareUsers.js) - echo "${content}," > ${appDir}/flowShareUsers.js - else - content=$(head -n -2 ${appDir}/flowShareUsers.js) - echo "$content" > ${appDir}/flowShareUsers.js - fi - echo " {" >> ${appDir}/flowShareUsers.js - echo " \"name\" : \"$name\"," >> ${appDir}/flowShareUsers.js - echo " \"rootDir\" : \"$releaseDir\"" >> ${appDir}/flowShareUsers.js - echo " }" >> ${appDir}/flowShareUsers.js - echo " ]" >> ${appDir}/flowShareUsers.js - echo "}" >> ${appDir}/flowShareUsers.js -fi diff --git a/kubernetes/common/dgbuilder/templates/configmap.yaml b/kubernetes/common/dgbuilder/templates/configmap.yaml index 24f61b5487..828818c68d 100644 --- a/kubernetes/common/dgbuilder/templates/configmap.yaml +++ b/kubernetes/common/dgbuilder/templates/configmap.yaml @@ -24,16 +24,3 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-scripts - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/scripts/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml index 495c4c6ab6..b3f0ab05a3 100644 --- a/kubernetes/common/dgbuilder/templates/deployment.yaml +++ b/kubernetes/common/dgbuilder/templates/deployment.yaml @@ -31,6 +31,40 @@ spec: release: {{ include "common.release" . }} spec: initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: DB_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} + - name: HTTP_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "http-user-creds" "key" "login") | indent 10 }} + - name: HTTP_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "http-user-creds" "key" "password") | indent 10 }} + - name: HTTP_ADMIN_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "admin-creds" "key" "login") | indent 10 }} + - name: HTTP_ADMIN_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "admin-creds" "key" "password") | indent 10 }} + - name: HTTP_NODE_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "node-creds" "key" "login") | indent 10 }} + - name: HTTP_NODE_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "node-creds" "key" "password") | indent 10 }} + - name: REST_CONF_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }} + - name: REST_CONF_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: config-input + - mountPath: /config + name: config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config - command: - /root/ready.py args: @@ -59,11 +93,6 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-root-password - name: SDNC_CONFIG_DIR value: /opt/onap/sdnc/data/properties volumeMounts: @@ -79,10 +108,7 @@ spec: - name: config mountPath: /opt/onap/ccsdk/dgbuilder/svclogic/svclogic.properties subPath: svclogic.properties - - name: scripts - mountPath: /opt/onap/ccsdk/dgbuilder/createReleaseDir.sh - subPath: createReleaseDir.sh - - name: scripts + - name: config mountPath: /opt/onap/ccsdk/dgbuilder/releases/sdnc1.0/customSettings.js subPath: customSettings.js resources: @@ -99,12 +125,11 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: config + - name: config-input configMap: name: {{ include "common.fullname" . }}-config - - name: scripts - configMap: - name: {{ include "common.fullname" . }}-scripts - defaultMode: 0755 + - name: config + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/common/dgbuilder/templates/secrets.yaml b/kubernetes/common/dgbuilder/templates/secrets.yaml index e00d7cfc03..c9a409fdca 100644 --- a/kubernetes/common/dgbuilder/templates/secrets.yaml +++ b/kubernetes/common/dgbuilder/templates/secrets.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 AT&T, Amdocs, Bell Canada +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,16 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - db-root-password: {{ .Values.config.dbRootPassword | b64enc | quote }} \ No newline at end of file +{{ include "common.secret" . }} diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml index fa205e227e..96d7dffb0a 100644 --- a/kubernetes/common/dgbuilder/values.yaml +++ b/kubernetes/common/dgbuilder/values.yaml @@ -31,6 +31,9 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + # envsusbt + envsubstImage: dibi/envsubst + # image pull policy pullPolicy: Always @@ -42,6 +45,40 @@ global: # flag to enable debugging - application support required debugEnabled: true +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: 'db-root-password' + type: password + externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}' + password: '{{ .Values.config.dbRootPassword }}' + - uid: 'db-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.userName }}' + password: '{{ .Values.config.dbSdnctlPassword }}' + - uid: 'http-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.httpCredsExternalSecret) . }}' + login: '{{ .Values.config.httpUser }}' + password: '{{ .Values.config.dgUserPassword }}' + - uid: 'admin-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.adminCredsExternalSecret) . }}' + login: '{{ .Values.config.adminUser }}' + password: '{{ .Values.config.dgUserPassword }}' + - uid: 'node-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.nodeCredsExternalSecret) . }}' + login: '{{ .Values.config.nodeUser }}' + password: '{{ .Values.config.dgUserPassword }}' + - uid: 'restconf-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.restconfCredsExternalSecret) . }}' + login: '{{ .Values.config.restconfUser }}' + password: '{{ .Values.config.restconfPassword }}' + ################################################################# # Application configuration defaults. ################################################################# @@ -55,6 +92,32 @@ debugEnabled: false # application configuration config: + db: + dbName: sdnctl + # unused for now to preserve the API + rootPassword: openECOMP1.0 + # rootPasswordExternalSecret: some secret + userName: sdnctl + # unused for now to preserve the API + userPassword: gamma + # userCredentialsExternalSecret: some secret + httpUser: dguser + # unused for now to preserve the API + httpPassword: cc03e747a6afbbcbf8be7668acfebee5 + # httpCredsExternalSecret: some secret + adminUser: dguser + # unused for now to preserve the API + adminPassword: cc03e747a6afbbcbf8be7668acfebee5 + # adminCredsExternalSecret: some secret + nodeUser: dguser + # unused for now to preserve the API + nodePassword: cc03e747a6afbbcbf8be7668acfebee5 + # nodeCredsExternalSecret: some secret + restconfUser: admin + # unused for now to preserve the API + restconfPassword: admin + # restconfCredsExternalSecret: some secret + dbRootPassword: openECOMP1.0 dbSdnctlPassword: gamma dbPodName: mysql-db diff --git a/kubernetes/common/postgres/templates/pvc-primary.yaml b/kubernetes/common/postgres/templates/pvc-primary.yaml index fa25f19077..a47d3ed56e 100644 --- a/kubernetes/common/postgres/templates/pvc-primary.yaml +++ b/kubernetes/common/postgres/templates/pvc-primary.yaml @@ -41,5 +41,4 @@ spec: {{- else }} storageClassName: {{ include "common.storageClass" . }} {{- end }} - storageClassName: "{{ include "common.fullname" . }}-primary" {{- end -}} diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml index c2131e9ad0..7aff189ba9 100644 --- a/kubernetes/common/postgres/values.yaml +++ b/kubernetes/common/postgres/values.yaml @@ -48,7 +48,7 @@ busyboxRepository: registry.hub.docker.com busyboxImage: library/busybox:latest postgresRepository: crunchydata -image: crunchy-postgres:centos7-10.4-2.0.0 +image: crunchy-postgres:centos7-10.11-4.2.1 pullPolicy: Always # application configuration diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/README.md b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/README.md new file mode 100644 index 0000000000..dced68d7c6 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/README.md @@ -0,0 +1,23 @@ +# Motivations +Ingress controller implementation in the ONAP cluster is based on the virtual host routing. +Testing ONAP cluster requires a lot of entries on the target machines in the /etc/hosts. +Adding many entries into the configuration files on testing machines is quite problematic and error prone. +The better wait is to create central DNS server with entries for all virtual host pointed to simpledemo.onap.org and add custom DNS server as a target DNS server for testing machines and/or as external DNS for kubernetes cluster. + +# How to deploy test DNS server: +Run script ./deploy\_dns.sh + +# How to add DNS address on testing machines: +See post deploy info + +# Test DNS inside cluster (optional) +1. You can add the following entry after DNS deploy on running cluster at the end of cluster.yaml file (rke) +~~~yaml +dns: + provider: coredns + upstreamnameservers: + - :31555 +~~~ +2. You can edit coredns configuration with command: + kubectl -n kube-system edit configmap coredns + diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/.helmignore b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/.helmignore new file mode 100644 index 0000000000..dacad44a66 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/.helmignore @@ -0,0 +1,37 @@ +# +# Copyright 2020 Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/Chart.yaml b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/Chart.yaml new file mode 100644 index 0000000000..a618fd792c --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/Chart.yaml @@ -0,0 +1,20 @@ +# +# Copyright 2020 Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: v1 +appVersion: "1.0" +description: bind9 DNS server for kubernetes cluster +name: bind9dns +version: 0.1.0 diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/NOTES.txt b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/NOTES.txt new file mode 100644 index 0000000000..7211966b89 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/NOTES.txt @@ -0,0 +1,21 @@ +1. Get the installed DNS host and port by running this commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range $.Values.ingress.paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}{{ . }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "bind9dns.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo DNS host: $NODE_IP dns port: $NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "bind9dns.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "bind9dns.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "bind9dns.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/_helpers.tpl b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/_helpers.tpl new file mode 100644 index 0000000000..3efbbbf831 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/_helpers.tpl @@ -0,0 +1,49 @@ +{{/* + + Copyright 2020 Samsung Electronics Co., Ltd. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "bind9dns.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "bind9dns.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "bind9dns.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/deployment.yaml b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/deployment.yaml new file mode 100644 index 0000000000..1a76ba0a96 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/deployment.yaml @@ -0,0 +1,76 @@ +{{/* + Copyright 2020 Samsung Electronics Co., Ltd. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "bind9dns.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "bind9dns.name" . }} + helm.sh/chart: {{ include "bind9dns.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "bind9dns.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "bind9dns.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: DNS_FORWARDER + value: {{ .Values.dnsconf.forwarder }} + - name: WILDCARD_DNS + value: {{ .Values.dnsconf.wildcard }} + - name: ALLOW_RECURSION + value: any + - name: ALLOW_QUERY + value: any + ports: + - name: dnsport + containerPort: {{ .Values.service.port }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/service.yaml b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/service.yaml new file mode 100644 index 0000000000..715f2ff78e --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/service.yaml @@ -0,0 +1,39 @@ +{{/* + Copyright 2020 Samsung Electronics Co., Ltd. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "bind9dns.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "bind9dns.name" . }} + helm.sh/chart: {{ include "bind9dns.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + nodePort: {{ .Values.service.nodePort }} + protocol: TCP + name: dnstcp + - port: {{ .Values.service.port }} + nodePort: {{ .Values.service.nodePort }} + protocol: UDP + name: dnsudp + selector: + app.kubernetes.io/name: {{ include "bind9dns.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/tests/test-connection.yaml b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/tests/test-connection.yaml new file mode 100644 index 0000000000..4fe5d05b02 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/tests/test-connection.yaml @@ -0,0 +1,34 @@ +{{/* + Copyright 2020 Samsung Electronics Co., Ltd. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "bind9dns.fullname" . }}-test-connection" + labels: + app.kubernetes.io/name: {{ include "bind9dns.name" . }} + helm.sh/chart: {{ include "bind9dns.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "bind9dns.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/values.yaml b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/values.yaml new file mode 100644 index 0000000000..c9e19f41d0 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/values.yaml @@ -0,0 +1,46 @@ +# +# Copyright 2020 Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +replicaCount: 1 + +image: + repository: luccksam/docker-bind + tag: 0.1.0 + pullPolicy: IfNotPresent + +nameOverride: "" +fullnameOverride: "" + +service: + type: NodePort + port: 53 + nodePort: 31555 + +ingress: + enabled: false + annotations: {} + paths: [] + hosts: + - dnsserver.local + tls: [] + +resources: {} +nodeSelector: {} +tolerations: [] +affinity: {} + +dnsconf: + forwarder: "8.8.8.8,8.8.4.4" + wildcard: "simpledemo.onap.org=0.0.0.0" diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh new file mode 100755 index 0000000000..a78bc077d8 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh @@ -0,0 +1,62 @@ +#!/bin/bash -e +# +# Copyright 2020 Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +DNS_PORT=31555 +CLUSTER_CONTROL=$( kubectl get no -l node-role.kubernetes.io/controlplane=true -o jsonpath='{.items..metadata.name}') +CLUSTER_IP=$(kubectl get no $CLUSTER_CONTROL -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }') +SPATH="$( dirname "$( which "$0" )" )" + + + +usage() { +cat << ==usage +$0 [cluster_domain] [helm_chart_args ...] + [cluster_domain] Default value simpledemo.onap.org + [helm_chart_args...] Optional arguments passed to helm install command +==usage +} + + +target_machine_notice_info() { +cat << ==infodeploy +Extra DNS server already deployed: +1. You can add the DNS server to the target machine using following commands: + sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT + sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT + sudo sysctl -w net.ipv4.conf.all.route_localnet=1 + sudo sysctl -w net.ipv4.ip_forward=1 +2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine +==infodeploy +} + +deploy() { + pushd "$SPATH/bind9dns" > /dev/null + if [ $# -eq 0 ]; then + local cl_domain="simpledemo.onap.org" + else + local cl_domain=$1 + shift + fi + helm install . --set dnsconf.wildcard="$cl_domain=$CLUSTER_IP" $@ + popd > /dev/null + target_machine_notice_info +} + +if [[ $# -eq 1 ]] && [[ $1 == "-h" || $1 == "--help" ]]; then + usage +else + deploy $@ +fi diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml index 30e4c77576..aa97e32a9a 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml @@ -75,6 +75,7 @@ spec: - -exec - | chown -R 1000:1000 /opt/kafka/data; + rm -rf '/opt/kafka/data/lost+found'; cp /opt/kafka/tmpconfig/server.properties /opt/kafka/config/; chown 1000:1000 /opt/kafka/config/server.properties; cd /opt/kafka/config; diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml index a2e03b8bf6..fb31b8b65e 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml @@ -79,8 +79,6 @@ spec: value: {{ (index .Values "mariadb-galera" "service" "name") }}:{{ (index .Values "mariadb-galera" "service" "internalPort") }} - name: MYSQL_ROOT_PASSWORD {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12}} - - name: REDIS_ADDR - value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}" volumeMounts: - name: {{ include "common.fullname" . }}-etsicatalog mountPath: /service/modeling/etsicatalog/static diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml index bb5a76b0ee..05f73e841c 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml @@ -25,8 +25,6 @@ global: config: msbServiceName: msb-iag msbPort: 80 - redisServiceName: vfc-redis - redisPort: 6379 persistence: mountPath: /dockerdata-nfs diff --git a/kubernetes/onap/resources/overrides/openstack.yaml b/kubernetes/onap/resources/overrides/openstack.yaml index a8294d249f..5e09d7cfe9 100644 --- a/kubernetes/onap/resources/overrides/openstack.yaml +++ b/kubernetes/onap/resources/overrides/openstack.yaml @@ -55,8 +55,12 @@ so: openStackUserName: "OPENSTACK_USERNAME_HERE" openStackKeyStoneUrl: "http://10.12.25.2:5000/v2.0" openStackEncryptedPasswordHere: "XXXXXXXXXXXXXXXXXXXXXXXX_OPENSTACK_ENCRYPTED_PASSWORD_HERE_XXXXXXXXXXXXXXXX" + # For Support of Keystone v3, uncomment and fill + # openStackKeystoneVersion: "KEYSTONE_V3" + # openStackProjectDomainName: "DEFAULT" + # openStackUserDomainName: "DEFAULT" nbi: config: # openstack configuration openStackRegion: "Yolo" - openStackVNFTenantId: "1234" \ No newline at end of file + openStackVNFTenantId: "1234" diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml index a6a3f6bd22..a7deeaeca0 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml @@ -99,7 +99,7 @@ cert: persistence: enabled: true size: 10Mi - accessMode: ReadOnlyMany + accessMode: ReadWriteOnce volumeReclaimPolicy: Retain mountSubPath: /sdc/onbaording/cert diff --git a/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml index 952642c48a..fb83e4e26b 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml @@ -69,7 +69,7 @@ cloud_config: admin_tenant: "{{ .Values.config.openStackServiceTenantName }}" member_role: "admin" tenant_metadata: true - identity_server_type: "KEYSTONE" + identity_server_type: "{{ .Values.config.openStackKeystoneVersion }}" identity_authentication_type: "USERNAME_PASSWORD" project_domain_name: "{{ .Values.config.openStackProjectDomainName }}" user_domain_name: "{{ .Values.config.openStackUserDomainName }}" diff --git a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml index 4685fd166a..c4e23164f2 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml +++ b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml @@ -83,6 +83,8 @@ config: openStackTenantId: "d570c718cbc545029f40e50b75eb13df" openStackProjectDomainName: "openStackProjectDomainName" openStackUserDomainName: "openStackUserDomainName" + # "KEYSTONE" for keystone v2, "KEYSTONE_V3" for keystone v3 + openStackKeystoneVersion: "KEYSTONE" nodeSelector: {} tolerations: [] affinity: {}